mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
API CHANGE: Add Security::ignore_disallowed_actions() to allow site features to be disabled when permissions have failed, rather than redirecting to the log-in form. (Trac #7097)
This commit is contained in:
parent
09e821efc3
commit
3f0136749b
@ -158,6 +158,8 @@ class Security extends Controller {
|
||||
* to log in.
|
||||
*/
|
||||
static function permissionFailure($controller = null, $messageSet = null) {
|
||||
self::set_ignore_disallowed_actions(true);
|
||||
|
||||
if(!$controller) $controller = Controller::curr();
|
||||
|
||||
if(Director::is_ajax()) {
|
||||
@ -864,4 +866,18 @@ class Security extends Controller {
|
||||
return self::$default_login_dest;
|
||||
}
|
||||
|
||||
protected static $ignore_disallowed_actions = false;
|
||||
|
||||
/**
|
||||
* Set to true to ignore access to disallowed actions, rather than returning permission failure
|
||||
* Note that this is just a flag that other code needs to check with Security::ignore_disallowed_actions()
|
||||
* @param $flag True or false
|
||||
*/
|
||||
public static function set_ignore_disallowed_actions($flag) {
|
||||
self::$ignore_disallowed_actions = $flag;
|
||||
}
|
||||
public static function ignore_disallowed_actions() {
|
||||
return self::$ignore_disallowed_actions;
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -612,9 +612,11 @@ class SSViewer {
|
||||
if(Director::isDev() || Director::is_cli() || Permission::check('ADMIN')) {
|
||||
self::flush_template_cache();
|
||||
} else {
|
||||
if(!Security::ignore_disallowed_actions()) {
|
||||
return Security::permissionFailure(null, 'Please log in as an administrator to flush the template cache.');
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if(!is_array($templateList) && substr((string) $templateList,-3) == '.ss') {
|
||||
$this->chosenTemplates['main'] = $templateList;
|
||||
|
Loading…
Reference in New Issue
Block a user