Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

General Questions

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Forbid an action on a class using allowed_actions


2 Posts   1656 Views


12 October 2010 at 3:14pm Community Member, 2 Posts

Using this example setup:

Page_Controller::$allowed_actions = array('index', 'tag');

class SubPage_Controller extends Page_Controller {

How can I ensure the action "date" isn't allowed on SubPage?


I'm looking in RequestHandler::checkAccessAction() and it looks like - because SubPage_Controller doesn't explicitly define any allowed_actions, and because there's no method for this non-existent "date" action, that the date action is allowed.

Oddly, I can avoid that by declaring another unrelated allowed action, or by re-declaring the ones from the parent.
SubPage_Controller::$allowed_actions = array('index');
SubPage_Controller::$allowed_action = array('apple');

This is a little confusing to me. Surely if an action isn't in $allowed_actions, it's not allowed? The inline comment is "Return true so that a template can handle this action", but my only response to that is "wtf".

Thanks in advance for any help or explanation.


12 October 2010 at 4:21pm (Last edited: 12 October 2010 4:22pm), Forum Moderator, 5511 Posts

I believe this is coming from a legacy issue - because a lot of projects never had allowed_actions it broke applications left, right and center when it was added to the core, so to prevent apps from breaking if no allowed actions are defined on a controller then it doesn't check the action permissions. Haven't played around with checking if it respects the parent controller allowed action though so that could still be a bug.