Fixed permission checks for /dev/build action

This commit is contained in:
Mateusz 2016-01-13 14:05:14 +01:00
parent c20d5b6861
commit ed04972c3c
2 changed files with 8 additions and 7 deletions

View File

@ -16,15 +16,16 @@ class DevBuildController extends Controller {
$da = DatabaseAdmin::create(); $da = DatabaseAdmin::create();
return $da->handleRequest($request, $this->model); return $da->handleRequest($request, $this->model);
} else { } else {
if(Director::isDev() || Permission::check("ADMIN")) {
$renderer = DebugView::create(); $renderer = DebugView::create();
$renderer->writeHeader(); $renderer->writeHeader();
$renderer->writeInfo("Environment Builder", Director::absoluteBaseURL()); $renderer->writeInfo("Environment Builder", Director::absoluteBaseURL());
echo "<div class=\"build\">"; echo "<div class=\"build\">";
}
$da = DatabaseAdmin::create(); $da = DatabaseAdmin::create();
return $da->handleRequest($request, $this->model); return $da->handleRequest($request, $this->model);
echo "</div>";
$renderer->writeFooter();
} }
} }

View File

@ -33,7 +33,7 @@ class DevelopmentAdmin extends Controller {
parent::init(); parent::init();
// Special case for dev/build: Defer permission checks to DatabaseAdmin->init() (see #4957) // Special case for dev/build: Defer permission checks to DatabaseAdmin->init() (see #4957)
$requestedDevBuild = (stripos($this->getRequest()->getURL(), 'dev/build') === 0); $requestedDevBuild = (stripos($this->getRequest()->getURL(), 'dev/build') === 0 && !Security::database_is_ready());
// We allow access to this controller regardless of live-status or ADMIN permission only // We allow access to this controller regardless of live-status or ADMIN permission only
// if on CLI. Access to this controller is always allowed in "dev-mode", or of the user is ADMIN. // if on CLI. Access to this controller is always allowed in "dev-mode", or of the user is ADMIN.