Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Customising the CMS /

ModelAdmin and canCreate()


Reply


5 Posts   966 Views

Avatar
Azlein

Community Member, 5 Posts

7 November 2012 at 10:59am

Hi,

I have a question about ModelAdmin and the canCreate method.

I created a DataObject with the canCreate, canDelete, canEdit and canView methods. As a test, I always return false in the canCreate() method:

class Animal extends DataObject {
//stuff omitted ....

   function canCreate($member=null){
      /**if(Permission::check('CREATE_ANIMAL'))
         return true; **/
      //Security::permissionFailure();
      return false;
   }

//canEdit, canView, canDelete...
}


The ModelAdmin is pretty standard, I think:

class AnimalAdmin extends ModelAdmin {
   public static $managed_models = array(
      'Animal',
      'Category'
   );
   static $url_segment = 'animals';
}

However, the ModelAdmin always shows the Add button (see Attachment) and it always allows me to save the entry when I click the Add button. It respects all other methods (e.g. I can't delete an entry).

Can anybody tell me what I'm doing wrong with the canCreate() method?

Attached Files
Avatar
swaiba

Forum Moderator, 1808 Posts

7 November 2012 at 4:00pm

try this instead...

   function canAdd() {
      return false;
   }

Avatar
Azlein

Community Member, 5 Posts

8 November 2012 at 12:20am

Thanks for the answer, but adding a canAdd($member=null) function to my DataObject doesn't change anything.

Just to be sure, I also tried the function without parameters and tried adding the canAdd function in the ModelAdmin, but neither had any effect. The Add button was still there and I was still able to save the new entry.

Avatar
Azlein

Community Member, 5 Posts

13 November 2012 at 12:57am

Edited: 13/11/2012 12:58am

I did some more testing - I created a user that has access to all parts of the CMS, but has no other rights (e.g. he can't view or edit a page).

Using that User, I was then able to, for example, create a site. I wasn't able to look at the site I created or edit the contents, but I was able to create one.
Same way when I wanted to create a User - the CMS didn't show me any users in the table of the security tab, but I was still able to create one. This one was then also not displayed, but it was there (I checked with the admin account).

Now, this is obviously a very special case (why would I let someone access the security tab, if he can't modify users), but there might be a case where this is more relevant (I just can't think of one right now :) ). Therefore it would be good to know if this behaviour is really intended.

So, can someone please confirm or deny that this the default and intended behaviour of Silverstripe?

Avatar
merrick_sd

Community Member, 97 Posts

10 July 2014 at 3:47am

i have the same thing.