17488 Posts in 4473 Topics by 1978 members
|
Page:
1
|
Go to End | |
| Author | Topic: | 1274 Views |
-
discrete user access
5 July 2008 at 5:10am
i have an upcoming project that is going to require what essentially boils down to an editable user page for 200+ users. something like www.mysite.com/mypage
the mypage section needs to be editable by the user of that page and by the site admin, but no one else. the owner of the mypage section should also only be allowed to see/edit their page in the admin console. based on the last site i did with silverstripe it would appear i need to create a group for each user in order to limit their access to a single page. is that correct or have i missed something?
-
Re: discrete user access
5 July 2008 at 10:52am
Yes, we don't do permissions by user - if you want to use the built-in permission controls, that means one group per user. for the frontend it would be possible to customize this in your Page_Controller->init() method (and some custom page-relation-fields on the Member object). in the backend this level of customization would be tricky though.
ideally the sitetree and cms UI would query the canView()/canEdit()/canDelete() methods on each Page object, which you could then overload to check for a specific user-id etc. - but thats not implemented yet afaik.
-
Re: discrete user access
7 July 2008 at 1:41pm Last edited: 7 July 2008 1:42pm
Another solution here is to overload the Page::canEdit() method - make this return true when the currently logged-in user is allowed to edit the current page.
The CMS will automatically update itself in response to this value. Please note that in defining this method you will be overriding the built-in permission control on page editing. You might want to limit this functionality to a custom page class.
Here's a little example to get you started.
function canEdit() {
return Permission::check("ADMIN") || ($this->OwnerID && $this->OwnerID = Member::currentUserID());
}
| 1274 Views | ||
|
Page:
1
|
Go to Top |
