From 82159e38d30deca5c6bc585f4ab1651c41a503ed Mon Sep 17 00:00:00 2001 From: Mateusz Uzdowski Date: Fri, 10 Jan 2014 09:28:35 +1300 Subject: [PATCH] Make canEdit fall back to session if the object's SubsiteID not there. This problem manifests when a GridField-managed relationship tries to create an object that references the container from canEdit - the container in this case has empty fields. An example of that is a HomePage with CarouselItem - if the CarouselItem::canEdit tries to call $this->Page()->canEdit(), the "Page" will be a dummy object, not the actual instance of the HomePage that's doing the manipulation. This is similar to the behaviour of SiteTree::canEdit, which solves this situation by falling back to "return $this->getSiteConfig()->canEdit($member);" --- code/extensions/SiteTreeSubsites.php | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/code/extensions/SiteTreeSubsites.php b/code/extensions/SiteTreeSubsites.php index a1cda6e..fed19ce 100644 --- a/code/extensions/SiteTreeSubsites.php +++ b/code/extensions/SiteTreeSubsites.php @@ -127,13 +127,25 @@ class SiteTreeSubsites extends DataExtension { * @return boolean */ function canEdit($member = null) { + if(!$member) $member = Member::currentUser(); // Find the sites that this user has access to $goodSites = Subsite::accessible_sites('CMS_ACCESS_CMSMain',true,'all',$member)->column('ID'); - + + if (!is_null($this->owner->SubsiteID)) { + $subsiteID = $this->owner->SubsiteID; + } else { + // The relationships might not be available during the record creation when using a GridField. + // In this case the related objects will have empty fields, and SubsiteID will not be available. + // + // We do the second best: fetch the likely SubsiteID from the session. The drawback is this might + // make it possible to force relations to point to other (forbidden) subsites. + $subsiteID = Subsite::currentSubsiteID(); + } + // Return true if they have access to this object's site - if(!(in_array(0, $goodSites) || in_array($this->owner->SubsiteID, $goodSites))) return false; + if(!(in_array(0, $goodSites) || in_array($subsiteID, $goodSites))) return false; } /**