Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Archive /

Our old forums are still available as a read-only archive.

Moderators: martimiz, Sean, biapar, Willr, Ingo, simon_w

Adding permissions / permission codes


Reply


1517 Views

Avatar
dio5

Community Member, 501 Posts

2 December 2007 at 3:02am

Edited: 02/12/2007 8:11am

It's not quite clear to me on how to add permissions/permission codes.
AFAIK this is not possible from within the security section itself?

Then I tried this on page.php:

public function requireDefaultRecords()
   {
      parent::requireDefaultRecords();
      $code = "AUTHOR_BLOG";
      $AuthorGroup = DataObject::get_one("Group", "Code = 'authors'");
      if($AuthorGroup)
      {
         $auth_permission = DataObject::get_one("Permission", "GroupID = $AuthorGroup->ID AND Code = '{$code}'");
         if(!$auth_permission)
         {
            Permission::grant( $AuthorGroup->ID, $code );
         }
      }
   }


Is this the recommended way to do to set this?

It would make sense to set this in the backend security as an admin... (maybe it is but I didn't see it).

Another thing that isn't clear to me is the 'optional ID' field in the permissions tab... ?

To finish: why would I use Permission instead of just checking against a group code?

I'm even running into the next problem with it:

Let's say I have the method:

function canCreate()
   {
         if ( Permission::check("AUTHOR_BLOG") && $this->class != "Article")
         {
            return false;   
         }
         else
         {
            return true;
         }
   }


on my page.php. I want that authors can only create Article pagetypes. Then this is obviously not the way to do it, because now also Admins are restricted, because they have apparently all the permissions... so that would make me go back to checking for group-codes...

or I would have to do:

if ( Permission::check("AUTHOR_BLOG") && !Permission::check("ADMIN") && $this->class != "Article" )


but wouldn't checking for groupcode not be faster?