Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Data Model Questions /

canView() permision Issue


Reply


4 Posts   431 Views

Avatar
zenmonkey

Community Member, 528 Posts

9 July 2013 at 3:50am

I have a DataObject that needs specific permisions for a certain group. I'd like that group to be able to vew the object but not edit or create.

I've set the following permissions on the DataObject itself

function canView($member = null) {
if(!$member) $member = Member::currentUser();
      return $member->inGroups(array('administrators', "print-ads"));
}

   function canEdit($member = false) {
      if(!$member) $member = Member::currentUser();
      return $member->inGroup('administrators');
   }
   
   function canCreate($member = false) {
      if(!$member) $member = Member::currentUser();
      return $member->inGroup('administrators');
   }

When logged is as a user in print-ads group I get the ModelAdmin for the object. The gridfield displays the object and the add button. The odd thing is the print-ad group can add a DataObject with the button (which it shouldn't) and it is unable to click on individual dataobjects in the gridfield to view teh details.

Avatar
cumquat

Community Member, 198 Posts

10 July 2013 at 7:56pm

Hi Zenmonkey,

I have started to use the 'implements PermissionProvider' method for dealing with permissions, then it's just a case of ticking the required boxes in the security group permissions page. example below, hope this helps.

class Project extends DataObject implements PermissionProvider {

public static $db = array(
'Name' => 'Varchar(100)',
'DueDate' => 'Date',
'ProposedBeta' => 'Date',
'Notes' => 'Text'
         
);
public static $has_many =array (
   );
public static $default_sort = "ID";
public static $searchable_fields = array(
);
public static $summary_fields = array(
'ID' => 'ID',
      'Name' => 'Name'
   );
   function getCMSFields() {
      $fields = parent::getCMSFields();
      return $fields;
   }
   public function providePermissions() {
return array(
'PROJECT_VIEW' => 'Read a project object',
'PROJECT_EDIT' => 'Edit a project object',
'PROJECT_DELETE' => 'Delete a project object',
'PROJECT_CREATE' => 'Create a project object',
'PROJECT_VIEWEXT' => 'Read a projects extended info',
);
}
   function SuperDuper($Member = null) {
   return Permission::check('PROJECT_VIEWEXT');
   }
   function viewproject($Member = null) {
return Permission::check('PROJECT_VIEW');
}

}

Avatar
zenmonkey

Community Member, 528 Posts

11 July 2013 at 3:05am

I'll give it a try. I find the documention on that section isn't great and I was having a hard time wraping my head arround it

Avatar
cumquat

Community Member, 198 Posts

11 July 2013 at 3:13am

I know what you mean, it was a real eureka moment for me when I finally got it. The main thing is the implementation of the permission provider, then you create the permission types, and finally you create functions for those created permissions then you can use

<% if yourpermissiontype %>
Do/show something
<% end_if %>


In your templates.

Good luck.

Mick