Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We've moved the forum!

Please use forum.silverstripe.org for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

Data Model Questions /

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

ModelAdmin & Security - Users Can View But Not Edit


Go to End


15 Posts   7889 Views

Avatar
Ben Gribaudo

Community Member, 181 Posts

25 March 2009 at 7:41am

Hello,

I created a SS security group which has access to my model admin. The user who I put in this group can login to the admin interface and view model admin entries but cannot edit them or create new ones. How do I give read/write access to a model admin without giving full admin access?

Thank you,
Ben

Avatar
Ingo

Forum Moderator, 801 Posts

29 March 2009 at 2:46pm

You need to overwrite the canEdit() and canDelete() methods on your DataObject subclass - they default to checking for ADMIN permissions.

Avatar
Ben Gribaudo

Community Member, 181 Posts

31 March 2009 at 2:42am

Thanks, Ingo!

Avatar
steve_nyhof

Community Member, 224 Posts

24 June 2010 at 8:14am

Where do I find the file to edit this?

Avatar
TotalNet

Community Member, 181 Posts

24 June 2010 at 9:33am

Edited: 24/06/2010 9:59am

The file is the php you created with the DataObject class that is managed by ModelAdmin. e.g.

/* MyItem.php */
class MyItem extends DataObject{

...

  function canCreate($member){
  if (Permission::check('ADMIN')) return true;
  }
}

That would allow only Admins to create a MyItem object, you can do the same for canEdit() canDelete() & canView()

You could also add a new permission and use that instead for more flexibility. e.g.

/* MyItemAdmin.php */
class MyItemAdmin_Controller extends ContentController implements PermissionProvider {

...

    function providePermissions(){
        return array(
            "CREATE_MYITEM" => "User Can Create a MyItem",
        );
    }
}

Then, the replace ADMIN in the previous example with CREATE_MYITEM

You can then add more permission codes for delete, edit, view and can even group them together as they appear on the permissions tab for the user's group in security - but that's another topic ;)

Rich

Avatar
steve_nyhof

Community Member, 224 Posts

24 June 2010 at 10:36am

Thank you for the response. I will send this link to my programmer. I am always looking out for new things to do with SS. Been watching some videos and learning about the modeladmin - don't get it yet.

Avatar
Sphere

Community Member, 46 Posts

18 January 2011 at 12:45am

Edited: 18/01/2011 12:46am

A more extended option (*NYT* stands for Not Yet Translated):

public function providePermissions() {
        return(array(
            'CREATE_NEWS' => array(
                'name' => _t($this->class . '.CREATE_NEWS', 'User can create Newsitems *NYT*'),
                'category' => _t($this->class . '.NEWS_PERMISSIONS_CATEGORY', 'News permission *NYT*'),
                'help' => _t($this->class . '.CREATE_NEWS_HELP', 'User can create Newsitems *NYT*'),
                'sort' => 0,
            ),
            'EDIT_NEWS' => array(
                'name' => _t($this->class . '.EDIT_NEWS', 'User can edit Newsitems *NYT*'),
                'category' => _t($this->class . '.NEWS_PERMISSIONS_CATEGORY', 'News permission *NYT*'),
                'help' => _t($this->class . '.EDIT_NEWS_HELP', 'User can edit Newsitems *NYT*'),
                'sort' => 1,
            ),
            'DELETE_NEWS' => array(
                'name' => _t($this->class . '.DELETE_NEWS', 'User can delete Newsitems *NYT*'),
                'category' => _t($this->class . '.NEWS_PERMISSIONS_CATEGORY', 'News permission *NYT*'),
                'help' => _t($this->class . '.DELETE_NEWS_HELP', 'User can delete Newsitems *NYT*'),
                'sort' => 2,
            ),
        ));
    }

Avatar
DasplaNN O)))

Community Member, 3 Posts

18 January 2011 at 1:34am

just a little extra info on the example in the previous post.
in the arrays for each permission, the 'category' is the group-title, and 'help' is the tooltip.

Go to Top