tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

ENHANCEMENT Only logging out users on Security::permissionFailure() is called in non-ajax context. For ajax requests, we now return a 403 HTTP Status in a HTTPResponse Object, with a ":NOTLOGGEDIN" body for backwards compatibility. If a logout+redirection is required after an ajax-request, this should be handled by the clientside.

Browse Source 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@65147 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Ingo Schommer 2008-11-03 13:50:06 +00:00
parent c998006b2c
commit c4f3bc962f
1 changed files with 59 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
security/Security.php
View File

@ -140,6 +140,12 @@ class Security extends Controller {
* access the item. * access the item.
*/ */
static function permissionFailure($controller = null, $messageSet = null) { static function permissionFailure($controller = null, $messageSet = null) {
if(Director::is_ajax()) {
$response = ($controller) ? $controller->getResponse() : new HTTPResponse();
$response->setStatusCode(403);
$response->setBody('NOTLOGGEDIN:');
return $response;
} else {
// Prepare the messageSet provided // Prepare the messageSet provided
if(!$messageSet) { if(!$messageSet) {
if(self::$default_message_set) { if(self::$default_message_set) {
@ -195,11 +201,6 @@ class Security extends Controller {
// Audit logging hook // Audit logging hook
if($controller) $controller->extend('permissionDenied', $member); if($controller) $controller->extend('permissionDenied', $member);
// AccessLogEntry::create("Permission to access {$name} denied");
if(Director::is_ajax()) {
die('NOTLOGGEDIN:');
} else {
Director::redirect("Security/login"); Director::redirect("Security/login");
} }
return; return;