mirror of
https://github.com/silverstripe/silverstripe-reports
synced 2024-10-22 11:05:53 +02:00
Merge pull request #1206 from ss23/permissions_fix
Fix duplicate not having the correct permission check
This commit is contained in:
commit
3ac29817ba
@ -1316,7 +1316,9 @@ class CMSMain extends LeftAndMain implements CurrentPageIdentifier, PermissionPr
|
|||||||
|
|
||||||
if(($id = $this->urlParams['ID']) && is_numeric($id)) {
|
if(($id = $this->urlParams['ID']) && is_numeric($id)) {
|
||||||
$page = DataObject::get_by_id("SiteTree", $id);
|
$page = DataObject::get_by_id("SiteTree", $id);
|
||||||
if($page && (!$page->canEdit() || !$page->canCreate())) return Security::permissionFailure($this);
|
if($page && (!$page->canEdit() || !$page->canCreate(null, array('Parent' => $page->Parent())))) {
|
||||||
|
return Security::permissionFailure($this);
|
||||||
|
}
|
||||||
if(!$page || !$page->ID) throw new SS_HTTPResponse_Exception("Bad record ID #$id", 404);
|
if(!$page || !$page->ID) throw new SS_HTTPResponse_Exception("Bad record ID #$id", 404);
|
||||||
|
|
||||||
$newPage = $page->duplicate();
|
$newPage = $page->duplicate();
|
||||||
@ -1352,7 +1354,9 @@ class CMSMain extends LeftAndMain implements CurrentPageIdentifier, PermissionPr
|
|||||||
increase_time_limit_to();
|
increase_time_limit_to();
|
||||||
if(($id = $this->urlParams['ID']) && is_numeric($id)) {
|
if(($id = $this->urlParams['ID']) && is_numeric($id)) {
|
||||||
$page = DataObject::get_by_id("SiteTree", $id);
|
$page = DataObject::get_by_id("SiteTree", $id);
|
||||||
if($page && (!$page->canEdit() || !$page->canCreate())) return Security::permissionFailure($this);
|
if($page && (!$page->canEdit() || !$page->canCreate(null, array('Parent' => $page->Parent())))) {
|
||||||
|
return Security::permissionFailure($this);
|
||||||
|
}
|
||||||
if(!$page || !$page->ID) throw new SS_HTTPResponse_Exception("Bad record ID #$id", 404);
|
if(!$page || !$page->ID) throw new SS_HTTPResponse_Exception("Bad record ID #$id", 404);
|
||||||
|
|
||||||
$newPage = $page->duplicateWithChildren();
|
$newPage = $page->duplicateWithChildren();
|
||||||
|
Loading…
Reference in New Issue
Block a user