Fixed permission checks for /dev/build action

This commit is contained in:
Mateusz 2016-01-13 14:05:14 +01:00
parent c20d5b6861
commit ed04972c3c
2 changed files with 8 additions and 7 deletions

View File

@ -16,15 +16,16 @@ class DevBuildController extends Controller {
$da = DatabaseAdmin::create();
return $da->handleRequest($request, $this->model);
} else {
if(Director::isDev() || Permission::check("ADMIN")) {
$renderer = DebugView::create();
$renderer->writeHeader();
$renderer->writeInfo("Environment Builder", Director::absoluteBaseURL());
echo "<div class=\"build\">";
}
$da = DatabaseAdmin::create();
return $da->handleRequest($request, $this->model);
echo "</div>";
$renderer->writeFooter();
}
}

View File

@ -33,7 +33,7 @@ class DevelopmentAdmin extends Controller {
parent::init();
// Special case for dev/build: Defer permission checks to DatabaseAdmin->init() (see #4957)
$requestedDevBuild = (stripos($this->getRequest()->getURL(), 'dev/build') === 0);
$requestedDevBuild = (stripos($this->getRequest()->getURL(), 'dev/build') === 0 && !Security::database_is_ready());
// We allow access to this controller regardless of live-status or ADMIN permission only
// if on CLI. Access to this controller is always allowed in "dev-mode", or of the user is ADMIN.