From b001d487118801ceaec388a0c22ec42840ce4e80 Mon Sep 17 00:00:00 2001 From: mattclegg Date: Sat, 25 Apr 2020 07:17:39 +0545 Subject: [PATCH] ENH Make CMSProfileController use required_permission_codes --- code/CMSProfileController.php | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/code/CMSProfileController.php b/code/CMSProfileController.php index 361a89579..8967de739 100644 --- a/code/CMSProfileController.php +++ b/code/CMSProfileController.php @@ -18,7 +18,7 @@ class CMSProfileController extends LeftAndMain private static $menu_title = 'My Profile'; - private static $required_permission_codes = false; + private static $required_permission_codes = 'CMS_ACCESS'; private static $tree_class = Member::class; @@ -59,8 +59,10 @@ public function getEditForm($id = null, $fields = null) public function canView($member = null) { + $currentUser = Security::getCurrentUser(); + if (!$member && $member !== false) { - $member = Security::getCurrentUser(); + $member = $currentUser; } // cms menus only for logged-in members @@ -68,14 +70,8 @@ public function canView($member = null) return false; } - // Check they can access the CMS and that they are trying to edit themselves - if (Permission::checkMember($member, "CMS_ACCESS") - && $member->ID === Security::getCurrentUser()->ID - ) { - return true; - } - - return false; + // Check they are trying to edit themselves and they have permissions + return $member->ID === $currentUser->ID && parent::canView($member); } public function save(array $data, Form $form): HTTPResponse