diff --git a/_config/requestprocessors.yml b/_config/requestprocessors.yml index 46d9c72cf..4db9d030d 100644 --- a/_config/requestprocessors.yml +++ b/_config/requestprocessors.yml @@ -87,7 +87,7 @@ SilverStripe\Core\Injector\Injector: DevUrlsConfirmationMiddleware: '%$DevUrlsConfirmationMiddleware' DevUrlsConfirmationMiddleware: - class: SilverStripe\Control\Middleware\PermissionAwareConfirmationMiddleware + class: SilverStripe\Control\Middleware\DevelopmentAdminConfirmationMiddleware constructor: - '%$SilverStripe\Control\Middleware\ConfirmationMiddleware\UrlPathStartswith("dev")' properties: @@ -97,8 +97,6 @@ SilverStripe\Core\Injector\Injector: - '%$SilverStripe\Control\Middleware\ConfirmationMiddleware\CliBypass' - '%$SilverStripe\Control\Middleware\ConfirmationMiddleware\EnvironmentBypass("dev")' EnforceAuthentication: false - AffectedPermissions: - - ADMIN --- Name: dev_urls-confirmation-exceptions diff --git a/src/Control/Middleware/DevelopmentAdminConfirmationMiddleware.php b/src/Control/Middleware/DevelopmentAdminConfirmationMiddleware.php new file mode 100644 index 000000000..9ff119e81 --- /dev/null +++ b/src/Control/Middleware/DevelopmentAdminConfirmationMiddleware.php @@ -0,0 +1,58 @@ +remaining(); + if (empty($action)) { + return false; + } + + $registeredRoutes = DevelopmentAdmin::config()->get('registered_controllers'); + if (isset($registeredRoutes[$action]['controller'])) { + $initPermissions = Config::forClass($registeredRoutes[$action]['controller'])->get('init_permissions'); + foreach ($initPermissions as $permission) { + if (Permission::check($permission)) { + return true; + } + } + } + + return false; + } +} diff --git a/src/Dev/DevBuildController.php b/src/Dev/DevBuildController.php index a5377570e..6dc791d42 100644 --- a/src/Dev/DevBuildController.php +++ b/src/Dev/DevBuildController.php @@ -22,6 +22,12 @@ class DevBuildController extends Controller implements PermissionProvider 'build' ]; + private static $init_permissions = [ + 'ADMIN', + 'ALL_DEV_ADMIN', + 'CAN_DEV_BUILD', + ]; + protected function init(): void { parent::init(); @@ -59,7 +65,7 @@ class DevBuildController extends Controller implements PermissionProvider // We need to ensure that DevelopmentAdminTest can simulate permission failures when running // "dev/tasks" from CLI. || (Director::is_cli() && DevelopmentAdmin::config()->get('allow_all_cli')) - || Permission::check(['ADMIN', 'ALL_DEV_ADMIN', 'CAN_DEV_BUILD']) + || Permission::check(static::config()->get('init_permissions')) ); } diff --git a/src/Dev/DevConfigController.php b/src/Dev/DevConfigController.php index 05b03f797..03c532810 100644 --- a/src/Dev/DevConfigController.php +++ b/src/Dev/DevConfigController.php @@ -35,6 +35,12 @@ class DevConfigController extends Controller implements PermissionProvider 'audit', ]; + private static $init_permissions = [ + 'ADMIN', + 'ALL_DEV_ADMIN', + 'CAN_DEV_CONFIG', + ]; + protected function init(): void { parent::init(); @@ -148,7 +154,7 @@ class DevConfigController extends Controller implements PermissionProvider // We need to ensure that DevelopmentAdminTest can simulate permission failures when running // "dev/tasks" from CLI. || (Director::is_cli() && DevelopmentAdmin::config()->get('allow_all_cli')) - || Permission::check(['ADMIN', 'ALL_DEV_ADMIN', 'CAN_DEV_CONFIG']) + || Permission::check(static::config()->get('init_permissions')) ); } diff --git a/src/Dev/TaskRunner.php b/src/Dev/TaskRunner.php index 04148e2ad..465db9fcc 100644 --- a/src/Dev/TaskRunner.php +++ b/src/Dev/TaskRunner.php @@ -33,6 +33,12 @@ class TaskRunner extends Controller implements PermissionProvider 'runTask', ]; + private static $init_permissions = [ + 'ADMIN', + 'ALL_DEV_ADMIN', + 'BUILDTASK_CAN_RUN', + ]; + /** * @var array */ @@ -206,7 +212,7 @@ class TaskRunner extends Controller implements PermissionProvider // We need to ensure that DevelopmentAdminTest can simulate permission failures when running // "dev/tasks" from CLI. || (Director::is_cli() && DevelopmentAdmin::config()->get('allow_all_cli')) - || Permission::check(['ADMIN', 'ALL_DEV_ADMIN', 'BUILDTASK_CAN_RUN']) + || Permission::check(static::config()->get('init_permissions')) ); }