mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
ENHANCEMENT Only logging out users on Security::permissionFailure() is called in non-ajax context. For ajax requests, we now return a 403 HTTP Status in a HTTPResponse Object, with a ":NOTLOGGEDIN" body for backwards compatibility. If a logout+redirection is required after an ajax-request, this should be handled by the clientside.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@65147 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
parent
c998006b2c
commit
c4f3bc962f
@ -140,66 +140,67 @@ class Security extends Controller {
|
|||||||
* access the item.
|
* access the item.
|
||||||
*/
|
*/
|
||||||
static function permissionFailure($controller = null, $messageSet = null) {
|
static function permissionFailure($controller = null, $messageSet = null) {
|
||||||
// Prepare the messageSet provided
|
|
||||||
if(!$messageSet) {
|
|
||||||
if(self::$default_message_set) {
|
|
||||||
$messageSet = self::$default_message_set;
|
|
||||||
} else {
|
|
||||||
$messageSet = array(
|
|
||||||
'default' => _t(
|
|
||||||
'Security.NOTEPAGESECURED',
|
|
||||||
"That page is secured. Enter your credentials below and we will send you right along."
|
|
||||||
),
|
|
||||||
'alreadyLoggedIn' => _t(
|
|
||||||
'Security.ALREADYLOGGEDIN',
|
|
||||||
"You don't have access to this page. If you have another account that can access that page, you can log in below."
|
|
||||||
),
|
|
||||||
'logInAgain' => _t(
|
|
||||||
'Security.LOGGEDOUT',
|
|
||||||
"You have been logged out. If you would like to log in again, enter your credentials below."
|
|
||||||
)
|
|
||||||
);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if(!is_array($messageSet)) {
|
|
||||||
$messageSet = array('default' => $messageSet);
|
|
||||||
}
|
|
||||||
|
|
||||||
// Work out the right message to show
|
|
||||||
if(Member::currentUserID()) {
|
|
||||||
// user_error( 'PermFailure with member', E_USER_ERROR );
|
|
||||||
|
|
||||||
$message = isset($messageSet['alreadyLoggedIn'])
|
|
||||||
? $messageSet['alreadyLoggedIn']
|
|
||||||
: $messageSet['default'];
|
|
||||||
|
|
||||||
if($member = Member::currentUser())
|
|
||||||
$member->logout();
|
|
||||||
|
|
||||||
} else if(substr(Director::history(),0,15) == 'Security/logout') {
|
|
||||||
$message = $messageSet['logInAgain']
|
|
||||||
? $messageSet['logInAgain']
|
|
||||||
: $messageSet['default'];
|
|
||||||
|
|
||||||
} else {
|
|
||||||
$message = $messageSet['default'];
|
|
||||||
}
|
|
||||||
|
|
||||||
Session::set("Security.Message.message", $message);
|
|
||||||
Session::set("Security.Message.type", 'warning');
|
|
||||||
|
|
||||||
Session::set("BackURL", $_SERVER['REQUEST_URI']);
|
|
||||||
|
|
||||||
// TODO AccessLogEntry needs an extension to handle permission denied errors
|
|
||||||
// Audit logging hook
|
|
||||||
if($controller) $controller->extend('permissionDenied', $member);
|
|
||||||
|
|
||||||
// AccessLogEntry::create("Permission to access {$name} denied");
|
|
||||||
|
|
||||||
if(Director::is_ajax()) {
|
if(Director::is_ajax()) {
|
||||||
die('NOTLOGGEDIN:');
|
$response = ($controller) ? $controller->getResponse() : new HTTPResponse();
|
||||||
|
$response->setStatusCode(403);
|
||||||
|
$response->setBody('NOTLOGGEDIN:');
|
||||||
|
return $response;
|
||||||
} else {
|
} else {
|
||||||
|
// Prepare the messageSet provided
|
||||||
|
if(!$messageSet) {
|
||||||
|
if(self::$default_message_set) {
|
||||||
|
$messageSet = self::$default_message_set;
|
||||||
|
} else {
|
||||||
|
$messageSet = array(
|
||||||
|
'default' => _t(
|
||||||
|
'Security.NOTEPAGESECURED',
|
||||||
|
"That page is secured. Enter your credentials below and we will send you right along."
|
||||||
|
),
|
||||||
|
'alreadyLoggedIn' => _t(
|
||||||
|
'Security.ALREADYLOGGEDIN',
|
||||||
|
"You don't have access to this page. If you have another account that can access that page, you can log in below."
|
||||||
|
),
|
||||||
|
'logInAgain' => _t(
|
||||||
|
'Security.LOGGEDOUT',
|
||||||
|
"You have been logged out. If you would like to log in again, enter your credentials below."
|
||||||
|
)
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if(!is_array($messageSet)) {
|
||||||
|
$messageSet = array('default' => $messageSet);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Work out the right message to show
|
||||||
|
if(Member::currentUserID()) {
|
||||||
|
// user_error( 'PermFailure with member', E_USER_ERROR );
|
||||||
|
|
||||||
|
$message = isset($messageSet['alreadyLoggedIn'])
|
||||||
|
? $messageSet['alreadyLoggedIn']
|
||||||
|
: $messageSet['default'];
|
||||||
|
|
||||||
|
if($member = Member::currentUser())
|
||||||
|
$member->logout();
|
||||||
|
|
||||||
|
} else if(substr(Director::history(),0,15) == 'Security/logout') {
|
||||||
|
$message = $messageSet['logInAgain']
|
||||||
|
? $messageSet['logInAgain']
|
||||||
|
: $messageSet['default'];
|
||||||
|
|
||||||
|
} else {
|
||||||
|
$message = $messageSet['default'];
|
||||||
|
}
|
||||||
|
|
||||||
|
Session::set("Security.Message.message", $message);
|
||||||
|
Session::set("Security.Message.type", 'warning');
|
||||||
|
|
||||||
|
Session::set("BackURL", $_SERVER['REQUEST_URI']);
|
||||||
|
|
||||||
|
// TODO AccessLogEntry needs an extension to handle permission denied errors
|
||||||
|
// Audit logging hook
|
||||||
|
if($controller) $controller->extend('permissionDenied', $member);
|
||||||
|
|
||||||
Director::redirect("Security/login");
|
Director::redirect("Security/login");
|
||||||
}
|
}
|
||||||
return;
|
return;
|
||||||
|
Loading…
Reference in New Issue
Block a user