mirror of
https://github.com/silverstripe/silverstripe-subsites
synced 2024-10-22 11:05:55 +02:00
FIX LeftAndMainSubsites::canAccess() now accepts a Member argument and falls back to the session member
This commit is contained in:
parent
1a5666182e
commit
4fdf2e24e3
@ -215,11 +215,16 @@ class LeftAndMainSubsites extends LeftAndMainExtension
|
||||
|
||||
/**
|
||||
* Check if the current controller is accessible for this user on this subsite.
|
||||
*
|
||||
* @param Member $member
|
||||
*/
|
||||
public function canAccess()
|
||||
public function canAccess(Member $member = null)
|
||||
{
|
||||
if (!$member) {
|
||||
$member = Security::getCurrentUser();
|
||||
}
|
||||
|
||||
// Admin can access everything, no point in checking.
|
||||
$member = Security::getCurrentUser();
|
||||
if ($member
|
||||
&& (Permission::checkMember($member, 'ADMIN') // 'Full administrative rights'
|
||||
|| Permission::checkMember($member, 'CMS_ACCESS_LeftAndMain') // 'Access to all CMS sections'
|
||||
@ -236,10 +241,12 @@ class LeftAndMainSubsites extends LeftAndMainExtension
|
||||
/**
|
||||
* Prevent accessing disallowed resources. This happens after onBeforeInit has executed,
|
||||
* so all redirections should've already taken place.
|
||||
*
|
||||
* @param Member $member
|
||||
*/
|
||||
public function alternateAccessCheck()
|
||||
public function alternateAccessCheck(Member $member = null)
|
||||
{
|
||||
return $this->owner->canAccess();
|
||||
return $this->owner->canAccess($member);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -9,6 +9,7 @@ use SilverStripe\CMS\Controllers\CMSPageEditController;
|
||||
use SilverStripe\Core\Config\Config;
|
||||
use SilverStripe\Dev\FunctionalTest;
|
||||
use SilverStripe\Security\Member;
|
||||
use SilverStripe\Subsites\Extensions\LeftAndMainSubsites;
|
||||
use SilverStripe\Subsites\Model\Subsite;
|
||||
use SilverStripe\Subsites\State\SubsiteState;
|
||||
|
||||
@ -100,4 +101,14 @@ class LeftAndMainSubsitesTest extends FunctionalTest
|
||||
$this->assertTrue($l->shouldChangeSubsite(CMSPageEditController::class, 1, 5));
|
||||
$this->assertFalse($l->shouldChangeSubsite(CMSPageEditController::class, 1, 1));
|
||||
}
|
||||
|
||||
public function testCanAccessWithPassedMember()
|
||||
{
|
||||
$memberID = $this->logInWithPermission('ADMIN');
|
||||
$member = Member::get()->byID($memberID);
|
||||
|
||||
/** @var LeftAndMain&LeftAndMainSubsites $leftAndMain */
|
||||
$leftAndMain = new LeftAndMain();
|
||||
$this->assertTrue($leftAndMain->canAccess($member));
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user