Merge pull request #1206 from ss23/permissions_fix

Fix duplicate not having the correct permission check
This commit is contained in:
Damian Mooyman 2015-06-23 17:32:35 +12:00
commit 3ac29817ba

View File

@ -1316,7 +1316,9 @@ class CMSMain extends LeftAndMain implements CurrentPageIdentifier, PermissionPr
if(($id = $this->urlParams['ID']) && is_numeric($id)) { if(($id = $this->urlParams['ID']) && is_numeric($id)) {
$page = DataObject::get_by_id("SiteTree", $id); $page = DataObject::get_by_id("SiteTree", $id);
if($page && (!$page->canEdit() || !$page->canCreate())) return Security::permissionFailure($this); if($page && (!$page->canEdit() || !$page->canCreate(null, array('Parent' => $page->Parent())))) {
return Security::permissionFailure($this);
}
if(!$page || !$page->ID) throw new SS_HTTPResponse_Exception("Bad record ID #$id", 404); if(!$page || !$page->ID) throw new SS_HTTPResponse_Exception("Bad record ID #$id", 404);
$newPage = $page->duplicate(); $newPage = $page->duplicate();
@ -1352,7 +1354,9 @@ class CMSMain extends LeftAndMain implements CurrentPageIdentifier, PermissionPr
increase_time_limit_to(); increase_time_limit_to();
if(($id = $this->urlParams['ID']) && is_numeric($id)) { if(($id = $this->urlParams['ID']) && is_numeric($id)) {
$page = DataObject::get_by_id("SiteTree", $id); $page = DataObject::get_by_id("SiteTree", $id);
if($page && (!$page->canEdit() || !$page->canCreate())) return Security::permissionFailure($this); if($page && (!$page->canEdit() || !$page->canCreate(null, array('Parent' => $page->Parent())))) {
return Security::permissionFailure($this);
}
if(!$page || !$page->ID) throw new SS_HTTPResponse_Exception("Bad record ID #$id", 404); if(!$page || !$page->ID) throw new SS_HTTPResponse_Exception("Bad record ID #$id", 404);
$newPage = $page->duplicateWithChildren(); $newPage = $page->duplicateWithChildren();