tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 12:05:37 +00:00
Code Issues Projects Releases Wiki Activity

BUGFIX Added isDev() and Permission::check() directives to DatabaseAdmin and DevelopmentAdmin

Browse Source 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@73251 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Ingo Schommer 2009-03-17 22:23:52 +00:00
parent 47f2deee7f
commit ad3d9ae29a
2 changed files with 33 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
core/model/DatabaseAdmin.php
View File

@ -19,6 +19,26 @@ class DatabaseAdmin extends Controller {
'testinstall', 'testinstall',
'import' 'import'
); );
function init() {
parent::init();
// We allow access to this controller regardless of live-status or ADMIN permission only
// if on CLI or with the database not ready. The latter makes it less errorprone to do an
// initial schema build without requiring a default-admin login.
// Access to this controller is always allowed in "dev-mode", or of the user is ADMIN.
$canAccess = (
Director::isDev()
|| !Security::database_is_ready()
|| Director::is_cli()
|| Permission::check("ADMIN")
);
if(!$canAccess) {
return Security::permissionFailure($this,
"This page is secured and you need administrator rights to access it. " .
"Enter your credentials below and we will send you right along.");
}
}
/** /**
* Get the data classes, grouped by their root class * Get the data classes, grouped by their root class
@ -62,13 +82,6 @@ class DatabaseAdmin extends Controller {
* Updates the database schema, creating tables & fields as necessary. * Updates the database schema, creating tables & fields as necessary.
*/ */
function build() { function build() {
if(Director::isLive() && Security::database_is_ready() && !Director::is_cli() && !Permission::check("ADMIN")) {
Security::permissionFailure($this,
"This page is secured and you need administrator rights to access it. " .
"Enter your credentials below and we will send you right along.");
return;
}
// The default time limit of 30 seconds is normally not enough // The default time limit of 30 seconds is normally not enough
if(ini_get("safe_mode") != "1") { if(ini_get("safe_mode") != "1") {
set_time_limit(600); set_time_limit(600);

14
dev/DevelopmentAdmin.php
View File

@ -16,10 +16,22 @@ class DevelopmentAdmin extends Controller {
'$Action//$Action/$ID' => 'handleAction', '$Action//$Action/$ID' => 'handleAction',
); );
function init() { function init() {
parent::init(); parent::init();
// We allow access to this controller regardless of live-status or ADMIN permission only
// if on CLI. Access to this controller is always allowed in "dev-mode", or of the user is ADMIN.
$canAccess = (
Director::isDev()
|| Director::is_cli()
|| Permission::check("ADMIN")
);
if(!$canAccess) {
return Security::permissionFailure($this,
"This page is secured and you need administrator rights to access it. " .
"Enter your credentials below and we will send you right along.");
}
// check for valid url mapping // check for valid url mapping
// lacking this information can cause really nasty bugs, // lacking this information can cause really nasty bugs,
// e.g. when running Director::test() from a FunctionalTest instance // e.g. when running Director::test() from a FunctionalTest instance