Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Data Model Questions

ModelAdmin & Security - Users Can View But Not Edit


Go to End
Reply

15 Posts   4572 Views

Avatar
Ben Gribaudo

25 March 2009 at 7:41am Community Member, 181 Posts

Hello,

I created a SS security group which has access to my model admin. The user who I put in this group can login to the admin interface and view model admin entries but cannot edit them or create new ones. How do I give read/write access to a model admin without giving full admin access?

Thank you,
Ben

Avatar
Ingo

29 March 2009 at 2:46pm Forum Moderator, 801 Posts

You need to overwrite the canEdit() and canDelete() methods on your DataObject subclass - they default to checking for ADMIN permissions.

Avatar
Ben Gribaudo

31 March 2009 at 2:42am Community Member, 181 Posts

Thanks, Ingo!

Avatar
steve_nyhof

24 June 2010 at 8:14am Community Member, 224 Posts

Where do I find the file to edit this?

Avatar
TotalNet

24 June 2010 at 9:33am (Last edited: 24 June 2010 9:59am), Community Member, 181 Posts

The file is the php you created with the DataObject class that is managed by ModelAdmin. e.g.

/* MyItem.php */
class MyItem extends DataObject{

...

function canCreate($member){
if (Permission::check('ADMIN')) return true;
}
}

That would allow only Admins to create a MyItem object, you can do the same for canEdit() canDelete() & canView()

You could also add a new permission and use that instead for more flexibility. e.g.

/* MyItemAdmin.php */
class MyItemAdmin_Controller extends ContentController implements PermissionProvider {

...

function providePermissions(){
return array(
"CREATE_MYITEM" => "User Can Create a MyItem",
);
}
}


Then, the replace ADMIN in the previous example with CREATE_MYITEM

You can then add more permission codes for delete, edit, view and can even group them together as they appear on the permissions tab for the user's group in security - but that's another topic ;)

Rich

Avatar
steve_nyhof

24 June 2010 at 10:36am Community Member, 224 Posts

Thank you for the response. I will send this link to my programmer. I am always looking out for new things to do with SS. Been watching some videos and learning about the modeladmin - don't get it yet.

Avatar
Sphere

18 January 2011 at 12:45am (Last edited: 18 January 2011 12:46am), Community Member, 44 Posts

A more extended option (*NYT* stands for Not Yet Translated):

public function providePermissions() {
return(array(
'CREATE_NEWS' => array(
'name' => _t($this->class . '.CREATE_NEWS', 'User can create Newsitems *NYT*'),
'category' => _t($this->class . '.NEWS_PERMISSIONS_CATEGORY', 'News permission *NYT*'),
'help' => _t($this->class . '.CREATE_NEWS_HELP', 'User can create Newsitems *NYT*'),
'sort' => 0,
),
'EDIT_NEWS' => array(
'name' => _t($this->class . '.EDIT_NEWS', 'User can edit Newsitems *NYT*'),
'category' => _t($this->class . '.NEWS_PERMISSIONS_CATEGORY', 'News permission *NYT*'),
'help' => _t($this->class . '.EDIT_NEWS_HELP', 'User can edit Newsitems *NYT*'),
'sort' => 1,
),
'DELETE_NEWS' => array(
'name' => _t($this->class . '.DELETE_NEWS', 'User can delete Newsitems *NYT*'),
'category' => _t($this->class . '.NEWS_PERMISSIONS_CATEGORY', 'News permission *NYT*'),
'help' => _t($this->class . '.DELETE_NEWS_HELP', 'User can delete Newsitems *NYT*'),
'sort' => 2,
),
));
}

Avatar
DasplaNN O)))

18 January 2011 at 1:34am Community Member, 3 Posts

just a little extra info on the example in the previous post.
in the arrays for each permission, the 'category' is the group-title, and 'help' is the tooltip.

Go to Top