Fixed permission checks for /dev/build action

2024-10-22 14:05:37 +02:00 · 2016-01-13 14:05:14 +01:00 · 2016-01-13 14:05:14 +01:00 · ed04972c3c
commit ed04972c3c
parent c20d5b6861
2 changed files with 8 additions and 7 deletions
--- a/dev/DevBuildController.php
+++ b/dev/DevBuildController.php
@ -16,15 +16,16 @@ class DevBuildController extends Controller {
 			$da = DatabaseAdmin::create();
 			return $da->handleRequest($request, $this->model);
 		} else {
-			if(Director::isDev() || Permission::check("ADMIN")) {
-				$renderer = DebugView::create();
-				$renderer->writeHeader();
-				$renderer->writeInfo("Environment Builder", Director::absoluteBaseURL());
-				echo "<div class=\"build\">";
-			}
+			$renderer = DebugView::create();
+			$renderer->writeHeader();
+			$renderer->writeInfo("Environment Builder", Director::absoluteBaseURL());
+			echo "<div class=\"build\">";

 			$da = DatabaseAdmin::create();
 			return $da->handleRequest($request, $this->model);
+
+			echo "</div>";
+			$renderer->writeFooter();
 		}
 	}

--- a/dev/DevelopmentAdmin.php
+++ b/dev/DevelopmentAdmin.php
@ -33,7 +33,7 @@ class DevelopmentAdmin extends Controller {
 		parent::init();

 		// Special case for dev/build: Defer permission checks to DatabaseAdmin->init() (see #4957)
-		$requestedDevBuild = (stripos($this->getRequest()->getURL(), 'dev/build') === 0);
+		$requestedDevBuild = (stripos($this->getRequest()->getURL(), 'dev/build') === 0 && !Security::database_is_ready());

 		// We allow access to this controller regardless of live-status or ADMIN permission only
 		// if on CLI.  Access to this controller is always allowed in "dev-mode", or of the user is ADMIN.