Hi,
I have a parent class 'Product' and a child classes like 'Hotel', 'Activity', etc. I do not want users to create a page of type 'Product'. I have looked into to SS code, so the relevant methods are:
CMSMain::PageTypes()
SiteTree:getClassDropdown()
I see I can hide the class Product if it implements the 'HiddenClass' interface. But then all subclasses would be hidden as well.
There's a weird piece of code in CMSMain::PageTypes(). If the child class has a static variable $hide_ancestor which is equal to the order (number) of a class in the array, which is returned by ClassInfo::getValidSubClasses(), then this class is hidden. And this piece of the code is not implemented in the SiteTree:getClassDropdown().
CMSMain::PageTypes() also check, if the method canCreate(). Which is suitable solution for me, but this is not implemented in SiteTree:getClassDropdown(), unfortunatelly. This is also a mild security issue. If the permission canCreate fails for the current user, he/she can still create a page of another type and then change the type of the page.
So, I've made the followin change:
--- SiteTree.php.orig 2007-07-05 17:20:39.000000000 +1200
+++ SiteTree.php 2007-07-20 11:28:42.000000000 +1200
@@ -694,7 +694,8 @@
array_shift($classes);
foreach($classes as $class) {
$instance = singleton($class);
- if(($instance instanceof HiddenClass) && ($class != $this->class)) continue;
+ if ((($instance instanceof HiddenClass) || !$instance->canCreate()) &&
+ ($class != $this->class)) continue;
$addAction = $instance->uninherited('add_action', true);
if(!$addAction) $addAction = "a $class";However, this does not prevent the user to duplicate the forbidden page :-(
