Merge pull request #1027 from mattclegg/1587778050

ENH Make CMSProfileController use required_permission_codes
silverstripe · Aug 17, 2023 · 5c41e60 · 5c41e60
2 parents 8d6d4ea + b001d48
commit 5c41e60
Showing 1 changed file with 6 additions and 10 deletions.
diff --git a/code/CMSProfileController.php b/code/CMSProfileController.php
@@ -18,7 +18,7 @@ class CMSProfileController extends LeftAndMain
 
     private static $menu_title = 'My Profile';
 
-    private static $required_permission_codes = false;
+    private static $required_permission_codes = 'CMS_ACCESS';
 
     private static $tree_class = Member::class;
 
@@ -59,23 +59,19 @@ public function getEditForm($id = null, $fields = null)
 
     public function canView($member = null)
     {
+        $currentUser = Security::getCurrentUser();
+
         if (!$member && $member !== false) {
-            $member = Security::getCurrentUser();
+            $member = $currentUser;
         }
 
         // cms menus only for logged-in members
         if (!$member) {
             return false;
         }
 
-        // Check they can access the CMS and that they are trying to edit themselves
-        if (Permission::checkMember($member, "CMS_ACCESS")
-            && $member->ID === Security::getCurrentUser()->ID
-        ) {
-            return true;
-        }
-
-        return false;
+        // Check they are trying to edit themselves and they have permissions
+        return $member->ID === $currentUser->ID && parent::canView($member);
     }
 
     public function save(array $data, Form $form): HTTPResponse