Theme/form not applying for Security::permissionFailure()

[dizzystuff]

Module version(s) affected

Description

When this module is installed, all /Security pages are rendered with the login-forms theme.

But, if you are sent to the not-authorised page, that is, if Security::permissionFailure() is triggered during your request, the login-forms theme is not used. The site's theme stack is used instead.

How to reproduce

In a standard basic install, with login-forms installed, add to your PageController:

public function index()
        {
            if (!Permission::check('ADMIN')) {
                return \SilverStripe\Security\Security::permissionFailure($this);
            }
            return [];
        }

Then as a non-admin user, go to the home page - the response will be rendered using the non-login-forms themes for the "You don't have access to this page" content.

In the same install, go to /Security/* - you will see the correct login-forms form/theme.

Possible Solution

Extending Security with this fixes the problem. I will add it to EnablerExtension in a PR for your consideration.

    public function onBeforeSecurityLogin()
    {
        $config = Config::inst();
        SSViewer::set_themes($config->get(EnablerExtension::class, 'login_themes'));
        Config::modify()->remove(Security::class, 'page_class');
    }

Additional Context

No response

Validations

• Check that there isn't already an issue that reports the same bug
• Double check that your reproduction steps work in a fresh installation of silverstripe/installer (with any code examples you've provided)

PRs

• FIX #189 - ensure themes are applied for Security::permissionFailure() calls #190

[GuySartorelli]

Thanks for reporting this and especially for working on a PR. I'll review that shortly.

Please fill in the "Module version(s) affected" section of the issue description.