tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-01 13:48:37 +02:00
Code Issues Projects Releases Wiki Activity

Merge pull request #10751 from xini/patch-7

Browse Source 
make Group use tri-state can* extension hooks, fixes #9580
This commit is contained in:
Guy Sartorelli 2023-05-08 11:22:35 +12:00 committed by GitHub
commit 37937b7123
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
src/Security/Group.php
View File

@ -583,12 +583,10 @@ class Group extends DataObject
$member = Security::getCurrentUser();
}
// extended access checks
$results = $this->extend('canEdit', $member);
if ($results && is_array($results)) {
if (!min($results)) {
return false;
}
// check for extensions, we do this first as they can overrule everything
$extended = $this->extendedCan(__FUNCTION__, $member);
if ($extended !== null) {
return $extended;
}
if (// either we have an ADMIN
@ -619,12 +617,10 @@ class Group extends DataObject
$member = Security::getCurrentUser();
}
// extended access checks
$results = $this->extend('canView', $member);
if ($results && is_array($results)) {
if (!min($results)) {
return false;
}
// check for extensions, we do this first as they can overrule everything
$extended = $this->extendedCan(__FUNCTION__, $member);
if ($extended !== null) {
return $extended;
}
// user needs access to CMS_ACCESS_SecurityAdmin
@ -646,12 +642,10 @@ class Group extends DataObject
$member = Security::getCurrentUser();
}
// extended access checks
$results = $this->extend('canDelete', $member);
if ($results && is_array($results)) {
if (!min($results)) {
return false;
}
// check for extensions, we do this first as they can overrule everything
$extended = $this->extendedCan(__FUNCTION__, $member);
if ($extended !== null) {
return $extended;
}
return $this->canEdit($member);