diff --git a/core/control/ContentController.php b/core/control/ContentController.php index bc765955c..d11412d90 100644 --- a/core/control/ContentController.php +++ b/core/control/ContentController.php @@ -85,13 +85,23 @@ class ContentController extends Controller { } singleton('SiteTree')->extend('contentcontrollerInit', $this); - Director::set_site_mode('site'); - // Check permissions + // Check page permissions if($this->dataRecord && $this->URLSegment != 'Security' && !$this->dataRecord->can('View')) { Security::permissionFailure($this); } + + // Draft/Archive security check - only CMS users should be able to look at stage/archived content + if($this->URLSegment != 'Security' && (Versioned::current_archived_date() || (Versioned::current_stage() && Versioned::current_stage() != 'Live'))) { + if(!Permission::check('CMS_ACCESS_CMSMain')) { + $link = $this->Link(); + $message = _t("ContentController.DRAFT_SITE_ACCESS_RESTRICTION", "You must log in with your CMS password in order to view the draft or archived content. Click here to go back to the published site."); + Security::permissionFailure($this, sprintf($message, "$link?stage=Live")); + return; + } + } + } /** @@ -180,7 +190,7 @@ class ContentController extends Controller { public function SilverStripeNavigator() { $member = Member::currentUser(); - if(Director::isDev() || ($member && $member->isCMSUser())) { + if(Director::isDev() || Permission::check('CMS_ACCESS_CMSMain')) { Requirements::css('sapphire/css/SilverStripeNavigator.css'); Requirements::javascript('jsparty/behaviour.js'); diff --git a/security/Security.php b/security/Security.php index 70cf2113f..ef0ffc5f0 100644 --- a/security/Security.php +++ b/security/Security.php @@ -99,7 +99,7 @@ class Security extends Controller { * permission to * access the item. */ - static function permissionFailure($controller, $messageSet = null) { + static function permissionFailure($controller = null, $messageSet = null) { // Prepare the messageSet provided if(!$messageSet) { $messageSet = array(