From 083194857ee9770b160035e2a3d59491abd1454b Mon Sep 17 00:00:00 2001 From: Matt Peel Date: Thu, 9 Jan 2014 17:12:47 +1300 Subject: [PATCH] =?UTF-8?q?Allow=20=E2=80=98ADMIN=E2=80=99=20and=20?= =?UTF-8?q?=E2=80=98CMS=5FACCESS=5FLeftAndMain=E2=80=99=20access=20to=20CM?= =?UTF-8?q?S.=20Fixes=20CWPBUG-113.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Previously, only the global ‘ADMIN’ permission was allowing users to bypass the stricter Permission check. We also need to allow the ‘CMS_ACCESS_LeftAndMain’ permission to bypass this check, as otherwise a user who is in a Group with the ‘Access to all CMS sections’ permission set (which only sets the CMS_ACCESS_LeftAndMain permission code and no others) would be denied access to the CMS for that sub site. --- code/extensions/LeftAndMainSubsites.php | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/code/extensions/LeftAndMainSubsites.php b/code/extensions/LeftAndMainSubsites.php index 7a1fb69..dd4fc20 100644 --- a/code/extensions/LeftAndMainSubsites.php +++ b/code/extensions/LeftAndMainSubsites.php @@ -165,10 +165,16 @@ class LeftAndMainSubsites extends Extension { function canAccess() { // Admin can access everything, no point in checking. $member = Member::currentUser(); - if($member && Permission::checkMember($member, 'ADMIN')) return true; + if($member && + ( + Permission::checkMember($member, 'ADMIN') || // 'Full administrative rights' in SecurityAdmin + Permission::checkMember($member, 'CMS_ACCESS_LeftAndMain') // 'Access to all CMS sections' in SecurityAdmin + )) { + return true; + } // Check if we have access to current section on the current subsite. - $accessibleSites = $this->owner->sectionSites($member); + $accessibleSites = $this->owner->sectionSites(true, "Main site", $member); if ($accessibleSites->count() && $accessibleSites->find('ID', Subsite::currentSubsiteID())) { // Current section can be accessed on the current site, all good. return true;