Browse files

Fixed delete from table list bug

Signed-off-by: Aram Balakjian <aram@aabweb.co.uk>
  • Loading branch information...
1 parent 12bb1c3 commit b9c23e6af506617541dcf8018548574e88f7d501 Aram Balakjian committed Feb 6, 2012
Showing with 48 additions and 6 deletions.
  1. +28 −0 code/Forms/DataObjectAsPageTableField.php
  2. +20 −6 code/ModelAdmin/DataObjectAsPageAdmin.php
View
28 code/Forms/DataObjectAsPageTableField.php
@@ -0,0 +1,28 @@
+<?php
+
+class DataObjectAsPageTableField extends TableListField {
+
+ function handleItem($request) {
+ return new DataObjectAsPageTableField_ItemRequest($this, $request->param('ID'));
+ }
+}
+
+/**
+ * @package forms
+ * @subpackage fields-relational
+ */
+class DataObjectAsPageTableField_ItemRequest extends TableListField_ItemRequest {
+
+ function delete($request) {
+ // Protect against CSRF on destructive action
+ $token = $this->ctf->getForm()->getSecurityToken();
+ if(!$token->checkRequest($request)) return $this->httpError('400');
+
+ if($this->ctf->Can('delete') !== true) {
+ return false;
+ }
+
+ $this->dataObj()->doDelete();
+ }
+}
+?>
View
26 code/ModelAdmin/DataObjectAsPageAdmin.php
@@ -3,6 +3,7 @@
class DataObjectAsPageAdmin extends ModelAdmin
{
public static $record_controller_class = "DataObjectAsPageAdmin_RecordController";
+ protected $resultsTableClassName = 'DataObjectAsPageTableField';
public function init()
{
@@ -18,9 +19,14 @@ class DataObjectAsPageAdmin_RecordController extends ModelAdmin_RecordController
{
public function doPublish($data, $form, $request)
{
- $form->saveInto($this->currentRecord);
+ $record = $this->currentRecord;
+
+ if($record && !$record->canPublish())
+ return Security::permissionFailure($this);
+
+ $form->saveInto($record);
- $this->currentRecord->doPublish();
+ $record->doPublish();
if(Director::is_ajax()) {
return $this->edit($request);
@@ -31,9 +37,12 @@ public function doPublish($data, $form, $request)
public function doUnpublish($data, $form, $request)
{
- $form->saveInto($this->currentRecord);
+ $record = $this->currentRecord;
- $this->currentRecord->doUnpublish();
+ if($record && !$record->canDeleteFromLive())
+ return Security::permissionFailure($this);
+
+ $record->doUnpublish();
if(Director::is_ajax()) {
return $this->edit($request);
@@ -44,7 +53,12 @@ public function doUnpublish($data, $form, $request)
public function doDelete($data, $form, $request)
{
- $this->currentRecord->doDelete();
+ $record = $this->currentRecord;
+
+ if($record && !$record->canDelete())
+ return Security::permissionFailure();
+
+ $record->doDelete();
if(Director::is_ajax()) {
$this->edit($request);
@@ -54,7 +68,7 @@ public function doDelete($data, $form, $request)
}
public function duplicate($data, $form, $request) {
-
+
//Duplicate the object
$Clone = $this->currentRecord->duplicate();

0 comments on commit b9c23e6

Please sign in to comment.