Commit Graph

53 Commits

Author SHA1 Message Date
Will Rossiter
0520b57f84 Merge pull request #145 from purplespider/patch-2
Fixes #135: LeftAndMain switching between subsites
2014-11-24 15:11:12 +13:00
Damian Mooyman
a97b0d33eb BUG Fix incompatibility with framework 3.2 2014-08-26 11:42:50 +12:00
Juul Hobert
2e32eab6ae Bugfix for urls with %28 in the url 2014-08-22 13:21:18 +02:00
Shoaib Ali
1f2cb4380d Removed hard coding of HTTP protocol 2014-08-18 21:03:52 +12:00
Stig Lindqvist
bd5bd877fd Security: XSS can be injected in the group edit view 2014-08-01 10:48:44 +12:00
James Cocker
47df87f62c Fixes #135: LeftAndMain switching between subsites
When trying to switch to a different subsite from a page's editing view, it wouldn't switch. This was partly due to a $record always existing due to the homepage fallback on currentPageID : https://github.com/silverstripe/silverstripe-cms/blob/3.1/code/controllers/CMSMain.php#L816

So as currentPage() couldn't actually be used to test for the existance of a current page, I've added in a check for isset($this->owner->urlParams['ID']).

I've also moved the check for $_GET['SubsiteID’] which indicated a forced subsite switch (eg. via the dropdown switcher) above the check for a current page, as it should take precedence, and it wasn't being run when both conditions matched causing the subsite not to change.

Tested changing subsites from /admin/pages, from page edit view, from a page edit URL, and from other CMS sections such as Files and Security, and all seems to be working perfectly now.
2014-06-04 16:41:28 +01:00
James Cocker
38e4bc196d Fixes #139 - Broken URL Segment CMS Links
Fixes issue #139 using normann's solution that seems to work perfectly with both long and short links.
2014-06-04 13:12:28 +01:00
Sean Harvey
4e20228c2e Merge pull request #132 from mateusz/session-can-edit
Make canEdit fall back to session if the object's SubsiteID not there.
2014-01-14 14:07:32 -08:00
Mateusz Uzdowski
82159e38d3 Make canEdit fall back to session if the object's SubsiteID not there.
This problem manifests when a GridField-managed relationship tries to
create an object that references the container from canEdit - the
container in this case has empty fields.

An example of that is a HomePage with CarouselItem - if the
CarouselItem::canEdit tries to call $this->Page()->canEdit(), the "Page"
will be a dummy object, not the actual instance of the HomePage that's
doing the manipulation.

This is similar to the behaviour of SiteTree::canEdit, which solves
this situation by falling back to "return
$this->getSiteConfig()->canEdit($member);"
2014-01-10 09:58:53 +13:00
Matt Peel
fb5d791444 BUGFIX: permissions to check the ‘CMS_ACCESS_LeftAndMain’ global permission.
‘CMS_ACCESS_LeftAndMain’ is used by the PermissionCheckboxSetField to allow
applicable Members to access all CMS sections. There are then further
permissions to restrict the Members (e.g. ‘CMS_ACCESS_LeftAndMain’ will give you
access to the ‘Pages’ section, but you still need the ‘Edit any page’ permission
to actually edit anything).

This patch ensures that the subsites module follows those permissions, and
doesn’t unnecessarily deny permission to legitimate users.
2014-01-10 09:31:44 +13:00
Matt Peel
083194857e Allow ‘ADMIN’ and ‘CMS_ACCESS_LeftAndMain’ access to CMS. Fixes CWPBUG-113.
Previously, only the global ‘ADMIN’ permission was allowing users to bypass the
stricter Permission check. We also need to allow the ‘CMS_ACCESS_LeftAndMain’
permission to bypass this check, as otherwise a user who is in a Group with the
‘Access to all CMS sections’ permission set (which only sets the
CMS_ACCESS_LeftAndMain permission code and no others) would be denied access to
the CMS for that sub site.
2014-01-09 17:12:47 +13:00
Mateusz Uzdowski
58b926af25 BUG Refactor the access checks and initial subsite redirections.
Remove the special AJAX handling to simplify the code. Now redirection
will be forced on any request that changes the subsite to re-synchronise
with the frontend.

Introduce canAccess method, and add it to alternateAccessCheck to make
sure this subsite-specific chceck is also done in situations that are
not captured by onBeforeInit.
2013-12-04 17:34:27 +13:00
Mateusz Uzdowski
aacaee08cd BUG Prevent session-interface mismatch.
Disables transparent subsite switch on AJAX requests.

