5521 Posts in 1734 Topics by 1223 members
|Go to End|
9 September 2010 at 1:11am Last edited: 9 September 2010 1:25am
My users are allowed to be in several Groups. But a BLOG_MANAGEMENT permission inside one Groups doesn't mean they are allowed the same actions inside another Group. So I only want to check for a specific Group. I know this is sounds a little strange, since this is not the normal procedure for dealing with security.
Another problem is afterwards, what about my admin account. I would like for "him" to stay super user and allowed CRUD actions all over the site.
Does anyone know how to do this?
Permission::GroupCheck("BLOG_MANAGEMENT", null) or something similar?
Been looking at the $arg argument to Permission::Check - But I fear that its deprecated or at least about to be and I'm not really sure if this is what I need?
Hope you can help.
12 September 2010 at 8:21pm
first of all, I want to give you a short overiew about the permission system of silverstripe. If you want to check the rights for a member in a specific group, you have to call the method Permission:check('BLOG_MANAGEMENT','any',$member). But instead of using 'BLOG_Management' you should use a specific rule like 'BLOG_MANAGEMENT_CAN_EDIT_ALL'. But also you can get the list of group of member, by using Permission::groupList($memberID) to check if the given user is in the group.
Also If you want to provide your own rules, you can extend your DataObject with DataObjectDecorator and implement PermissionProvider. In the method providePermission, you set the array of new permissions.
I hope I could help you. But if there are any question, please feel free to ask.
|Go to Top|