Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

General Questions

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Permissions - canView, canEdit, ...


Reply

2 Posts   2174 Views

Avatar
danzzz

13 May 2011 at 9:56am Community Member, 175 Posts

hi there,

just playing arround wiht permissions ... I have a group "Testgroup". Users in testgroup can just login to the CMS and have
access to page content (minimal rights to login to backend).

page.php

class Page_Controller extends ContentController implements PermissionProvider {
{

// I dont add group checking, just disallow for all for testing

function canView() {
   return false;
}

function canEdit(){
   return false;
}

function canCreate(){
   return false;
}

//....

Now, if I login with a user of the "Testgroup" I see all pages and can edit them. But I cant create pages.
Why I can view Pages and can edit them with this settings?

How should I do if I want this:

User should can create pages, and can only view and edit HIS pages, the pages he created.

thx

Avatar
Willr

14 May 2011 at 1:23pm Forum Moderator, 5511 Posts

Permissions should be tied to your model record (e.g Page) not the controller as the controller is only used on the front end to handle the requests.

In your example - if you're dealing with pages only, you can set the permissions via the backend 'Access' tab rather than needed to hard code everything if thats easier. You'll also need to make sure your override can* methods call parent::can... as well so that the built in permission checking still works (unless you want to fully override them)

One thing to note that has caught me out today is the CMS will check for canView() as well as canEdit() in the backend so all users who can edit an object need to be able to view that object as well.