5450 Posts in 1672 Topics by 1197 members
|Go to End|
17 October 2012 at 5:21am
I'm looking for a way to show some groups to specific users through a modeladmin in the cms. The groups shown is based on a variable added to Group through an extension.
I've got some ideas to get it working but it all seems to fail due to row 406 in Group.php
if(Permission::checkMember($member, "CMS_ACCESS_SecurityAdmin")) return true;
which, if I set that permission to the user group, grants the user access to Security-tab and ALL groups.
Is there any way around this without changing the code in Group.php?
18 October 2012 at 7:27am Last edited: 18 October 2012 7:27am
Ok, maybe I misunderstood how this should be working or maybe there is a bug here. It's not exactly about my post above, kind of find a way to work that out.
So, lets see if I got this right.
The canEdit() in Group.php is supposed to return false if current member don't have admin permissions and is trying to edit a group that has admin permissions, right? That if-statement reads
// either we have an ADMIN
// or a privileged CMS user and a group without ADMIN permissions.
// without this check, a user would be able to add himself to an administrators group
// with just access to the "Security" admin interface
Permission::checkMember($member, "CMS_ACCESS_SecurityAdmin") &&
!DataObject::get("Permission", "GroupID = $this->ID AND Code = 'ADMIN'")
But this could never be true since DataObject::get() always return a DataList, right? So canEdit() on a group will always return false if currentMember don't have ADMIN permissions.
So that part maybe could be rewritten to
Permission::checkMember($member, "CMS_ACCESS_SecurityAdmin") && !Permission::get()->where("GroupID = $this->ID AND Code = 'ADMIN'")->First()
or something alike? Thoughts?
|Go to Top|