‘CMS_ACCESS_LeftAndMain’ is used by the PermissionCheckboxSetField to allow
applicable Members to access all CMS sections. There are then further
permissions to restrict the Members (e.g. ‘CMS_ACCESS_LeftAndMain’ will give you
access to the ‘Pages’ section, but you still need the ‘Edit any page’ permission
to actually edit anything).
This patch ensures that the subsites module follows those permissions, and
doesn’t unnecessarily deny permission to legitimate users.
Previously, only the global ‘ADMIN’ permission was allowing users to bypass the
stricter Permission check. We also need to allow the ‘CMS_ACCESS_LeftAndMain’
permission to bypass this check, as otherwise a user who is in a Group with the
‘Access to all CMS sections’ permission set (which only sets the
CMS_ACCESS_LeftAndMain permission code and no others) would be denied access to
the CMS for that sub site.
From @hafriedlander:
Hi. Sorry, I was going to have a look at this on the back of that issue @chillu raised but you beat me to it. There's a couple of edge cases that aren't obvious that come from ChangeTrackerOptions being an object, and might need an Entwine API extension to fix nicely.
Objects in entwine properties are a bit dangerous, because javascript always passes them by reference instead of cloning them. Entwine also doesn't clone them when using them as default values.
The result is that this patch will repeatedly add that selector to the result every time getChangeTrackerOptions is called, so it'll be there once the first time it's called, twice the second, etc.
The right fix at the moment would look like:
```php
$('.cms-edit-form').entwine({
getChangeTrackerOptions: function() {
// Figure out if we're still returning the default value
var isDefault = (this.entwineData('ChangeTrackerOptions') === undefined);
// Get the current options
var opts = this._super();
if (isDefault) {
// If it is the default then...
// clone the object (so we don't modify the original),
var opts = $.extend({}, opts);
// modify it,
opts.ignoreFieldSelector +=', input[name=IsSubsite]';
// then set the clone as the value on this element
// (so next call to this method gets this same clone)
this.setChangeTrackerOptions(opts);
}
return opts;
});
```
This is super ugly though, non-obvious, and could maybe be handled better in the entwine layer.
See https://github.com/silverstripe/silverstripe-subsites/pull/125
Remove the special AJAX handling to simplify the code. Now redirection
will be forced on any request that changes the subsite to re-synchronise
with the frontend.
Introduce canAccess method, and add it to alternateAccessCheck to make
sure this subsite-specific chceck is also done in situations that are
not captured by onBeforeInit.
This causes issues with Security::findAnAdmistrator which incorrectly
forces the current session-stored subsite to 0 - it uses
Subsite::currentSubsiteID before the session support is enabled, and
hence obtains wrong value.
The TEMPLATE.ss.ENTITY wording stuffs up the YAML
parser in transifex, which made most translations
invisible to SilverStripe since they're indented wrongly.
Also removed empty FR file since Transifex complains about it on upload.
Disables transparent subsite switch on AJAX requests.
Makes sure the subsite is appropriately set up when opening up the CMS
with a link to subsited object.
Tries to find an accessible section in the current site, falls back to
searching across all sites and all sections.
Also adds more powerful and generic functionss:
Subsites::all_sites - get the full list
Subsites::all_accessible_sites - get Member accessible list
LeftAndMainExtension::sectionSites - get section-specific list
* Updated graphics
* Updated information around global dropdown
* Added Information about supporting subsites in modeladmins
* Changed 'working.md' to 'working_with.md', for clearer menu naming
* Hide admins without subsite support from subsites menu
* Add subsite support to default site areas
* Enable reloading of subsites switcher dropdown when navigating the
site, and when editing subsite areas
API Fix parallel pjax menu fetching for subsites.
- thanks Mateusz!
Delint LeftAndMain_Subsites.js
They use all kinds of outdated APIs (in test system and CMS controllers),
and the function rename makes it unclear that they're actually disabled.
These kinds of tests should be performed through Behat anyway.