From 1d8b87e33f08a5f2684626dced1298dfe215dec2 Mon Sep 17 00:00:00 2001 From: Matias Griese Date: Mon, 3 Feb 2020 21:16:38 +0200 Subject: [PATCH] Fixed Flex Pages allowing root page to be deleted --- CHANGELOG.md | 1 + .../Grav/Framework/Flex/Pages/Traits/PageAuthorsTrait.php | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2c707d1c1..4e173c574 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ 1. [](#bugfix) * Regression: Flex not working in PHP 7.2 or older * Fixed creating first user from admin not clearing Flex User directory cache + * Fixed Flex Pages allowing root page to be deleted # v1.7.0-rc.4 ## 02/03/2020 diff --git a/system/src/Grav/Framework/Flex/Pages/Traits/PageAuthorsTrait.php b/system/src/Grav/Framework/Flex/Pages/Traits/PageAuthorsTrait.php index f4becbcc8..c9e2903b6 100644 --- a/system/src/Grav/Framework/Flex/Pages/Traits/PageAuthorsTrait.php +++ b/system/src/Grav/Framework/Flex/Pages/Traits/PageAuthorsTrait.php @@ -123,6 +123,11 @@ trait PageAuthorsTrait */ protected function isAuthorizedOverride(UserInterface $user, string $action, string $scope, bool $isMe): ?bool { + if ($action === 'delete' && $this->root()) { + // Do not allow deleting root. + return false; + } + $isAuthor = !$isMe || $user->authorized ? $this->hasAuthor($user->username) : false; return $this->isAuthorizedByGroup($user, $action, $scope, $isMe, $isAuthor) ?? parent::isAuthorizedOverride($user, $action, $scope, $isMe);