It's not quite clear to me on how to add permissions/permission codes.
AFAIK this is not possible from within the security section itself?
Then I tried this on page.php:
public function requireDefaultRecords()
{
parent::requireDefaultRecords();
$code = "AUTHOR_BLOG";
$AuthorGroup = DataObject::get_one("Group", "Code = 'authors'");
if($AuthorGroup)
{
$auth_permission = DataObject::get_one("Permission", "GroupID = $AuthorGroup->ID AND Code = '{$code}'");
if(!$auth_permission)
{
Permission::grant( $AuthorGroup->ID, $code );
}
}
}
Is this the recommended way to do to set this?
It would make sense to set this in the backend security as an admin... (maybe it is but I didn't see it).
Another thing that isn't clear to me is the 'optional ID' field in the permissions tab... ?
To finish: why would I use Permission instead of just checking against a group code?
I'm even running into the next problem with it:
Let's say I have the method:
function canCreate()
{
if ( Permission::check("AUTHOR_BLOG") && $this->class != "Article")
{
return false;
}
else
{
return true;
}
}
on my page.php. I want that authors can only create Article pagetypes. Then this is obviously not the way to do it, because now also Admins are restricted, because they have apparently all the permissions... so that would make me go back to checking for group-codes...
or I would have to do:
if ( Permission::check("AUTHOR_BLOG") && !Permission::check("ADMIN") && $this->class != "Article" )
but wouldn't checking for groupcode not be faster?