Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

BUGFIX Fixed visibility of admin/myprofile for non-admins by moving i…

…t to a new CMSProfileController class and overloaded canView()
  • Loading branch information...
commit 02e728fa085c4e106909042ae1f493c407bee291 1 parent 4662872
@chillu chillu authored
View
1  admin/_config.php
@@ -34,3 +34,4 @@
HtmlEditorConfig::get('cms')->removeButtons('tablecontrols');
HtmlEditorConfig::get('cms')->addButtonsToLine(3, 'tablecontrols');
+CMSMenu::remove_menu_item('CMSProfileController');
View
34 admin/code/CMSProfileController.php
@@ -0,0 +1,34 @@
+<?php
+class CMSProfileController extends LeftAndMain {
+
+ static $url_segment = 'myprofile';
+
+ public function index($request) {
+ $form = $this->Member_ProfileForm();
+ return $this->customise(array(
+ 'Content' => ' ',
+ 'Form' => $form
+ ))->renderWith('CMSDialog');
+ }
+
+ public function Member_ProfileForm() {
+ return new Member_ProfileForm($this, 'Member_ProfileForm', Member::currentUser());
+ }
+
+ function canView($member = null) {
+ if(!$member && $member !== FALSE) $member = Member::currentUser();
+
+ // cms menus only for logged-in members
+ if(!$member) return false;
+
+ // Only check for generic CMS permissions
+ if(
+ !Permission::checkMember($member, "CMS_ACCESS_LeftAndMain")
+ && !Permission::checkMember($member, "CMS_ACCESS_CMSMain")
+ ) {
+ return false;
+ }
+
+ return true;
+ }
+}
View
14 admin/code/LeftAndMain.php
@@ -73,10 +73,8 @@ class LeftAndMain extends Controller {
'savetreenode',
'getitem',
'getsubtree',
- 'myprofile',
'printable',
'show',
- 'Member_ProfileForm',
'EditorToolbar',
'EditForm',
'RootForm',
@@ -1106,18 +1104,6 @@ function BatchActionsForm() {
return $form;
}
- public function myprofile() {
- $form = $this->Member_ProfileForm();
- return $this->customise(array(
- 'Content' => ' ',
- 'Form' => $form
- ))->renderWith('CMSDialog');
- }
-
- public function Member_ProfileForm() {
- return new Member_ProfileForm($this, 'Member_ProfileForm', Member::currentUser());
- }
-
public function printable() {
$form = $this->getEditForm($this->currentPageID());
if(!$form) return false;
View
2  admin/templates/Includes/LeftAndMain_Menu.ss
@@ -12,7 +12,7 @@
<% control CurrentMember %>
<span>
<% _t('Hello','Hi') %>
- <a href="{$AbsoluteBaseURL}admin/settings/myprofile" class="profile-link ss-ui-dialog-link">
+ <a href="{$AbsoluteBaseURL}admin/myprofile" class="profile-link ss-ui-dialog-link">
<% if FirstName && Surname %>$FirstName $Surname<% else_if FirstName %>$FirstName<% else %>$Email<% end_if %>
</a>
</span>

1 comment on commit 02e728f

@sminnee
Owner

Looks good.

Please sign in to comment.
Something went wrong with that request. Please try again.