mirror of
https://github.com/silverstripe/silverstripe-subsites
synced 2024-09-30 13:19:01 +02:00
Merge pull request #130 from madmatt/pulls/permission-fix
Allow ‘ADMIN’ and ‘CMS_ACCESS_LeftAndMain’ CMS access. Fixes CWPBUG-113
This commit is contained in:
commit
e5b72df1d4
@ -113,7 +113,7 @@ class FileSubsites extends DataExtension {
|
|||||||
return true;
|
return true;
|
||||||
} else {
|
} else {
|
||||||
Session::set('SubsiteID', $this->owner->SubsiteID);
|
Session::set('SubsiteID', $this->owner->SubsiteID);
|
||||||
$access = Permission::check('CMS_ACCESS_AssetAdmin');
|
$access = Permission::check(array('CMS_ACCESS_AssetAdmin', 'CMS_ACCESS_LeftAndMain'));
|
||||||
Session::set('SubsiteID', $subsiteID);
|
Session::set('SubsiteID', $subsiteID);
|
||||||
|
|
||||||
return $access;
|
return $access;
|
||||||
|
@ -165,10 +165,16 @@ class LeftAndMainSubsites extends Extension {
|
|||||||
function canAccess() {
|
function canAccess() {
|
||||||
// Admin can access everything, no point in checking.
|
// Admin can access everything, no point in checking.
|
||||||
$member = Member::currentUser();
|
$member = Member::currentUser();
|
||||||
if($member && Permission::checkMember($member, 'ADMIN')) return true;
|
if($member &&
|
||||||
|
(
|
||||||
|
Permission::checkMember($member, 'ADMIN') || // 'Full administrative rights' in SecurityAdmin
|
||||||
|
Permission::checkMember($member, 'CMS_ACCESS_LeftAndMain') // 'Access to all CMS sections' in SecurityAdmin
|
||||||
|
)) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
// Check if we have access to current section on the current subsite.
|
// Check if we have access to current section on the current subsite.
|
||||||
$accessibleSites = $this->owner->sectionSites($member);
|
$accessibleSites = $this->owner->sectionSites(true, "Main site", $member);
|
||||||
if ($accessibleSites->count() && $accessibleSites->find('ID', Subsite::currentSubsiteID())) {
|
if ($accessibleSites->count() && $accessibleSites->find('ID', Subsite::currentSubsiteID())) {
|
||||||
// Current section can be accessed on the current site, all good.
|
// Current section can be accessed on the current site, all good.
|
||||||
return true;
|
return true;
|
||||||
|
@ -308,7 +308,7 @@ class Subsite extends DataObject implements PermissionProvider {
|
|||||||
->leftJoin('Group_Subsites', "\"Group_Subsites\".\"SubsiteID\" = \"Subsite\".\"ID\"")
|
->leftJoin('Group_Subsites', "\"Group_Subsites\".\"SubsiteID\" = \"Subsite\".\"ID\"")
|
||||||
->innerJoin('Group', "\"Group\".\"ID\" = \"Group_Subsites\".\"GroupID\" OR \"Group\".\"AccessAllSubsites\" = 1")
|
->innerJoin('Group', "\"Group\".\"ID\" = \"Group_Subsites\".\"GroupID\" OR \"Group\".\"AccessAllSubsites\" = 1")
|
||||||
->innerJoin('Group_Members', "\"Group_Members\".\"GroupID\"=\"Group\".\"ID\" AND \"Group_Members\".\"MemberID\" = $member->ID")
|
->innerJoin('Group_Members', "\"Group_Members\".\"GroupID\"=\"Group\".\"ID\" AND \"Group_Members\".\"MemberID\" = $member->ID")
|
||||||
->innerJoin('Permission', "\"Group\".\"ID\"=\"Permission\".\"GroupID\" AND \"Permission\".\"Code\" IN ($SQL_codes, 'ADMIN')");
|
->innerJoin('Permission', "\"Group\".\"ID\"=\"Permission\".\"GroupID\" AND \"Permission\".\"Code\" IN ($SQL_codes, 'CMS_ACCESS_LeftAndMain', 'ADMIN')");
|
||||||
|
|
||||||
if(!$subsites) $subsites = new ArrayList();
|
if(!$subsites) $subsites = new ArrayList();
|
||||||
|
|
||||||
@ -319,7 +319,7 @@ class Subsite extends DataObject implements PermissionProvider {
|
|||||||
->innerJoin('Group_Members', "\"Group_Members\".\"GroupID\"=\"Group\".\"ID\" AND \"Group_Members\".\"MemberID\" = $member->ID")
|
->innerJoin('Group_Members', "\"Group_Members\".\"GroupID\"=\"Group\".\"ID\" AND \"Group_Members\".\"MemberID\" = $member->ID")
|
||||||
->innerJoin('Group_Roles', "\"Group_Roles\".\"GroupID\"=\"Group\".\"ID\"")
|
->innerJoin('Group_Roles', "\"Group_Roles\".\"GroupID\"=\"Group\".\"ID\"")
|
||||||
->innerJoin('PermissionRole', "\"Group_Roles\".\"PermissionRoleID\"=\"PermissionRole\".\"ID\"")
|
->innerJoin('PermissionRole', "\"Group_Roles\".\"PermissionRoleID\"=\"PermissionRole\".\"ID\"")
|
||||||
->innerJoin('PermissionRoleCode', "\"PermissionRole\".\"ID\"=\"PermissionRoleCode\".\"RoleID\" AND \"PermissionRoleCode\".\"Code\" IN ($SQL_codes, 'ADMIN')");
|
->innerJoin('PermissionRoleCode', "\"PermissionRole\".\"ID\"=\"PermissionRoleCode\".\"RoleID\" AND \"PermissionRoleCode\".\"Code\" IN ($SQL_codes, 'CMS_ACCESS_LeftAndMain', 'ADMIN')");
|
||||||
|
|
||||||
if(!$subsites && $rolesSubsites) return $rolesSubsites;
|
if(!$subsites && $rolesSubsites) return $rolesSubsites;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user