mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
ENH add DevAdminConfirmationMiddleware
This commit is contained in:
parent
3244b44a54
commit
78444a44ca
@ -87,7 +87,7 @@ SilverStripe\Core\Injector\Injector:
|
|||||||
DevUrlsConfirmationMiddleware: '%$DevUrlsConfirmationMiddleware'
|
DevUrlsConfirmationMiddleware: '%$DevUrlsConfirmationMiddleware'
|
||||||
|
|
||||||
DevUrlsConfirmationMiddleware:
|
DevUrlsConfirmationMiddleware:
|
||||||
class: SilverStripe\Control\Middleware\PermissionAwareConfirmationMiddleware
|
class: SilverStripe\Control\Middleware\DevelopmentAdminConfirmationMiddleware
|
||||||
constructor:
|
constructor:
|
||||||
- '%$SilverStripe\Control\Middleware\ConfirmationMiddleware\UrlPathStartswith("dev")'
|
- '%$SilverStripe\Control\Middleware\ConfirmationMiddleware\UrlPathStartswith("dev")'
|
||||||
properties:
|
properties:
|
||||||
@ -97,8 +97,6 @@ SilverStripe\Core\Injector\Injector:
|
|||||||
- '%$SilverStripe\Control\Middleware\ConfirmationMiddleware\CliBypass'
|
- '%$SilverStripe\Control\Middleware\ConfirmationMiddleware\CliBypass'
|
||||||
- '%$SilverStripe\Control\Middleware\ConfirmationMiddleware\EnvironmentBypass("dev")'
|
- '%$SilverStripe\Control\Middleware\ConfirmationMiddleware\EnvironmentBypass("dev")'
|
||||||
EnforceAuthentication: false
|
EnforceAuthentication: false
|
||||||
AffectedPermissions:
|
|
||||||
- ADMIN
|
|
||||||
|
|
||||||
---
|
---
|
||||||
Name: dev_urls-confirmation-exceptions
|
Name: dev_urls-confirmation-exceptions
|
||||||
|
@ -0,0 +1,58 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
namespace SilverStripe\Control\Middleware;
|
||||||
|
|
||||||
|
use SilverStripe\Control\HTTPRequest;
|
||||||
|
use SilverStripe\Core\Config\Config;
|
||||||
|
use SilverStripe\Core\Injector\Injector;
|
||||||
|
use SilverStripe\Dev\DevelopmentAdmin;
|
||||||
|
use SilverStripe\Security\Permission;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Extends the PermissionAwareConfirmationMiddleware with checks for user permissions
|
||||||
|
*
|
||||||
|
* Respects users who don't have enough access and does not
|
||||||
|
* ask them for confirmation
|
||||||
|
*
|
||||||
|
* By default it enforces authentication by redirecting users to a login page.
|
||||||
|
*
|
||||||
|
* How it works:
|
||||||
|
* - if user can bypass the middleware, then pass request further
|
||||||
|
* - if there are no confirmation items, then pass request further
|
||||||
|
* - if user is not authenticated and enforceAuthentication is false, then pass request further
|
||||||
|
* - if user does not have at least one of the affected permissions, then pass request further
|
||||||
|
* - otherwise, pass handling to the parent (ConfirmationMiddleware)
|
||||||
|
*/
|
||||||
|
class DevelopmentAdminConfirmationMiddleware extends PermissionAwareConfirmationMiddleware
|
||||||
|
{
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Check whether the user has permissions to perform the target operation
|
||||||
|
* Otherwise we may want to skip the confirmation dialog.
