Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Archive

Our old forums are still available as a read-only archive.

Moderators: martimiz, Sean, biapar, Willr, Ingo, simon_w

discrete user access


Reply

3 Posts   1516 Views

Avatar
dashiel

5 July 2008 at 5:10am Community Member, 13 Posts

i have an upcoming project that is going to require what essentially boils down to an editable user page for 200+ users. something like www.mysite.com/mypage

the mypage section needs to be editable by the user of that page and by the site admin, but no one else. the owner of the mypage section should also only be allowed to see/edit their page in the admin console. based on the last site i did with silverstripe it would appear i need to create a group for each user in order to limit their access to a single page. is that correct or have i missed something?

Avatar
Ingo

5 July 2008 at 10:52am Forum Moderator, 801 Posts

Yes, we don't do permissions by user - if you want to use the built-in permission controls, that means one group per user. for the frontend it would be possible to customize this in your Page_Controller->init() method (and some custom page-relation-fields on the Member object). in the backend this level of customization would be tricky though.

ideally the sitetree and cms UI would query the canView()/canEdit()/canDelete() methods on each Page object, which you could then overload to check for a specific user-id etc. - but thats not implemented yet afaik.

Avatar
Sam

7 July 2008 at 1:41pm (Last edited: 7 July 2008 1:42pm), Administrator, 679 Posts

Another solution here is to overload the Page::canEdit() method - make this return true when the currently logged-in user is allowed to edit the current page.

The CMS will automatically update itself in response to this value. Please note that in defining this method you will be overriding the built-in permission control on page editing. You might want to limit this functionality to a custom page class.

Here's a little example to get you started.

function canEdit() {
return Permission::check("ADMIN") || ($this->OwnerID && $this->OwnerID = Member::currentUserID());
}