Jump to:

5450 Posts in 1672 Topics by 1197 members

Customising the CMS

SilverStripe Forums » Customising the CMS » User Group permissions with complexTableField

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1
Go to End
Author Topic: 882 Views
  • Jimmis
    Avatar
    Community Member
    2 Posts

    User Group permissions with complexTableField Link to this post

    Hi there,

    Im trying to setup usergroups to be able to access only certain pages.

    The problem im having is that access to the tabbed sections of the pages are limited. (see attached).

    The 'Edit' and 'Delete' buttons are blanked out.

    is there a way I can customize these to allow access from any user.

    NOTE: I have tried

        $tablefield->setPermissions( array('edit', 'show', 'add'));


    but that still didnt work.

    Thanks in advance.
    J

    Attached Files
  • SilverDan
    Avatar
    Community Member
    5 Posts

    Re: User Group permissions with complexTableField Link to this post

    Not sure if you found a solution to this yet, but I had also run into this problem and finally set aside some time to work out how to solve.

    The problem: By default, only members with full Admin access can edit/delete/add items in a complexTableField (or similar) relationship. Other users logging in would find the edit/delete buttons 'greyed-out' as per your screen-shot, and unable to perform the functions. The solution is to overload the canView, canEdit, canDelete and canCreate functions for your object. Here's how to do this:

    In the related object (the has_many or many_many related class - can be extending Page or DataObject), include the following functions to override the standard permission checking process:

    class MyObject extends DataObject {
       
       static $db = array();
       
       static $has_one = array(
          'Parent' => 'ParentClass'
       );
       
       function getCMSFields_ForPopup(){
          $fields = new FieldSet();
          // insert fields
          return $fields;
       }

    // These functions below are where the magic happens!

       public function canCreate() {
          if (Permission::check("SITETREE_EDIT_ALL")) return true;
          return false;
       }
       public function canView() {
          if (Permission::check("SITETREE_VIEW_ALL")) return true;
          return false;
       }
       public function canEdit() {
          if (Permission::check("SITETREE_EDIT_ALL")) return true;
          return false;
       }
       public function canDelete() {
          if (Permission::check("SITETREE_EDIT_ALL")) return true;
          return false;
       }
    }

    This code is checking the permissions for the logged-in user and if they are set to edit CMS pages ('SITETREE_EDIT_ALL'), they can then be allowed to edit, delete and add items of this class type - the function returns true, and the complexTableField (and similar relational fields), will enable the relevant buttons.

    Hope this helps!

    882 Views
Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.