Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Merge pull request #132 from mateusz/session-can-edit

Make canEdit fall back to session if the object's SubsiteID not there.
  • Loading branch information...
commit 4e20228c2ee6dbc73514f037c50b017827634c17 2 parents e5b72df + 82159e3
@halkyon halkyon authored
Showing with 14 additions and 2 deletions.
  1. +14 −2 code/extensions/SiteTreeSubsites.php
View
16 code/extensions/SiteTreeSubsites.php
@@ -127,13 +127,25 @@ function alternateSiteConfig() {
* @return boolean
*/
function canEdit($member = null) {
+
if(!$member) $member = Member::currentUser();
// Find the sites that this user has access to
$goodSites = Subsite::accessible_sites('CMS_ACCESS_CMSMain',true,'all',$member)->column('ID');
-
+
+ if (!is_null($this->owner->SubsiteID)) {
+ $subsiteID = $this->owner->SubsiteID;
+ } else {
+ // The relationships might not be available during the record creation when using a GridField.
+ // In this case the related objects will have empty fields, and SubsiteID will not be available.
+ //
+ // We do the second best: fetch the likely SubsiteID from the session. The drawback is this might
+ // make it possible to force relations to point to other (forbidden) subsites.
+ $subsiteID = Subsite::currentSubsiteID();
+ }
+
// Return true if they have access to this object's site
- if(!(in_array(0, $goodSites) || in_array($this->owner->SubsiteID, $goodSites))) return false;
+ if(!(in_array(0, $goodSites) || in_array($subsiteID, $goodSites))) return false;
}
/**
Please sign in to comment.
Something went wrong with that request. Please try again.