My users are allowed to be in several Groups. But a BLOG_MANAGEMENT permission inside one Groups doesn't mean they are allowed the same actions inside another Group. So I only want to check for a specific Group. I know this is sounds a little strange, since this is not the normal procedure for dealing with security.
Another problem is afterwards, what about my admin account. I would like for "him" to stay super user and allowed CRUD actions all over the site.
Does anyone know how to do this?
Permission::GroupCheck("BLOG_MANAGEMENT", null) or something similar?
Been looking at the $arg argument to Permission::Check - But I fear that its deprecated or at least about to be and I'm not really sure if this is what I need?
first of all, I want to give you a short overiew about the permission system of silverstripe. If you want to check the rights for a member in a specific group, you have to call the method Permission:check('BLOG_MANAGEMENT','any',$member). But instead of using 'BLOG_Management' you should use a specific rule like 'BLOG_MANAGEMENT_CAN_EDIT_ALL'. But also you can get the list of group of member, by using Permission::groupList($memberID) to check if the given user is in the group.
Also If you want to provide your own rules, you can extend your DataObject with DataObjectDecorator and implement PermissionProvider. In the method providePermission, you set the array of new permissions.
I hope I could help you. But if there are any question, please feel free to ask.