21286 Posts in 5733 Topics by 2602 members
|
Page:
1
|
Go to End | |
| Author | Topic: | 1267 Views |
-
Forbid an action on a class using allowed_actions
12 October 2010 at 3:14pm
Using this example setup:
Page_Controller::$allowed_actions = array('index', 'tag');
class SubPage_Controller extends Page_Controller {
}How can I ensure the action "date" isn't allowed on SubPage?
/my-subpage/date
I'm looking in RequestHandler::checkAccessAction() and it looks like - because SubPage_Controller doesn't explicitly define any allowed_actions, and because there's no method for this non-existent "date" action, that the date action is allowed.
Oddly, I can avoid that by declaring another unrelated allowed action, or by re-declaring the ones from the parent.
e.g.
SubPage_Controller::$allowed_actions = array('index');
or
SubPage_Controller::$allowed_action = array('apple');This is a little confusing to me. Surely if an action isn't in $allowed_actions, it's not allowed? The inline comment is "Return true so that a template can handle this action", but my only response to that is "wtf".
Thanks in advance for any help or explanation.
-
Re: Forbid an action on a class using allowed_actions
12 October 2010 at 4:21pm Last edited: 12 October 2010 4:22pm
I believe this is coming from a legacy issue - because a lot of projects never had allowed_actions it broke applications left, right and center when it was added to the core, so to prevent apps from breaking if no allowed actions are defined on a controller then it doesn't check the action permissions. Haven't played around with checking if it respects the parent controller allowed action though so that could still be a bug.
| 1267 Views | ||
|
Page:
1
|
Go to Top |
