BUGFIX Allow DatabaseAdmin to run dev/build in live mode when not Security::is_database_ready(), and avoid broken login due to broken db queries (selecting unknown columns before dev/build) (see #4957)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@100924 467b73ca-7a2a-4603-9d3b-597d59a354a9
2024-10-01 05:39:10 +02:00 · 2010-03-11 20:54:26 +00:00 · 2010-03-11 20:54:26 +00:00 · 1ec5c18ab5
commit 1ec5c18ab5
parent ad338ddeb7
1 changed files with 8 additions and 1 deletions
--- a/dev/DevelopmentAdmin.php
+++ b/dev/DevelopmentAdmin.php
@ -22,7 +22,14 @@ class DevelopmentAdmin extends Controller {
 		// We allow access to this controller regardless of live-status or ADMIN permission only
 		// if on CLI.  Access to this controller is always allowed in "dev-mode", or of the user is ADMIN.
 		$canAccess = (Director::isDev() || Director::is_cli() || Permission::check("ADMIN"));
-		if(!$canAccess) return Security::permissionFailure($this);
+		// Special case for dev/build: Allow unauthenticated building of database, emulate DatabaseAdmin->init()
+		// permission restrictions (see #4957)
+		// TODO Decouple sub-controllers like DatabaseAdmin instead of weak URL checking
+		$requestedDevBuild = (stripos($this->request->getURL(), 'dev/build') === 0 && !Security::database_is_ready());
+		
+		if(!$canAccess && !$requestedDevBuild) {
+			return Security::permissionFailure($this);
+		}
 		
 		// check for valid url mapping
 		// lacking this information can cause really nasty bugs,