diff --git a/admin/code/LeftAndMain.php b/admin/code/LeftAndMain.php index 38b2bb21f..8fd8279c5 100644 --- a/admin/code/LeftAndMain.php +++ b/admin/code/LeftAndMain.php @@ -793,6 +793,18 @@ class LeftAndMain extends Controller implements PermissionProvider { $statusUpdates = array('modified'=>array()); $id = $request->requestVar('ID'); $parentID = $request->requestVar('ParentID'); + + if($className == 'SiteTree' && $page = DataObject::get_by_id('Page', $id)){ + $root = $page->getParentType(); + if(($parentID == '0' || $root == 'root') && !SiteConfig::current_site_config()->canCreateTopLevel()){ + $this->response->setStatusCode( + 403, + _t('LeftAndMain.CANT_REORGANISE',"You do not have permission to alter Top level pages. Your change was not saved.") + ); + return; + } + } + $siblingIDs = $request->requestVar('SiblingIDs'); $statusUpdates = array('modified'=>array()); if(!is_numeric($id) || !is_numeric($parentID)) throw new InvalidArgumentException(); diff --git a/admin/javascript/LeftAndMain.Tree.js b/admin/javascript/LeftAndMain.Tree.js index 31cdb002f..28675f3d9 100644 --- a/admin/javascript/LeftAndMain.Tree.js +++ b/admin/javascript/LeftAndMain.Tree.js @@ -93,6 +93,11 @@ ID: $(movedNode).data('id'), ParentID: $(newParentNode).data('id') || 0, SiblingIDs: siblingIDs + }, + statusCode: { + 403: function() { + $.jstree.rollback(data.rlbk); + } } }); });