Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Archive /

Our old forums are still available as a read-only archive.

Moderators: martimiz, Sean, biapar, Willr, Ingo, simon_w

login/register


Reply


4 Posts   2029 Views

Avatar
MacFrancis

Community Member, 2 Posts

29 July 2008 at 1:06am

Edited: 29/07/2008 1:23am

Hi there!

First of all, I'd like to say THANKS to all of the people that help Silverstripe, came true.

I've been trying to make a simple site (with no forum, or any-other mod) that allows, people to login/register and after that it should allow people to create their own articles, and only they could access it (excluding the admin's).

So far I've been able to manage myself, until I stopped at what I thing it might be a bug? (I'm not saying it is, I suspect it might be, that's all)

Ok here's the thing.
I added a MemberLogin.ss to themes/blackcandy/templates/Includes/ with the following code:

<div id="RegisterLogin">
   <% if CurrentMember %>
      <p>You are authenticated has: <% if CurrentMember.Email %>$CurrentMember.Email<% else %>Anonymous<% end_if %></p>
      <span><a href="Security/logout" title="log off">log off</a> |
         <a href="edit-profile" title="Edit your profile">my profile</a>
      </span>
   <% else %>
      <span><a href="Security/login" title="log in">Login</a> |
         <a href="retrieve-password" title="retrieve password">Retrieve password</a> |
         <a href="register" title="Click here to register">Resgister</a>
      </span>
   <% end_if %>
</div>

The I added: "<% include MemberLogin %>" right before "$Content" in themes/blackcandy/templates/Layout/Page.ss, so every page would show the 3 links that allow login/register/retrieve password.

After that I created a user, and logged in SS with it's e-mail and password, after that I click Logout, and the current page still says that I'm logged, I refresh it and then it shows that I'm logged out after all, then I click another page, and that one too says that I'm logged in... I have to refresh it again, and all the other pages...

Did I do wrong by puting: "<% include MemberLogin %>" in themes/blackcandy/templates/Layout/Page.ss? or is it the MemberLogin.ss, code?
Or is it a bug?

One more thing, how can I make a user in SS, to create its own pages/articles, and making those pages accessible only by its creator, besides having to create different groups for each user?

I hope I didn't get to confusing. English is not my primary language.
Best regards.

Avatar
Willr

Forum Moderator, 5513 Posts

29 July 2008 at 1:19pm

I think because you used an include for the login details SilverStripe caches it quite heavily. Hence why you have to refresh it. Dont know a solution to that.

On the Article type you could store the member id of the author then on the ArticlePage you can define a method called canView() or something? that you can return true or false so you might have

function canView() {
if($this->member->ID == $this->AuthorID) return true;
return false;
}

or something like that

Avatar
MacFrancis

Community Member, 2 Posts

30 July 2008 at 5:03am

Much obliged, willr.
I followed your tip, and end up with this:

ArticlePage.php:

<?php
/**
* Defines the ArticlePage page type
*/
class ArticlePage extends Page {
   static $db = array(
    'Date' => 'Date',
    'Author_ID' => 'Text',
      'Author' => 'Text'
   );
static $has_one = array(
);

   function getCMSFields() {
      $member = $this->CurrentMember();
      $dados = array( 'Author_ID' => $member->ID , 'Author' => $member->FirstName );
      
    $fields = parent::getCMSFields();

    $fields->addFieldToTab('Root.Content.Main', new CalendarDateField('Date'), 'Content');
    $fields->addFieldToTab('Root.Content.Main', new ReadonlyField('Author_ID'), 'Content');
      $fields->addFieldToTab('Root.Content.Main', new TextField('Author'), 'Content');
      $fields->setValues( $dados );

    return $fields;
   }
   
   public function canView() {
      if( $this->CurrentMember()->ID == $this->Author_ID ) return true;
      return false;
   }
   
   public function canEdit() {
      if( $this->CurrentMember()->ID == $this->Author_ID ) return true;
      return false;
   }
}

class ArticlePage_Controller extends Page_Controller {

}

?>

Everything seems correct to me, but the method canView, is not doing what I expected, since every user can actually see the article. The canEdit is working, too well I still have to allow the admin's to edit the article's, but the canView is not doing anything, even if I comment the line: if( $this->CurrentMember()->ID == $this->Author_ID ) return true; and return constantly false.

Can anyone help me with this one?

Avatar
Willr

Forum Moderator, 5513 Posts

30 July 2008 at 12:27pm

hmm im not to good with the Security model, system with SS so this might be considered a hack and canView() is actually the proper way (I would have said it was) but you could add this..

class ArticlePage_Controller extends Page_Controller {
// call canView() if false return a Security error
function init() {
parent::init();
if(!$this->canView()) { return Security::permissionFailure($this); }
}