API CHANGE: Add Security::ignore_disallowed_actions() to allow site features to be disabled when permissions have failed, rather than redirecting to the log-in form. (Trac #7097)

This commit is contained in:
Sam Minnee 2012-06-15 15:17:32 +12:00
parent 09e821efc3
commit 3f0136749b
2 changed files with 19 additions and 1 deletions

View File

@ -158,6 +158,8 @@ class Security extends Controller {
* to log in.
*/
static function permissionFailure($controller = null, $messageSet = null) {
self::set_ignore_disallowed_actions(true);
if(!$controller) $controller = Controller::curr();
if(Director::is_ajax()) {
@ -864,4 +866,18 @@ class Security extends Controller {
return self::$default_login_dest;
}
protected static $ignore_disallowed_actions = false;
/**
* Set to true to ignore access to disallowed actions, rather than returning permission failure
* Note that this is just a flag that other code needs to check with Security::ignore_disallowed_actions()
* @param $flag True or false
*/
public static function set_ignore_disallowed_actions($flag) {
self::$ignore_disallowed_actions = $flag;
}
public static function ignore_disallowed_actions() {
return self::$ignore_disallowed_actions;
}
}

View File

@ -612,7 +612,9 @@ class SSViewer {
if(Director::isDev() || Director::is_cli() || Permission::check('ADMIN')) {
self::flush_template_cache();
} else {
return Security::permissionFailure(null, 'Please log in as an administrator to flush the template cache.');
if(!Security::ignore_disallowed_actions()) {
return Security::permissionFailure(null, 'Please log in as an administrator to flush the template cache.');
}
}
}