From 48c041884054a50599f63978961efd799c6cf659 Mon Sep 17 00:00:00 2001 From: Ingo Schommer Date: Sat, 21 Nov 2009 01:43:16 +0000 Subject: [PATCH] BUGFIX More robust checks on the current member in Member::canEdit() and Member::canDelete() if there is no logged in member (from r92129) git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@92458 467b73ca-7a2a-4603-9d3b-597d59a354a9 --- security/Member.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/security/Member.php b/security/Member.php index ca3d9de06..c8f6a5662 100644 --- a/security/Member.php +++ b/security/Member.php @@ -998,6 +998,9 @@ class Member extends DataObject { $results = $this->extend('canEdit', $member); if($results && is_array($results)) if(!min($results)) return false; + // No member found + if(!($member && $member->exists())) return false; + return $this->canView($member); } @@ -1012,6 +1015,9 @@ class Member extends DataObject { $results = $this->extend('canDelete', $member); if($results && is_array($results)) if(!min($results)) return false; + // No member found + if(!($member && $member->exists())) return false; + return $this->canEdit($member); }