tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 12:05:37 +00:00
Code Issues Projects Releases Wiki Activity

BUG Security::permissionFailure() fixing permissionDenied hook inconsistency

Browse Source 
permissionDenied only works if Security::permissionFailure() is called when
there's currently no logged in Member. This fixes it so failed attempts
with logged in Member also includes the permissionDenied hook.

In addition, fix an undefined $member variable
This commit is contained in:
Sean Harvey 2013-04-12 10:59:00 +12:00
parent 97b1f8616f
commit 1eadff5a4f
1 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
security/Security.php
View File

@ -222,17 +222,20 @@ class Security extends Controller {
$messageSet = array('default' => $messageSet);
}
$member = Member::currentUser();
// Work out the right message to show
if(Member::currentUser()) {
if($member && $member->exists()) {
$response = ($controller) ? $controller->getResponse() : new SS_HTTPResponse();
$response->setStatusCode(403);
//If 'alreadyLoggedIn' is not specified in the array, then use the default
//which should have been specified in the lines above
if(isset($messageSet['alreadyLoggedIn']))
$message=$messageSet['alreadyLoggedIn'];
else
$message=$messageSet['default'];
if(isset($messageSet['alreadyLoggedIn'])) {
$message = $messageSet['alreadyLoggedIn'];
} else {
$message = $messageSet['default'];
}
// Somewhat hackish way to render a login form with an error message.
$me = new Security();
@ -242,6 +245,9 @@ class Security extends Controller {
$formText = $me->login();
$response->setBody($formText);
$controller->extend('permissionDenied', $member);
return $response;
} else {
$message = $messageSet['default'];