|
||||||
|
*
|
||||||
|
* WARNING! The user has to be authenticated beforehand
|
||||||
|
*
|
||||||
|
* @param HTTPRequest $request
|
||||||
|
*
|
||||||
|
* @return bool
|
||||||
|
*/
|
||||||
|
public function hasAccess(HTTPRequest $request)
|
||||||
|
{
|
||||||
|
$action = $request->remaining();
|
||||||
|
if (empty($action)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
$registeredRoutes = DevelopmentAdmin::config()->get('registered_controllers');
|
||||||
|
if (isset($registeredRoutes[$action]['controller'])) {
|
||||||
|
$initPermissions = Config::forClass($registeredRoutes[$action]['controller'])->get('init_permissions');
|
||||||
|
foreach ($initPermissions as $permission) {
|
||||||
|
if (Permission::check($permission)) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
@ -22,6 +22,12 @@ class DevBuildController extends Controller implements PermissionProvider
|
|||||||
'build'
|
'build'
|
||||||
];
|
];
|
||||||
|
|
||||||
|
private static $init_permissions = [
|
||||||
|
'ADMIN',
|
||||||
|
'ALL_DEV_ADMIN',
|
||||||
|
'CAN_DEV_BUILD',
|
||||||
|
];
|
||||||
|
|
||||||
protected function init(): void
|
protected function init(): void
|
||||||
{
|
{
|
||||||
parent::init();
|
parent::init();
|
||||||
@ -59,7 +65,7 @@ class DevBuildController extends Controller implements PermissionProvider
|
|||||||
// We need to ensure that DevelopmentAdminTest can simulate permission failures when running
|
// We need to ensure that DevelopmentAdminTest can simulate permission failures when running
|
||||||
// "dev/tasks" from CLI.
|
// "dev/tasks" from CLI.
|
||||||
|| (Director::is_cli() && DevelopmentAdmin::config()->get('allow_all_cli'))
|
|| (Director::is_cli() && DevelopmentAdmin::config()->get('allow_all_cli'))
|
||||||
|| Permission::check(['ADMIN', 'ALL_DEV_ADMIN', 'CAN_DEV_BUILD'])
|
|| Permission::check(static::config()->get('init_permissions'))
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -35,6 +35,12 @@ class DevConfigController extends Controller implements PermissionProvider
|
|||||||
'audit',
|
'audit',
|
||||||
];
|
];
|
||||||
|
|
||||||
|
private static $init_permissions = [
|
||||||
|
'ADMIN',
|
||||||
|
'ALL_DEV_ADMIN',
|
||||||
|
'CAN_DEV_CONFIG',
|
||||||
|
];
|
||||||
|
|
||||||
protected function init(): void
|
protected function init(): void
|
||||||
{
|
{
|
||||||
parent::init();
|
parent::init();
|
||||||
@ -148,7 +154,7 @@ class DevConfigController extends Controller implements PermissionProvider
|
|||||||
// We need to ensure that DevelopmentAdminTest can simulate permission failures when running
|
// We need to ensure that DevelopmentAdminTest can simulate permission failures when running
|
||||||
// "dev/tasks" from CLI.
|
// "dev/tasks" from CLI.
|
||||||
|| (Director::is_cli() && DevelopmentAdmin::config()->get('allow_all_cli'))
|
|| (Director::is_cli() && DevelopmentAdmin::config()->get('allow_all_cli'))
|
||||||
|| Permission::check(['ADMIN', 'ALL_DEV_ADMIN', 'CAN_DEV_CONFIG'])
|
|| Permission::check(static::config()->get('init_permissions'))
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -33,6 +33,12 @@ class TaskRunner extends Controller implements PermissionProvider
|
|||||||
'runTask',
|
'runTask',
|
||||||
];
|
];
|
||||||
|
|
||||||
|
private static $init_permissions = [
|
||||||
|
'ADMIN',
|
||||||
|
'ALL_DEV_ADMIN',
|
||||||
|
'BUILDTASK_CAN_RUN',
|
||||||
|
];
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @var array
|
* @var array
|
||||||
*/
|
*/
|
||||||
@ -206,7 +212,7 @@ class TaskRunner extends Controller implements PermissionProvider
|
|||||||
// We need to ensure that DevelopmentAdminTest can simulate permission failures when running
|
// We need to ensure that DevelopmentAdminTest can simulate permission failures when running
|
||||||
// "dev/tasks" from CLI.
|
// "dev/tasks" from CLI.
|
||||||
|| (Director::is_cli() && DevelopmentAdmin::config()->get('allow_all_cli'))
|
|| (Director::is_cli() && DevelopmentAdmin::config()->get('allow_all_cli'))
|
||||||
|| Permission::check(['ADMIN', 'ALL_DEV_ADMIN', 'BUILDTASK_CAN_RUN'])
|
|| Permission::check(static::config()->get('init_permissions'))
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user