Allow ‘ADMIN’ and ‘CMS_ACCESS_LeftAndMain’ access to CMS. Fixes CWPBUG-113.

Previously, only the global ‘ADMIN’ permission was allowing users to bypass the
stricter Permission check. We also need to allow the ‘CMS_ACCESS_LeftAndMain’
permission to bypass this check, as otherwise a user who is in a Group with the
‘Access to all CMS sections’ permission set (which only sets the
CMS_ACCESS_LeftAndMain permission code and no others) would be denied access to
the CMS for that sub site.
This commit is contained in:
Matt Peel 2014-01-09 17:12:47 +13:00
parent d21c92a9e3
commit 083194857e

View File

@ -165,10 +165,16 @@ class LeftAndMainSubsites extends Extension {
function canAccess() {
// Admin can access everything, no point in checking.
$member = Member::currentUser();
if($member && Permission::checkMember($member, 'ADMIN')) return true;
if($member &&
(
Permission::checkMember($member, 'ADMIN') || // 'Full administrative rights' in SecurityAdmin
Permission::checkMember($member, 'CMS_ACCESS_LeftAndMain') // 'Access to all CMS sections' in SecurityAdmin
)) {
return true;
}
// Check if we have access to current section on the current subsite.
$accessibleSites = $this->owner->sectionSites($member);
$accessibleSites = $this->owner->sectionSites(true, "Main site", $member);
if ($accessibleSites->count() && $accessibleSites->find('ID', Subsite::currentSubsiteID())) {
// Current section can be accessed on the current site, all good.
return true;