Jump to:

17452 Posts in 4473 Topics by 1971 members

Archive

SilverStripe Forums » Archive » Possible Improvement to Security?

Our old forums are still available as a read-only archive.

Moderators: martimiz, Sean, biapar, Willr, Ingo, simon_w

Page: 1
Go to End
Author Topic: 1735 Views
  • MKayHavoc
    Avatar
    Community Member
    33 Posts

    Possible Improvement to Security? Link to this post

    Hi,

    Maybe you can already do this, if so please let me know how, but at the minute in SilverStripe you can set the Access options for a page to be accessibly to a specific group. However this setting doesn't pass down to Secondary, Tertiary etc pages below that page.

    Scenario, I want to create a group for a set of people to be able to edit one page and it's subsequent siblings. However if they create a page without setting the Access options to just be their group, people in other groups can edit that page.

    Potential update to silverstripe?

  • Willr
    Avatar
    Forum Moderator
    5508 Posts

    Re: Possible Improvement to Security? Link to this post

    Yes this would be a good feature - when you create a child page it defaults to the access info of the parent page.

    Make a ticket on Open.silverstripe.com as it would be good to see this.

  • Sean
    Avatar
    Forum Moderator
    921 Posts

    Re: Possible Improvement to Security? Link to this post

    Good point. I think, rather than it always default to it's parent access settings, there could be a checkbox (checked by default) which marks this has having inheritable access settings. If it's not checked, then subsequent pages that are created as children of the page don't inherit its settings.

    For now, you can always create your own custom code to do this. For example:

    function onBeforeWrite() {
       parent::onBeforeWrite();
       if($this->Parent()) {
          $this->EditorsGroup = $this->Parent()->EditorsGroup;
       }
    }

    This code would set the "EditorsGroup" field in the SiteTree table to the parent page's EditorsGroup field, if the parent exists. This would obviously not do anything for the root level pages in the tree.

    As willr said, please open a ticket on our open source tracker here: http://open.silverstripe.com/newticket

    Cheers,
    Sean

  • MKayHavoc
    Avatar
    Community Member
    33 Posts

    Re: Possible Improvement to Security? Link to this post

    I'm getting an Error: Forbidden when trying to create a new ticket for this? I've signed up.

    So were do I add that code? In the constructor of the Page.php.

  • MKayHavoc
    Avatar
    Community Member
    33 Posts

    Re: Possible Improvement to Security? Link to this post

    Were would I add in the onBeforeWrite function?

  • Hamish
    Avatar
    Community Member
    712 Posts
    1735 Views
Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.