mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
BUGFIX Allow DatabaseAdmin to run dev/build in live mode when not Security::is_database_ready(), and avoid broken login due to broken db queries (selecting unknown columns before dev/build) (see #4957)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@100924 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
parent
ad338ddeb7
commit
1ec5c18ab5
@ -22,7 +22,14 @@ class DevelopmentAdmin extends Controller {
|
||||
// We allow access to this controller regardless of live-status or ADMIN permission only
|
||||
// if on CLI. Access to this controller is always allowed in "dev-mode", or of the user is ADMIN.
|
||||
$canAccess = (Director::isDev() || Director::is_cli() || Permission::check("ADMIN"));
|
||||
if(!$canAccess) return Security::permissionFailure($this);
|
||||
// Special case for dev/build: Allow unauthenticated building of database, emulate DatabaseAdmin->init()
|
||||
// permission restrictions (see #4957)
|
||||
// TODO Decouple sub-controllers like DatabaseAdmin instead of weak URL checking
|
||||
$requestedDevBuild = (stripos($this->request->getURL(), 'dev/build') === 0 && !Security::database_is_ready());
|
||||
|
||||
if(!$canAccess && !$requestedDevBuild) {
|
||||
return Security::permissionFailure($this);
|
||||
}
|
||||
|
||||
// check for valid url mapping
|
||||
// lacking this information can cause really nasty bugs,
|
||||
|
Loading…
Reference in New Issue
Block a user