Commit Graph

22 Commits

Author SHA1 Message Date
Damian Mooyman
af22a83166 API Apply Framework\Security namespace 2016-07-07 11:32:28 +12:00
Hamish Friedlander
80d4af6b6e
API Apply Framework\ORM Namespace to model 2016-06-29 10:02:32 +12:00
Damian Mooyman
309ac0d196 Merge remote-tracking branch 'origin/3.1' into 3.2
Conflicts:
	.travis.yml
	admin/code/CMSProfileController.php
	admin/tests/LeftAndMainTest.php
	control/HTTP.php
	security/Permission.php
	tests/forms/FormTest.php
	tests/model/ArrayListTest.php
	tests/security/PermissionTest.php
2015-09-09 14:35:29 +12:00
Daniel Hensby
2d4b743090 FIX Members can access their own profiles in CMS 2015-08-26 15:47:51 +01:00
Damian Mooyman
eb069e605d Remove all redundant whitespace 2014-08-19 09:17:15 +12:00
Ingo Schommer
8286ba346e admin/myprofile layout after validation (fixes #2644)
Broke because the <form> tag was returned, while
the client logic was expecting the whole <div> including the <form>.
Fixed to display the button bar at the bottom,
and tested with validation errors as well as switching from/to
the panel via ajax.
2013-11-07 16:19:40 +01:00
Will Rossiter
813d34b15e FIX: Use Injector API for managing Member_Validator instance.
Updates the CMS profile page and SecurityAdmin to give developers a few ways to customise the required fields.

Added extension hook updateValidator for getValidator for things like modules to inject required fields to go along with Injector for replacing the entire class for project specific use.
2013-10-16 11:29:43 +13:00
Will Rossiter
8febaeafb9 Update docblocks 2013-10-15 11:29:58 +13:00
Ingo Schommer
fb784af738 API Enforce $allowed_actions in RequestHandler->checkAccessAction()
See discussion at https://groups.google.com/forum/?fromgroups#!topic/silverstripe-dev/Dodomh9QZjk

Fixes an access issue where all public methods on FormField were allowed,
and not checked for $allowed_actions. Before this patch you could e.g.
call FormField->Value() on the first field by using action_Value.

Removes the following assertion because it only worked due to RequestHandlingTest_AllowedControllerExtension
*not* having $allowed_extensions declared: "Actions on magic methods are only accessible if explicitly allowed on the controller."
2013-06-24 14:50:40 +02:00
Ingo Schommer
d42cbdd613 Removed "Last visited" from admin/myprofile (fixes #648)
It doesn't make any sense in this context
2013-06-13 15:01:23 +02:00
Ingo Schommer
3334eafcb1 API Marked statics private, use Config API instead (#8317)
See "Static configuration properties are now immutable, you must use Config API." in the 3.1 change log for details.
2013-03-24 17:20:53 +01:00
Ingo Schommer
b3657147bf BUG Remove "delete" button from "My Profile" (fixes #8121) 2012-12-15 20:02:17 +01:00
Simon Welsh
b0121b541c Add codesniffer that ensures indentation is with tabs. 2012-12-12 17:33:31 +13:00
Ingo Schommer
c55c7c33f8 Merge branch '3.0'
Conflicts:
	admin/code/CMSProfileController.php
	composer.json
	tests/model/DataObjectTest.php
2012-11-22 23:51:28 +01:00
Sean Harvey
aec59de955 Adding title to CMSProfileController so translations get default 2012-11-07 11:41:48 +13:00
Ingo Schommer
08832261c1 Fixed merge errors in CMSProfileController 2012-10-30 18:03:49 +01:00
Ingo Schommer
efabde1416 Merge remote-tracking branch 'origin/3.0'
Conflicts:
	admin/css/screen.css
	admin/scss/_style.scss
	security/Member.php
2012-10-30 17:52:49 +01:00
Saophalkun Ponlu
e3a27ea7da CMS member profile now is no longer in a popup (#7880) 2012-10-08 12:57:55 +02:00
Ingo Schommer
e2f073f38a Method visibility according to coding conventions 2012-09-20 10:46:59 +02:00
Simon Welsh
f8082e4814 MINOR Add newline to end of files without one 2012-04-15 10:50:19 +12:00
Ingo Schommer
2abb021efb BUGFIX Restored old permission code model, broken due to new controller structure. Introduced LeftAndMain::$required_permission_codes as a way to control permissions independently of subclasses, and "cluster" multiple classes under a single code. 2012-03-05 17:41:49 +01:00
Ingo Schommer
02e728fa08 BUGFIX Fixed visibility of admin/myprofile for non-admins by moving it to a new CMSProfileController class and overloaded canView() 2012-03-02 20:46:22 +01:00