Hi,
in my opinion, it is not good that everybody has default access to all methods in every class (e.g. URL like domain.com/MyClass/myMethod). I think, there should be some kind of list of methods in every class, which can be accessed by URL. Something like

static $request_methods = array ('deleteitem',index',...);

Or every request can be redirected to the 'defaultAction' method, which can be like:

function defaultAction() {
$action = urlParams['Action'];
switch ($action) {
case 'index':
case 'search': $this->$action(); return;
}
$member = Member::currentUser();
if ($member && some permission) {
switch ($action) {
case 'delete':
case 'change': $this->$action(); return;
}
}
parent::defaultAction();
}
... , so the the finer security control can be implemented.

This is a good point. But I think that "allowed actions" is probably a better name than request methods.

Controller::run() would be the best place to put this logic.

But, for backward compatability, I think that we would need to make static $allowed_actions an optional setting - otherwise we risk breaking existing sites.

Perhaps SilverStripe could throw a warning when allowed_actions is missing from a controller?

Additionally, we could have static $allowed_actions = "none" to disable all access to the Controller.

Do you think access to "index" should be implicit, or should that be explicitly enabled?

Hi,

I do not think $allowed_actions should be optional. But yeah, the backward compatibility is the problem. There may be some warning, if the site is in the Dev or Test mode. It should not be difficult to make $allowed_actions for existing web sites.

I think access to "index" should be explicit, because one does not need to access "index" for DataObject (e.g. URL like "PageComment/index"). It may be implicitly enabled only for Pages (ContentController or ModelAsController?).

On a similar note, it would be good to have methods that can be accessed via navigation appear in the Insert-Link diaglogue inside the CMS.

For instance, you can only link to the "/admin/" (well, /security/login) or /ForumMemberProfile/register via an external link. It'd be great to have these included in the insert link dialogue for ease of use.

What about:

you must put things into /allowed actions/ ... if you don't you can access it but only be being logged in as an admin ?

It seems like it could be feasible to upgrade methods for 2.1 by putting notices in and having GSOCers rid the notices ... ?

I've got a different suggestion, why not give force developers to provide a _Controller class for each dataobject or page. This way only functions that are explicitly added to the _Controller can be executed.

This is probably a better design regardless due to it separating Control and Model more than it currently is. IMHO DataObject should not inherit controller.

I've attached a sample implementation of this at http://dev.wakeless.net/contentcontroller.diff it hasn't been heavily tested but it works