Makes sure the subsite is appropriately set up when opening up the CMS
with a link to subsited object.
2013-11-08 11:37:10 +13:00
Ingo Schommer
5ff3b691d7 More globalisation 2013-10-30 13:44:06 +01:00
Ingo Schommer
7c100f90d2 Merge pull request #115 from mateusz/admin-access
Fix CMS Admin access issues
2013-10-23 01:34:30 +02:00
Mateusz Uzdowski
5b00ba352f API Refactor to always redirect to accessible Admin location.
Tries to find an accessible section in the current site, falls back to
searching across all sites and all sections.

Also adds more powerful and generic functionss:
Subsites::all_sites - get the full list
Subsites::all_accessible_sites - get Member accessible list
LeftAndMainExtension::sectionSites - get section-specific list
2013-10-16 16:40:20 +13:00
spronkey
23e9cd40a0 Better fix for #106 using DataQuery queryParams. Thanks simon_w 2013-09-12 15:33:18 +12:00
Naomi Guyer
37843f447e API: Subsite support for menu of cms (hide admins that don't declare support) (fixes #101 and #89 )
* Hide admins without subsite support from subsites menu
* Add subsite support to default site areas
* Enable reloading of subsites switcher dropdown when navigating the
site, and when editing subsite areas

API Fix parallel pjax menu fetching for subsites.
- thanks Mateusz!

Delint LeftAndMain_Subsites.js
2013-08-22 13:02:46 +12:00
Frank Mullenger
7bf6e89320 BUGFIX: Session var for active subsite out of sync with current subsite. Refs silverstripe/silverstripe-subsites#93. 2013-07-10 12:24:42 +02:00
Sean Harvey
b2ffb7c89e BUG Fixing "Add new" not adding the page to the correct subsite 2013-05-28 12:17:16 +12:00
Sean Harvey
1538e49e1b Merge pull request #90 from mateusz/previews-by-id
Change the preview iframe to use injected SubsiteID GET/POST params.
2013-05-25 18:29:59 -07:00
Mateusz Uzdowski
0fb49ba502 Change the preview iframe to use injected SubsiteID GET/POST params.
Use the CMS domain for fetching the preview content to avoid SSL
errors and single-origin violations on the iframe.
2013-05-26 13:18:52 +12:00
Naomi Guyer
3ad7ddcfce BUG: Subsite save SiteConfig overwrites MainSite SiteConfig (Issue #15)
Implemented the fix mentioned in the bug ticket within the subsites
settings extension (use current subsite id)
2013-05-24 16:26:57 +12:00
Sean Harvey
3c6000111c BUG FileSubsites doesn't respect $disable_subsite_filter 2013-05-09 12:18:48 +12:00
Sean Harvey
f35a42ec64 BUG LeftAndMainSubsites::Subsites() fails with limited CMS access
Users with non-ADMIN permissions won't see the dropdown of available
subsites, because LeftAndMainSubsites::Subsites() will check if
the user has a non-existent code CMS_ACCESS_CMSPagesController.

