mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
#1662 - Secured draft/archived content
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@44555 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Sam Minnee
parent
2c8e304294
commit
15eff6e217
@ -85,13 +85,23 @@ class ContentController extends Controller {
|
|||||||
}
|
}
|
||||||
|
|
||||||
singleton('SiteTree')->extend('contentcontrollerInit', $this);
|
singleton('SiteTree')->extend('contentcontrollerInit', $this);
|
||||||
|
|
||||||
Director::set_site_mode('site');
|
Director::set_site_mode('site');
|
||||||
|
|
||||||
// Check permissions
|
// Check page permissions
|
||||||
if($this->dataRecord && $this->URLSegment != 'Security' && !$this->dataRecord->can('View')) {
|
if($this->dataRecord && $this->URLSegment != 'Security' && !$this->dataRecord->can('View')) {
|
||||||
Security::permissionFailure($this);
|
Security::permissionFailure($this);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Draft/Archive security check - only CMS users should be able to look at stage/archived content
|
||||||
|
if($this->URLSegment != 'Security' && (Versioned::current_archived_date() || (Versioned::current_stage() && Versioned::current_stage() != 'Live'))) {
|
||||||
|
if(!Permission::check('CMS_ACCESS_CMSMain')) {
|
||||||
|
$link = $this->Link();
|
||||||
|
$message = _t("ContentController.DRAFT_SITE_ACCESS_RESTRICTION", "You must log in with your CMS password in order to view the draft or archived content. <a href=\"%s\">Click here to go back to the published site.</a>");
|
||||||
|
Security::permissionFailure($this, sprintf($message, "$link?stage=Live"));
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -180,7 +190,7 @@ class ContentController extends Controller {
|
|||||||
public function SilverStripeNavigator() {
|
public function SilverStripeNavigator() {
|
||||||
$member = Member::currentUser();
|
$member = Member::currentUser();
|
||||||
|
|
||||||
if(Director::isDev() || ($member && $member->isCMSUser())) {
|
if(Director::isDev() || Permission::check('CMS_ACCESS_CMSMain')) {
|
||||||
Requirements::css('sapphire/css/SilverStripeNavigator.css');
|
Requirements::css('sapphire/css/SilverStripeNavigator.css');
|
||||||
|
|
||||||
Requirements::javascript('jsparty/behaviour.js');
|
Requirements::javascript('jsparty/behaviour.js');
|
||||||
|
|||||||
@ -99,7 +99,7 @@ class Security extends Controller {
|
|||||||
* permission to
|
* permission to
|
||||||
* access the item.
|
* access the item.
|
||||||
*/
|
*/
|
||||||
static function permissionFailure($controller, $messageSet = null) {
|
static function permissionFailure($controller = null, $messageSet = null) {
|
||||||
// Prepare the messageSet provided
|
// Prepare the messageSet provided
|
||||||
if(!$messageSet) {
|
if(!$messageSet) {
|
||||||
$messageSet = array(
|
$messageSet = array(
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user