Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

General Questions /

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

HasManyComplexTableField security question


Reply


5 Posts   1913 Views

Avatar
micahsheets

Community Member, 165 Posts

27 May 2009 at 5:29am

I have a page with a HasManyComplexTableField and a user that is a member of a group that has permission to edit that page. However that person only sees magnifying glasses instead of edit and delete icons for the items in the table. I don't want to make this user an admin so how do I set up the permissions on the page so that users that can edit Content can also edit the HasManyComplexTableField?

Avatar
Sean

Forum Moderator, 922 Posts

29 May 2009 at 10:41am

First of all, you'll want to assign a security group as the editor group of the page using the "Access" tab while viewing a page in the CMS. I'm assuming you've already done this.

The table behaviour is probably to do with the Can() method on TableListField, which determines if the logged in user can add, edit or delete items.

You can probably override this by calling setPermissions(array('add', 'edit', 'delete')) on your HasManyComplexTableField.

Avatar
nafetsch

Community Member, 15 Posts

19 August 2010 at 9:01pm

Edited: 19/08/2010 9:39pm

I have the same problem. why editors can´t edit datafields?

i add

$this->setPermissions(array('add', 'edit', 'delete'));

to

class HasManyComplexTableField extends ComplexTableField {

But it makes no difference...

Avatar
SilverDan

Community Member, 5 Posts

19 October 2010 at 12:07pm

Was there ever a solution for this post?

I have come across the same problem where non-admin group users can't edit, add or delete items in the relationship table (only view). Using the $field->setPermissions() method does override the actions permissions, and will show or hide the relevant edit/add/view/delete buttons, but won't actually affect the functions of those buttons. Ie. It won't override the permission to edit, for example, just decide whether to show or hide the button.

So, is there another deeper level access to control the permissions for the HasManyComplexTableField items? I can't find anything usable in the documentation/API etc.

Avatar
nafetsch

Community Member, 15 Posts

19 October 2010 at 8:19pm

perhaps this is your solution:

class XXX extends DataObject {

   ...
...

function canDelete() {
return true;
}
function canEdit() {
return true;
}

}

with that editors have rights.