tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-01 05:39:10 +02:00
Code Issues Projects Releases Wiki Activity

Improved allowed_actions support for subclassed controllers, such as CMSMain extends LeftAndMain

Browse Source 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@49886 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Sam Minnee 2008-02-20 09:39:53 +00:00
parent 53ef54c4b1
commit 3e2fdf49f0
1 changed files with 16 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
core/control/Controller.php
View File

@ -531,10 +531,22 @@ class Controller extends ViewableData {
* Check thAT
*/
function checkAccessAction($action) {
$access = $this->stat('allowed_actions');
if($access === null) {
//user_error("Deprecated: please define static \$allowed_actions on your Controllers for security purposes", E_USER_NOTICE);
// Collate self::$allowed_actions from this class and all parent classes
$access = null;
$className = $this->class;
while($className != 'Controller') {
// Merge any non-null parts onto $access.
$accessPart = eval("return $className::\$allowed_actions;");
if($accessPart !== null) $access = array_merge((array)$access, $accessPart);
// Build an array of parts for checking if part[0] == part[1], which means that this class doesn't directly define it.
$accessParts[] = $accessPart;
$className = get_parent_class($className);
}
if($access === null || $accessParts[0] === $accessParts[1]) {
// user_error("Deprecated: please define static \$allowed_actions on your Controllers for security purposes", E_USER_NOTICE);
return true;
}