Login | Forgot password | Register

X

What is OpenID?

OpenID is an Internet-wide identity system that allows you to sign in to many websites with a single account.

With OpenID, your ID becomes a URL (e.g. http://username.myopenid.com/). You can get a free OpenID for example from myopenid.com.

For more information visit the official OpenID site.

Jump to:

17480 Posts in 4474 Topics by 1973 members

Archive

SilverStripe Forums » Archive » discrete user access

Our old forums are still available as a read-only archive.

Page: 1
Go to End
Author Topic: discrete user access 604 Views
  • dashiel
    avatar
    Community Member
    13 posts

    discrete user access Link to this post

    5 July 2008 at 5:10am

    i have an upcoming project that is going to require what essentially boils down to an editable user page for 200+ users. something like www.mysite.com/mypage

    the mypage section needs to be editable by the user of that page and by the site admin, but no one else. the owner of the mypage section should also only be allowed to see/edit their page in the admin console. based on the last site i did with silverstripe it would appear i need to create a group for each user in order to limit their access to a single page. is that correct or have i missed something?

  • Ingo
    avatar
    Administrator
    508 posts

    Re: discrete user access Link to this post

    5 July 2008 at 10:52am

    Yes, we don't do permissions by user - if you want to use the built-in permission controls, that means one group per user. for the frontend it would be possible to customize this in your Page_Controller->init() method (and some custom page-relation-fields on the Member object). in the backend this level of customization would be tricky though.

    ideally the sitetree and cms UI would query the canView()/canEdit()/canDelete() methods on each Page object, which you could then overload to check for a specific user-id etc. - but thats not implemented yet afaik.

  • Sam
    avatar
    Administrator
    636 posts

    Re: discrete user access Link to this post

    7 July 2008 at 1:41pm Last edited: 7 July 2008 1:42pm

    Another solution here is to overload the Page::canEdit() method - make this return true when the currently logged-in user is allowed to edit the current page.

    The CMS will automatically update itself in response to this value. Please note that in defining this method you will be overriding the built-in permission control on page editing. You might want to limit this functionality to a custom page class.

    Here's a little example to get you started.

    function canEdit() {
    return Permission::check("ADMIN") || ($this->OwnerID && $this->OwnerID = Member::currentUserID());
    }

    604 Views
Page: 1
Go to Top

Currently Online: JoshuaLewis, NickJacobs

Welcome to our latest member: marcusl

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.