Jump to:

17452 Posts in 4473 Topics by 1971 members

Archive

SilverStripe Forums » Archive » discrete user access

Our old forums are still available as a read-only archive.

Moderators: martimiz, Sean, biapar, Willr, Ingo, simon_w

Page: 1
Go to End
Author Topic: 1488 Views
  • dashiel
    Avatar
    Community Member
    13 Posts

    discrete user access Link to this post

    i have an upcoming project that is going to require what essentially boils down to an editable user page for 200+ users. something like www.mysite.com/mypage

    the mypage section needs to be editable by the user of that page and by the site admin, but no one else. the owner of the mypage section should also only be allowed to see/edit their page in the admin console. based on the last site i did with silverstripe it would appear i need to create a group for each user in order to limit their access to a single page. is that correct or have i missed something?

  • Ingo
    Avatar
    Forum Moderator
    801 Posts

    Re: discrete user access Link to this post

    Yes, we don't do permissions by user - if you want to use the built-in permission controls, that means one group per user. for the frontend it would be possible to customize this in your Page_Controller->init() method (and some custom page-relation-fields on the Member object). in the backend this level of customization would be tricky though.

    ideally the sitetree and cms UI would query the canView()/canEdit()/canDelete() methods on each Page object, which you could then overload to check for a specific user-id etc. - but thats not implemented yet afaik.

  • Sam
    Avatar
    Administrator
    679 Posts

    Re: discrete user access Link to this post

    Another solution here is to overload the Page::canEdit() method - make this return true when the currently logged-in user is allowed to edit the current page.

    The CMS will automatically update itself in response to this value. Please note that in defining this method you will be overriding the built-in permission control on page editing. You might want to limit this functionality to a custom page class.

    Here's a little example to get you started.

    function canEdit() {
    return Permission::check("ADMIN") || ($this->OwnerID && $this->OwnerID = Member::currentUserID());
    }

    1488 Views
Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.