BUG Security::permissionFailure() fixing permissionDenied hook inconsistency

permissionDenied only works if Security::permissionFailure() is called when
there's currently no logged in Member. This fixes it so failed attempts
with logged in Member also includes the permissionDenied hook.

In addition, fix an undefined $member variable
This commit is contained in:
Sean Harvey 2013-04-12 10:59:00 +12:00
parent 97b1f8616f
commit 1eadff5a4f

View File

@ -222,17 +222,20 @@ class Security extends Controller {
$messageSet = array('default' => $messageSet); $messageSet = array('default' => $messageSet);
} }
$member = Member::currentUser();
// Work out the right message to show // Work out the right message to show
if(Member::currentUser()) { if($member && $member->exists()) {
$response = ($controller) ? $controller->getResponse() : new SS_HTTPResponse(); $response = ($controller) ? $controller->getResponse() : new SS_HTTPResponse();
$response->setStatusCode(403); $response->setStatusCode(403);
//If 'alreadyLoggedIn' is not specified in the array, then use the default //If 'alreadyLoggedIn' is not specified in the array, then use the default
//which should have been specified in the lines above //which should have been specified in the lines above
if(isset($messageSet['alreadyLoggedIn'])) if(isset($messageSet['alreadyLoggedIn'])) {
$message=$messageSet['alreadyLoggedIn']; $message = $messageSet['alreadyLoggedIn'];
else } else {
$message=$messageSet['default']; $message = $messageSet['default'];
}
// Somewhat hackish way to render a login form with an error message. // Somewhat hackish way to render a login form with an error message.
$me = new Security(); $me = new Security();
@ -242,6 +245,9 @@ class Security extends Controller {
$formText = $me->login(); $formText = $me->login();
$response->setBody($formText); $response->setBody($formText);
$controller->extend('permissionDenied', $member);
return $response; return $response;
} else { } else {
$message = $messageSet['default']; $message = $messageSet['default'];