Skip to content

Commit

Permalink
fix: require the correct permission to access extensions settings page (
Browse files Browse the repository at this point in the history 
#424)

* Change implementation of extensions permissions

Allow the user to manage the settings for an extension (available on settings page), if they have permission to access settings and permissions on the setting itself.

This amends current behaviour which requires user to have permission on Admin.Extensions to be able to access and modify Settings for an extension.

* Change required permissions

* Don't need Site.Settings check

* Bring it back :)
  • Loading branch information
@ryanmitchell
ryanmitchell authored Jul 2, 2020
1 parent 48e1e0c commit 6adf0e0
Showing 1 changed file with 11 additions and 2 deletions.
13 changes: 11 additions & 2 deletions app/system/controllers/Extensions.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ class Extensions extends \Admin\Classes\AdminController
],
];

protected $requiredPermissions = 'Admin.Extensions';
protected $requiredPermissions = ['Admin.Extensions', 'Site.Settings'];

/**
* @var \Admin\Widgets\Form
Expand All @@ -52,13 +52,19 @@ public function __construct()

public function index()
{
if (!$this->getUser()->hasPermission('Admin.Extensions'))
throw new SystemException(lang('admin::lang.alert_user_restricted'));

Extensions_model::syncAll();

$this->asExtension('ListController')->index();
}

public function edit($action, $vendor = null, $extension = null, $context = null)
{
if (!$this->getUser()->hasPermission('Site.Settings'))
throw new SystemException(lang('admin::lang.alert_user_restricted'));

AdminMenu::setContext('settings', 'system');

try {
Expand Down Expand Up @@ -89,6 +95,9 @@ public function edit($action, $vendor = null, $extension = null, $context = null

public function delete($context, $extensionCode = null)
{
if (!$this->getUser()->hasPermission('Admin.Extensions'))
throw new SystemException(lang('admin::lang.alert_user_restricted'));

try {
$pageTitle = lang('system::lang.extensions.text_delete_title');
Template::setTitle($pageTitle);
Expand Down Expand Up @@ -320,4 +329,4 @@ protected function extensionHasMigrations($extension)
return FALSE;
}
}
}
}

0 comments on commit 6adf0e0

Please sign in to comment.