tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

BUGFIX Added isDev() and Permission::check() directives to DatabaseAdmin and DevelopmentAdmin (Merged from r73251)

Browse Source 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@73286 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Sean Harvey 2009-03-18 02:57:46 +00:00 committed by Sam Minnee
parent 5ddfb9e2e0
commit d61ba29d42
2 changed files with 33 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
core/model/DatabaseAdmin.php
View File

@ -19,6 +19,26 @@ class DatabaseAdmin extends Controller {
'testinstall',
'import'
);
function init() {
parent::init();
// We allow access to this controller regardless of live-status or ADMIN permission only
// if on CLI or with the database not ready. The latter makes it less errorprone to do an
// initial schema build without requiring a default-admin login.
// Access to this controller is always allowed in "dev-mode", or of the user is ADMIN.
$canAccess = (
Director::isDev()
|| !Security::database_is_ready()
|| Director::is_cli()
|| Permission::check("ADMIN")
);
if(!$canAccess) {
return Security::permissionFailure($this,
"This page is secured and you need administrator rights to access it. " .
"Enter your credentials below and we will send you right along.");
}
}
/**
* Get the data classes, grouped by their root class
@ -62,13 +82,6 @@ class DatabaseAdmin extends Controller {
* Updates the database schema, creating tables & fields as necessary.
*/
function build() {
if(Director::isLive() && Security::database_is_ready() && !Director::is_cli() && !Permission::check("ADMIN")) {
Security::permissionFailure($this,
"This page is secured and you need administrator rights to access it. " .
"Enter your credentials below and we will send you right along.");
return;
}
// The default time limit of 30 seconds is normally not enough
if(ini_get("safe_mode") != "1") {
set_time_limit(600);

14
dev/DevelopmentAdmin.php
View File

@ -16,10 +16,22 @@ class DevelopmentAdmin extends Controller {
'$Action//$Action/$ID' => 'handleAction',
);
function init() {
parent::init();
// We allow access to this controller regardless of live-status or ADMIN permission only
// if on CLI. Access to this controller is always allowed in "dev-mode", or of the user is ADMIN.
$canAccess = (
Director::isDev()
|| Director::is_cli()
|| Permission::check("ADMIN")
);
if(!$canAccess) {
return Security::permissionFailure($this,
"This page is secured and you need administrator rights to access it. " .
"Enter your credentials below and we will send you right along.");
}
// check for valid url mapping
// lacking this information can cause really nasty bugs,
// e.g. when running Director::test() from a FunctionalTest instance