From b9b891d05096ccf6370decc8f09500ee9be0e48f Mon Sep 17 00:00:00 2001
From: Andrew Paxley <andrewandante@gmail.com>
Date: Fri, 3 Nov 2023 14:54:31 +1300
Subject: [PATCH] ENH handle sub-urls

---
 .../Middleware/DevelopmentAdminConfirmationMiddleware.php  | 5 +++++
 src/Control/Middleware/URLSpecialsMiddleware.php           | 3 +--
 src/Dev/Tasks/CleanupTestDatabasesTask.php                 | 7 +++++++
 src/ORM/DatabaseAdmin.php                                  | 3 ++-
 4 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/src/Control/Middleware/DevelopmentAdminConfirmationMiddleware.php b/src/Control/Middleware/DevelopmentAdminConfirmationMiddleware.php
index 9ff119e81..25976e9ec 100644
--- a/src/Control/Middleware/DevelopmentAdminConfirmationMiddleware.php
+++ b/src/Control/Middleware/DevelopmentAdminConfirmationMiddleware.php
@@ -44,6 +44,11 @@ class DevelopmentAdminConfirmationMiddleware extends PermissionAwareConfirmation
         }
 
         $registeredRoutes = DevelopmentAdmin::config()->get('registered_controllers');
+        while (!isset($registeredRoutes[$action]) && strpos($action, '/') !== false) {
+            // Check for the parent route if a specific route isn't found
+            $action = substr($action, 0, strrpos($action, '/'));
+        }
+
         if (isset($registeredRoutes[$action]['controller'])) {
             $initPermissions = Config::forClass($registeredRoutes[$action]['controller'])->get('init_permissions');
             foreach ($initPermissions as $permission) {
diff --git a/src/Control/Middleware/URLSpecialsMiddleware.php b/src/Control/Middleware/URLSpecialsMiddleware.php
index b2fb10a6d..f32d779f5 100644
--- a/src/Control/Middleware/URLSpecialsMiddleware.php
+++ b/src/Control/Middleware/URLSpecialsMiddleware.php
@@ -39,8 +39,7 @@ class URLSpecialsMiddleware extends PermissionAwareConfirmationMiddleware
         parent::__construct(
             new ConfirmationMiddleware\GetParameter("flush"),
             new ConfirmationMiddleware\GetParameter("isDev"),
-            new ConfirmationMiddleware\GetParameter("isTest"),
-            new ConfirmationMiddleware\UrlPathStartswith("dev/build")
+            new ConfirmationMiddleware\GetParameter("isTest")
         );
     }
 
diff --git a/src/Dev/Tasks/CleanupTestDatabasesTask.php b/src/Dev/Tasks/CleanupTestDatabasesTask.php
index 104c27773..77b0c397b 100644
--- a/src/Dev/Tasks/CleanupTestDatabasesTask.php
+++ b/src/Dev/Tasks/CleanupTestDatabasesTask.php
@@ -23,6 +23,13 @@ class CleanupTestDatabasesTask extends BuildTask
 
     public function run($request)
     {
+        if (!$this->canView()) {
+            $response = Security::permissionFailure();
+            if ($response) {
+                $response->output();
+            }
+            die;
+        }
         TempDatabase::create()->deleteAll();
     }
 
diff --git a/src/ORM/DatabaseAdmin.php b/src/ORM/DatabaseAdmin.php
index 5da6ed65e..3f89a75fb 100644
--- a/src/ORM/DatabaseAdmin.php
+++ b/src/ORM/DatabaseAdmin.php
@@ -10,6 +10,7 @@ use SilverStripe\Core\ClassInfo;
 use SilverStripe\Core\Environment;
 use SilverStripe\Core\Injector\Injector;
 use SilverStripe\Core\Manifest\ClassLoader;
+use SilverStripe\Dev\DevBuildController;
 use SilverStripe\Dev\DevelopmentAdmin;
 use SilverStripe\ORM\Connect\DatabaseException;
 use SilverStripe\ORM\Connect\TableBuilder;
@@ -367,7 +368,7 @@ class DatabaseAdmin extends Controller
             // We need to ensure that DevelopmentAdminTest can simulate permission failures when running
             // "dev/tests" from CLI.
             || (Director::is_cli() && $allowAllCLI)
-            || Permission::check(['ADMIN', 'ALL_DEV_ADMIN', 'CAN_DEV_BUILD'])
+            || Permission::check(DevBuildController::config()->get('init_permissions'))
         );
     }