Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

General Questions /

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Forbid an action on a class using allowed_actions

Go to End

2 Posts   1730 Views


Community Member, 2 Posts

12 October 2010 at 3:14pm

Using this example setup:

Page_Controller::$allowed_actions = array('index', 'tag');

class SubPage_Controller extends Page_Controller {

How can I ensure the action "date" isn't allowed on SubPage?


I'm looking in RequestHandler::checkAccessAction() and it looks like - because SubPage_Controller doesn't explicitly define any allowed_actions, and because there's no method for this non-existent "date" action, that the date action is allowed.

Oddly, I can avoid that by declaring another unrelated allowed action, or by re-declaring the ones from the parent.
SubPage_Controller::$allowed_actions = array('index');
SubPage_Controller::$allowed_action = array('apple');

This is a little confusing to me. Surely if an action isn't in $allowed_actions, it's not allowed? The inline comment is "Return true so that a template can handle this action", but my only response to that is "wtf".

Thanks in advance for any help or explanation.


Forum Moderator, 5514 Posts

12 October 2010 at 4:21pm

Edited: 12/10/2010 4:22pm

I believe this is coming from a legacy issue - because a lot of projects never had allowed_actions it broke applications left, right and center when it was added to the core, so to prevent apps from breaking if no allowed actions are defined on a controller then it doesn't check the action permissions. Haven't played around with checking if it respects the parent controller allowed action though so that could still be a bug.