tonyair/silverstripe-reports
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-reports synced 2024-10-22 11:05:53 +02:00
Code Issues Projects Releases Wiki Activity

BUGFIX: Better handling of non-existent records in delete calls (if button is clicked twice)

Browse Source
This commit is contained in:
Ingo Schommer 2011-10-07 12:15:37 +02:00
parent 32ab772615
commit a93994f59e
1 changed files with 13 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
code/controllers/CMSMain.php
View File

@ -538,6 +538,7 @@ JS;
if(substr($SQL_id,0,3) != 'new') { if(substr($SQL_id,0,3) != 'new') {
$record = DataObject::get_by_id($className, $SQL_id); $record = DataObject::get_by_id($className, $SQL_id);
if($record && !$record->canEdit()) return Security::permissionFailure($this); if($record && !$record->canEdit()) return Security::permissionFailure($this);
if(!$record || !$record->ID) throw new HTTPResponse_Exception("Bad record ID #$SQL_id", 404);
} else { } else {
if(!singleton($this->stat('tree_class'))->canCreate()) return Security::permissionFailure($this); if(!singleton($this->stat('tree_class'))->canCreate()) return Security::permissionFailure($this);
$record = $this->getNewItem($SQL_id, false); $record = $this->getNewItem($SQL_id, false);
@ -748,7 +749,8 @@ JS;
public function revert($data, $form) { public function revert($data, $form) {
if(!isset($data['ID'])) return new SS_HTTPResponse("Please pass an ID in the form content", 400); if(!isset($data['ID'])) return new SS_HTTPResponse("Please pass an ID in the form content", 400);
$restoredPage = Versioned::get_latest_version("SiteTree", $data['ID']); $id = $data['ID'];
$restoredPage = Versioned::get_latest_version("SiteTree", $id);
if(!$restoredPage) return new SS_HTTPResponse("SiteTree #$id not found", 400); if(!$restoredPage) return new SS_HTTPResponse("SiteTree #$id not found", 400);
$record = Versioned::get_one_by_stage( $record = Versioned::get_one_by_stage(
@ -759,9 +761,8 @@ JS;
// a user can restore a page without publication rights, as it just adds a new draft state // a user can restore a page without publication rights, as it just adds a new draft state
// (this action should just be available when page has been "deleted from draft") // (this action should just be available when page has been "deleted from draft")
if(isset($record) && $record && !$record->canEdit()) { if($record && !$record->canEdit()) return Security::permissionFailure($this);
return Security::permissionFailure($this); if(!$record || !$record->ID) throw new HTTPResponse_Exception("Bad record ID #$id", 404);
}
$record->doRevertToLive(); $record->doRevertToLive();
@ -783,11 +784,13 @@ JS;
* @see deletefromlive() * @see deletefromlive()
*/ */
public function delete($data, $form) { public function delete($data, $form) {
$id = Convert::raw2sql($data['ID']);
$record = DataObject::get_one( $record = DataObject::get_one(
"SiteTree", "SiteTree",
sprintf("\"SiteTree\".\"ID\" = %d", Convert::raw2sql($data['ID'])) sprintf("\"SiteTree\".\"ID\" = %d", $id)
); );
if($record && !$record->canDelete()) return Security::permissionFailure(); if($record && !$record->canDelete()) return Security::permissionFailure();
if(!$record || !$record->ID) throw new HTTPResponse_Exception("Bad record ID #$id", 404);
// save ID and delete record // save ID and delete record
$recordID = $record->ID; $recordID = $record->ID;
@ -926,6 +929,7 @@ JS;
$record = DataObject::get_by_id($className, $data['ID']); $record = DataObject::get_by_id($className, $data['ID']);
if($record && !$record->canDeleteFromLive()) return Security::permissionFailure($this); if($record && !$record->canDeleteFromLive()) return Security::permissionFailure($this);
if(!$record || !$record->ID) throw new HTTPResponse_Exception("Bad record ID #" . (int)$data['ID'], 404);
$record->doUnpublish(); $record->doUnpublish();
@ -1185,9 +1189,8 @@ JS;
if(($id = $this->urlParams['ID']) && is_numeric($id)) { if(($id = $this->urlParams['ID']) && is_numeric($id)) {
$page = DataObject::get_by_id("SiteTree", $id); $page = DataObject::get_by_id("SiteTree", $id);
if($page && (!$page->canEdit() || !$page->canCreate())) { if($page && (!$page->canEdit() || !$page->canCreate())) return Security::permissionFailure($this);
return Security::permissionFailure($this); if(!$page || !$page->ID) throw new HTTPResponse_Exception("Bad record ID #$id", 404);
}
$newPage = $page->duplicate(); $newPage = $page->duplicate();
@ -1212,9 +1215,8 @@ JS;
if(($id = $this->urlParams['ID']) && is_numeric($id)) { if(($id = $this->urlParams['ID']) && is_numeric($id)) {
$page = DataObject::get_by_id("SiteTree", $id); $page = DataObject::get_by_id("SiteTree", $id);
if($page && (!$page->canEdit() || !$page->canCreate())) { if($page && (!$page->canEdit() || !$page->canCreate())) return Security::permissionFailure($this);
return Security::permissionFailure($this); if(!$page || !$page->ID) throw new HTTPResponse_Exception("Bad record ID #$id", 404);
}
$newPage = $page->duplicateWithChildren(); $newPage = $page->duplicateWithChildren();