mirror of
https://github.com/silverstripe/silverstripe-subsites
synced 2024-10-22 11:05:55 +02:00
Updated Group::canEdit() to only allow editing if you have CMS_ACCESS_SecurityAdmin access on the subsite that owns the group. This is useful for hiding 'global groups' from people that shouldn't edit them.
This commit is contained in:
parent
ea1bb7aada
commit
1400ba00b0
@ -44,6 +44,17 @@ class GroupSubsites extends DataObjectDecorator {
|
||||
function augmentBeforeWrite() {
|
||||
if(!is_numeric($this->owner->ID) && !$this->owner->SubsiteID) $this->owner->SubsiteID = Subsite::currentSubsiteID();
|
||||
}
|
||||
|
||||
function alternateCanEdit() {
|
||||
// Check the CMS_ACCESS_SecurityAdmin privileges on the subsite that owns this group
|
||||
$oldSubsiteID = Session::get('SubsiteID');
|
||||
|
||||
Session::set('SubsiteID', $this->owner->SubsiteID);
|
||||
$access = Permission::check('CMS_ACCESS_SecurityAdmin');
|
||||
Session::set('SubsiteID', $oldSubsiteID);
|
||||
|
||||
return $access;
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
Loading…
Reference in New Issue
Block a user