Remove all top/bottom margins from buttons and apply to GridFieldButtonRow component. Ensure that all buttons are added to a suitable GridFieldButtonRow in ModelAdmin, SecurityAdmin and Group.
If there's validation errors in the ChangePasswordForm, the user
is taken to the BackURL because redirectBack() will go there if
it's set.
Instead of this, just redirect back to the "changepassword" action
on the Security controller.
Running Members() on a Group that has no Db record causes UnsavedRelationList to be returned by DirectMembers() which in turn causes alterDataQuery() to fall over when called on an UnsavedRelationList. This just adds a simple check to prevent it.
The call to Members() includes members of child groups, which was causing any members added through the grid field to be added to the child groups as well.
With this modification we can use Object::useCustomClass() to create a
custom ChangePasswordForm form:
Object::useCustomClass('ChangePasswordForm',
'CustomChangePasswordForm');
Disables ID based partial caching for all security actions so that actions such as Security/lostpassword and Security/passwordsent work properly even if partial caching is used.
permissionDenied only works if Security::permissionFailure() is called when
there's currently no logged in Member. This fixes it so failed attempts
with logged in Member also includes the permissionDenied hook.
In addition, fix an undefined $member variable
It would invalidate this view. Only allow group editing
for new members added to this group (with a group default),
and for members edited through the "root" view.
This will prevent empty passwords to set the encryption to 'none',
which in turn will store any subsequent password changes in cleartext.
Reproduceable e.g. with ConfirmedPasswordField and setCanBeEmpty(true).
Due to changed return value of DataObject::get(),
the (negated) check always returned false.
This wasn't noticed in 3.0 because Group->canEdit() is rarely
enforced, but does become noticeable in 3.1 where GridField
checks those object-level permissions.
Thanks to @purplespider for reporting!
Sometimes Page_Controller::init() will trigger a redirection. For example, it may redirect to a
canonical URL. In this case, the Security views, which co-opt Page_Controller, need to respect
this.
