Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We've moved the forum!

Please use forum.silverstripe.org for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

Customising the CMS /

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

Checking Permission only inside a specific given Group


Go to End


2 Posts   2056 Views

Avatar
neros3

Community Member, 51 Posts

9 September 2010 at 1:11am

Edited: 09/09/2010 1:25am

My users are allowed to be in several Groups. But a BLOG_MANAGEMENT permission inside one Groups doesn't mean they are allowed the same actions inside another Group. So I only want to check for a specific Group. I know this is sounds a little strange, since this is not the normal procedure for dealing with security.
Another problem is afterwards, what about my admin account. I would like for "him" to stay super user and allowed CRUD actions all over the site.

Does anyone know how to do this?

Permission::GroupCheck("BLOG_MANAGEMENT", null) or something similar?

Been looking at the $arg argument to Permission::Check - But I fear that its deprecated or at least about to be and I'm not really sure if this is what I need?

Hope you can help.

Thank you!

Avatar
PGiessler

Community Member, 47 Posts

12 September 2010 at 8:21pm

Hi neros3,

first of all, I want to give you a short overiew about the permission system of silverstripe. If you want to check the rights for a member in a specific group, you have to call the method Permission:check('BLOG_MANAGEMENT','any',$member). But instead of using 'BLOG_Management' you should use a specific rule like 'BLOG_MANAGEMENT_CAN_EDIT_ALL'. But also you can get the list of group of member, by using Permission::groupList($memberID) to check if the given user is in the group.

Also If you want to provide your own rules, you can extend your DataObject with DataObjectDecorator and implement PermissionProvider. In the method providePermission, you set the array of new permissions.

I hope I could help you. But if there are any question, please feel free to ask.

Best, Pascal