tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-09-29 12:49:06 +02:00
Code Issues Projects Releases Wiki Activity

BUGFIX: Fix regression in r88521 that prevented the index action from being explictly disabled by setting the * key in allowed_actions

Browse Source 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@88523 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Sam Minnee 2009-10-11 09:15:51 +00:00
parent 596c73c683
commit 68279be998
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
core/control/RequestHandler.php
View File

@ -236,8 +236,6 @@ class RequestHandler extends ViewableData {
$action = strtolower($action); $action = strtolower($action);
$allowedActions = $this->allowedActions(); $allowedActions = $this->allowedActions();
if($action == 'index') return true;
if($allowedActions) { if($allowedActions) {
// check for specific action rules first, and fall back to global rules defined by asterisk // check for specific action rules first, and fall back to global rules defined by asterisk
foreach(array($action,'*') as $actionOrAll) { foreach(array($action,'*') as $actionOrAll) {
@ -250,10 +248,11 @@ class RequestHandler extends ViewableData {
} elseif(substr($test, 0, 2) == '->') { } elseif(substr($test, 0, 2) == '->') {
// Case 2: Determined by custom method with "->" prefix // Case 2: Determined by custom method with "->" prefix
return $this->{substr($test, 2)}(); return $this->{substr($test, 2)}();
} elseif(Permission::check($test)) { } else {
// Case 3: Value is a permission code to check the current member against // Case 3: Value is a permission code to check the current member against
return true; return Permission::check($test);
} }
} elseif((($key = array_search($actionOrAll, $allowedActions)) !== false) && is_numeric($key)) { } elseif((($key = array_search($actionOrAll, $allowedActions)) !== false) && is_numeric($key)) {
// Case 4: Allow numeric array notation (search for array value as action instead of key) // Case 4: Allow numeric array notation (search for array value as action instead of key)
return true; return true;
@ -261,6 +260,10 @@ class RequestHandler extends ViewableData {
} }
} }
// If we get here an the action is 'index', then it hasn't been specified, which means that
// it should be allowed.
if($action == 'index') return true;
if($allowedActions === null || !$this->uninherited('allowed_actions')) { if($allowedActions === null || !$this->uninherited('allowed_actions')) {
// If no allowed_actions are provided, then we should only let through actions that aren't handled by magic methods // If no allowed_actions are provided, then we should only let through actions that aren't handled by magic methods
// we test this by calling the unmagic method_exists and comparing it to the magic $this->hasMethod(). This will // we test this by calling the unmagic method_exists and comparing it to the magic $this->hasMethod(). This will