BUGFIX Allow DatabaseAdmin to run dev/build in live mode when not Security::is_database_ready(), and avoid broken login due to broken db queries (selecting unknown columns before dev/build) (see #4957)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@100924 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Ingo Schommer 2010-03-11 20:54:26 +00:00 committed by Sam Minnee
parent ad338ddeb7
commit 1ec5c18ab5

View File

@ -22,7 +22,14 @@ class DevelopmentAdmin extends Controller {
// We allow access to this controller regardless of live-status or ADMIN permission only
// if on CLI. Access to this controller is always allowed in "dev-mode", or of the user is ADMIN.
$canAccess = (Director::isDev() || Director::is_cli() || Permission::check("ADMIN"));
if(!$canAccess) return Security::permissionFailure($this);
// Special case for dev/build: Allow unauthenticated building of database, emulate DatabaseAdmin->init()
// permission restrictions (see #4957)
// TODO Decouple sub-controllers like DatabaseAdmin instead of weak URL checking
$requestedDevBuild = (stripos($this->request->getURL(), 'dev/build') === 0 && !Security::database_is_ready());
if(!$canAccess && !$requestedDevBuild) {
return Security::permissionFailure($this);
}
// check for valid url mapping
// lacking this information can cause really nasty bugs,