Jump to:

5539 Posts in 1738 Topics by 1224 members

Customising the CMS

SilverStripe Forums » Customising the CMS » extending securityadmin to create a users section without admin control

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1
Go to End
Author Topic: 935 Views
  • vancouverWill
    Avatar
    Community Member
    121 Posts

    extending securityadmin to create a users section without admin control Link to this post

    Hi

    I want to extend or decorate securityadmin to create an area with slightly less permissions. In a situation where there are admin, regular members and content providers, content providers should be able to view, create and update members but not be able to even see admin, let alone be able to change them.

    I might be able to just extend permissions and create a new permission such as 'Access to security for members' instead of 'access to security' where they are granted full access.

    I think this would be useful for many sites but not sure the best way to go about this. Anyone have any advice?

    Thanks

    Will

  • simon_w
    Avatar
    Forum Moderator
    471 Posts

    Re: extending securityadmin to create a users section without admin control Link to this post

    The default way permissions are set up is that only an admin can edit an admin. If you need more control than this, you can decorate Member and provide canEdit($member) and canView($member) methods (where $member is the Member that's requesting permission, $this->owner is the Member they want the permission to edit/view).

  • vancouverWill
    Avatar
    Community Member
    121 Posts

    Re: extending securityadmin to create a users section without admin control Link to this post

    Hi Simon

    thanks for the help and sorry for the slow reply. Am I right in the way you are saying that I would use a function like

    canView($member){
    if(permission::check('ADMIN')){
    return true;
    }else{
    if($this->owner->Group=admin){
    return false;
    }
    }

    }

    to grant permission if they are admin and if they are not, see whether they are looking at admins and is so block.

    I find the permission system on SS can be a bit temperamental for example if I block a user group from viewing a certain page type but they still have cms access, when they are in the admin area it can become unresponsive. The error message is

    $("Form_EditForm") is null

    which seems to be a problem from trying to pull up a page they can't see. there may be a simpler way to go about this I'm not seeing but i would like to have a group who can get access to the CMS but not see all pages, edit and add users but not see administrators details.

    thanks for the time

    935 Views
Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.