Fallback to checking required_permission_codes first, and failing
that, check for CMS_ACCESS_LeftAndMain
2013-05-08 15:36:18 +12:00
Sean Harvey
306cb79b19 Fixing more statics that weren't private, and nested_urls deprecated usage 2013-05-06 22:32:40 +12:00
Sean Harvey
8ffeeb1ee6 Fixing declaration of statics to private for 3.1+ compatibility 2013-05-06 22:21:09 +12:00
Sean Harvey
3275f4768c Removing underscore from "Default site" text 2013-05-06 22:04:42 +12:00
Sean Harvey
36f9547c8a Merge pull request #79 from adrexia/ui
Style site selector dropdown
2013-05-01 19:50:45 -07:00
Naomi Guyer
1a8122ea89 Style site selector dropdown
Made dropdown receive chzn, and applied a dark style to the dropdown to
match the ui of the cms
2013-05-01 17:04:41 +12:00
Sean Harvey
ffaaed072f Removing bits of test that broke because of removal of related pages 2013-05-01 17:01:56 +12:00
Sean Harvey
0247765563 API Removed related pages functionality, this is now a separate module
If you need this functionality still, please checkout
github.com/silverstripe-labs/silverstripe-subsites_relatedpages
2013-05-01 12:35:17 +12:00
Morven Lewis-Everley
5747704c97 Make LeftAndMain redirect direct to admin
Currently, using the Subsites dropdown in the admin interface causes the CMS to reload to admin/pages. This can cause issues if you have set another interface as your default (other than CMSMain).
2013-04-25 19:29:56 +02:00
Robert Curry
90c16117f3 Extension and config fixes for 3.1 2013-04-04 15:10:22 +13:00
Sean Harvey
0968eac399 BUG Fixing misspelled variable not being able to select subsite for Folder 2013-02-04 15:21:08 +13:00
Ingo Schommer
82f1d980e8 Merge remote-tracking branch 'origin/0.3'
Conflicts:
	code/SubsiteAdmin.php
	code/extensions/LeftAndMainSubsites.php
	code/extensions/SiteTreeSubsites.php
	code/model/Subsite.php
	composer.json
	javascript/SubsitesTreeDropdownField.js
	lang/en_US.php
	tests/SubsiteAdminTest.php
	tests/SubsiteTest.php
	tests/SubsiteTest.yml
	tests/SubsitesVirtualPageTest.php
2013-01-03 21:03:26 +01:00
Sean Harvey
cac77703ed BUG Fixing FileSubsites failing when deleting ImageTracking 2012-11-07 14:25:32 +13:00
Sean Harvey
3d59f10331 Merge pull request #63 from mateusz/top-level
BUG Switch the subsite on GET parameter only.
2012-11-04 17:31:37 -08:00
Mateusz Uzdowski
20ae380350 BUG Flip the conditional to restore the original intention.
The original intention was to skip if ImageTracking was found, but it
got broken on c9d3a1f8.
2012-11-02 15:32:31 +13:00
Mateusz Uzdowski
2488489e22 BUG Switch the subsite on GET parameter only.
This fixes the bug where creating the top level pages is broken whenever
subsites module is installed. This is because the SubsiteID is
explicitly specified on AddForm POST submission, which incorrectly
triggers a redirect from LeftAndMainSubsites::init and the form action
never has a chance to execute.

Also do not look at POST when checking for the current subsite ID.
2012-10-26 11:53:40 +13:00
Sean Harvey
d4faeac98f Merge branch 'master' of git://github.com/halkyon/silverstripe-subsites into halkyon-master 2012-10-12 15:09:38 +13:00
Sean Harvey
5e1906c9f4 BUG Fixing use of FormResponse, use X-Status header instead 2012-10-12 12:06:09 +13:00
Sean Harvey
6747ba65bb Fixing LeftAndMainSubsites using deprecated Director::redirect() 2012-10-12 11:06:23 +13:00
Sean Harvey
19a904d1d2 LeftAndMainSubsites failover if map() returns an array instead of an SS_Map 2012-10-12 11:05:00 +13:00
Sean Harvey
070eaf54ae Fixing deprecated call to Director::redirect() 2012-10-11 15:16:38 +13:00
Kirk Mayo
e7c5dd5d93 BUG: Fixing creating subsites from templates trac/7318 2012-07-18 12:21:35 +12:00
Kirk Mayo
c345f6fcc5 BUG: Coding convention fixes
BUG: more coding convention fixing
2012-07-16 11:44:54 +12:00
UndefinedOffset
ef4d539a12 BUG: Merged patch from kmayo how ever re-added some of the removed fields since they really should appear on the Main Content tab instead of the Metadata tab.
Fixed a few missed strict errors

Applied patch from kmayo to fix issues with SubsiteAdminTest.php

Fixed issue causing the url segments of subsites created from a template to add -2 to the end

Fixed undefined method TotalItems() on datalist for the SubsiteTest

Fixed failure on SubsiteTest because DataObject::get_one() now returns boolean false instead of null when no result is found

Fixed failure on SubsitesVirtualPageTest caused by Versioned::get_one_by_stage() returning null instead of false

Fixed failure caused by the contact-us page existing on subsite 2

Merged another patch from kmayo

Force main site to be on, for some reason it gets hidden in some cases i.e. refreshing the cms while editing a page
2012-07-16 11:21:54 +12:00
UndefinedOffset
598b0253f5 BUG: Coding convention updates 2012-07-16 11:21:30 +12:00
Ed
c9d3a1f854 BUG: More SS 3.0 modifications
Fixes for SS 3.0 beta 3

Fixed compatibility issues with ss3.0 rc1

fixed potential issue caused by the from array format changing in 3.0

Fixed strict standards warnings

Fixed strict notice "Only variables should be passed by reference"

Fixed strict notice "Only variables should be passed by reference"

Fixed strict notice caused by SubsiteAdmin not declaring all of the properties for getCMSFields()

Made Subsite::accessible_sites() static

Fixed issue caused when trying to add a domain before saving for the first time

Fixed undefined property ParentID
2012-07-16 11:21:24 +12:00