From 4249fffc0fe98384060f562e29884960e2a8e0cb Mon Sep 17 00:00:00 2001
From: Robbie Averill <robbie@silverstripe.com>
Date: Mon, 24 Jun 2019 10:19:58 +1200
Subject: [PATCH] FIX LeftAndMainSubsites::canAccess() now accepts a Member
 argument and falls back to the session member

---
 src/Extensions/LeftAndMainSubsites.php | 15 +++++++++++----
 tests/php/LeftAndMainSubsitesTest.php  | 11 +++++++++++
 2 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/src/Extensions/LeftAndMainSubsites.php b/src/Extensions/LeftAndMainSubsites.php
index a3dee3d..877e30e 100644
--- a/src/Extensions/LeftAndMainSubsites.php
+++ b/src/Extensions/LeftAndMainSubsites.php
@@ -215,11 +215,16 @@ class LeftAndMainSubsites extends LeftAndMainExtension
 
     /**
      * Check if the current controller is accessible for this user on this subsite.
+     *
+     * @param Member $member
      */
-    public function canAccess()
+    public function canAccess(Member $member = null)
     {
+        if (!$member) {
+            $member = Security::getCurrentUser();
+        }
+
         // Admin can access everything, no point in checking.
-        $member = Security::getCurrentUser();
         if ($member
             && (Permission::checkMember($member, [
                 'ADMIN', // Full administrative rights
@@ -238,10 +243,12 @@ class LeftAndMainSubsites extends LeftAndMainExtension
     /**
      * Prevent accessing disallowed resources. This happens after onBeforeInit has executed,
      * so all redirections should've already taken place.
+     *
+     * @param Member $member
      */
-    public function alternateAccessCheck()
+    public function alternateAccessCheck(Member $member = null)
     {
-        return $this->owner->canAccess();
+        return $this->owner->canAccess($member);
     }
 
     /**
diff --git a/tests/php/LeftAndMainSubsitesTest.php b/tests/php/LeftAndMainSubsitesTest.php
index 09df18f..ea60db5 100644
--- a/tests/php/LeftAndMainSubsitesTest.php
+++ b/tests/php/LeftAndMainSubsitesTest.php
@@ -9,6 +9,7 @@ use SilverStripe\CMS\Controllers\CMSPageEditController;
 use SilverStripe\Core\Config\Config;
 use SilverStripe\Dev\FunctionalTest;
 use SilverStripe\Security\Member;
+use SilverStripe\Subsites\Extensions\LeftAndMainSubsites;
 use SilverStripe\Subsites\Model\Subsite;
 use SilverStripe\Subsites\State\SubsiteState;
 
@@ -100,4 +101,14 @@ class LeftAndMainSubsitesTest extends FunctionalTest
         $this->assertTrue($l->shouldChangeSubsite(CMSPageEditController::class, 1, 5));
         $this->assertFalse($l->shouldChangeSubsite(CMSPageEditController::class, 1, 1));
     }
+
+    public function testCanAccessWithPassedMember()
+    {
+        $memberID = $this->logInWithPermission('ADMIN');
+        $member = Member::get()->byID($memberID);
+
+        /** @var LeftAndMain&LeftAndMainSubsites $leftAndMain */
+        $leftAndMain = new LeftAndMain();
+        $this->assertTrue($leftAndMain->canAccess($member));
+    }
 }