I've read some good posts and tutorials on how to create custom user permissions for groups, but have yet to figure out how to manage the task I'm working on. Basically, I'm using Silverstripe to run an intranet site. Anyone attempting to access the site will need to login with LDAP credentials (I have all that working great) but I need a generic user group that is completely unable to access the CMS/Admin area. Ideally attempting to access /admin/ would redirect to the main page or an error page. I assume I need to create a custom permission code and then insert code when the /admin/ area is accessed that will redirect the user somewhere else with a "permission::check('USER')" routine. Unfortunately, I'm having trouble figuring out where to insert that code... Any help is appreciated!
Well, I'm pretty sure I figured it out, so I figured I'd post the answer here for anyone else who is looking for this functionality. Using the info I found on ssbits and after digging a bit, I figured I would just dump a permissions::check('Administrator') into the init() for CMSMain.php. I'll have to wait 'til tomorrow to test it on the live server, but I'm pretty sure it will work :) Here's hoping, eh?
Nope, but I ended up coming up with another way by editting LeftAndMain.php's init to include:
if(Member::CurrentUserID() && !Permission::check('Full Administrative Rights')) Director::redirect('home/');
Which works like a charm.