mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
Fixed permission checks for /dev/build action
This commit is contained in:
parent
c20d5b6861
commit
ed04972c3c
@ -16,15 +16,16 @@ class DevBuildController extends Controller {
|
||||
$da = DatabaseAdmin::create();
|
||||
return $da->handleRequest($request, $this->model);
|
||||
} else {
|
||||
if(Director::isDev() || Permission::check("ADMIN")) {
|
||||
$renderer = DebugView::create();
|
||||
$renderer->writeHeader();
|
||||
$renderer->writeInfo("Environment Builder", Director::absoluteBaseURL());
|
||||
echo "<div class=\"build\">";
|
||||
}
|
||||
|
||||
$da = DatabaseAdmin::create();
|
||||
return $da->handleRequest($request, $this->model);
|
||||
|
||||
echo "</div>";
|
||||
$renderer->writeFooter();
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -33,7 +33,7 @@ class DevelopmentAdmin extends Controller {
|
||||
parent::init();
|
||||
|
||||
// Special case for dev/build: Defer permission checks to DatabaseAdmin->init() (see #4957)
|
||||
$requestedDevBuild = (stripos($this->getRequest()->getURL(), 'dev/build') === 0);
|
||||
$requestedDevBuild = (stripos($this->getRequest()->getURL(), 'dev/build') === 0 && !Security::database_is_ready());
|
||||
|
||||
// We allow access to this controller regardless of live-status or ADMIN permission only
|
||||
// if on CLI. Access to this controller is always allowed in "dev-mode", or of the user is ADMIN.
|
||||
|
Loading…
Reference in New Issue
Block a user