Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We've moved the forum!

Please use forum.silverstripe.org for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

Archive /

Our old forums are still available as a read-only archive.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo

Adding permissions / permission codes


Go to End


1861 Views

Avatar
dio5

Community Member, 501 Posts

2 December 2007 at 3:02am

Edited: 02/12/2007 8:11am

It's not quite clear to me on how to add permissions/permission codes.
AFAIK this is not possible from within the security section itself?

Then I tried this on page.php:

public function requireDefaultRecords()
	{
		parent::requireDefaultRecords();
		$code = "AUTHOR_BLOG";
		$AuthorGroup = DataObject::get_one("Group", "Code = 'authors'");
		if($AuthorGroup) 
		{
			$auth_permission = DataObject::get_one("Permission", "GroupID = $AuthorGroup->ID AND Code = '{$code}'");
			if(!$auth_permission)
			{
				Permission::grant( $AuthorGroup->ID, $code );
			}
		}
	}

Is this the recommended way to do to set this?

It would make sense to set this in the backend security as an admin... (maybe it is but I didn't see it).

Another thing that isn't clear to me is the 'optional ID' field in the permissions tab... ?

To finish: why would I use Permission instead of just checking against a group code?

I'm even running into the next problem with it:

Let's say I have the method:

function canCreate()
	{
			if ( Permission::check("AUTHOR_BLOG") && $this->class != "Article")
			{
				return false;	
			}
			else
			{
				return true;
			}
	}

on my page.php. I want that authors can only create Article pagetypes. Then this is obviously not the way to do it, because now also Admins are restricted, because they have apparently all the permissions... so that would make me go back to checking for group-codes...

or I would have to do:

if ( Permission::check("AUTHOR_BLOG")  && !Permission::check("ADMIN") && $this->class != "Article" )

but wouldn't checking for groupcode not be faster?