Jump to:

5121 Posts in 1527 Topics by 1119 members

Customising the CMS

SilverStripe Forums » Customising the CMS » ModelAdmin and canCreate()

Moderators: martimiz, Howard, Sean, Ryan M., biapar, Willr, Ingo, swaiba, simon_w

Page: 1
Go to End
Author Topic: 325 Views
  • Azlein
    Avatar
    Community Member
    5 Posts

    ModelAdmin and canCreate() Link to this post

    7 November 2012 at 10:59am

    Hi,

    I have a question about ModelAdmin and the canCreate method.

    I created a DataObject with the canCreate, canDelete, canEdit and canView methods. As a test, I always return false in the canCreate() method:

    class Animal extends DataObject {
    //stuff omitted ....

       function canCreate($member=null){
          /**if(Permission::check('CREATE_ANIMAL'))
             return true; **/
          //Security::permissionFailure();
          return false;
       }

    //canEdit, canView, canDelete...
    }


    The ModelAdmin is pretty standard, I think:

    class AnimalAdmin extends ModelAdmin {
       public static $managed_models = array(
          'Animal',
          'Category'
       );
       static $url_segment = 'animals';
    }

    However, the ModelAdmin always shows the Add button (see Attachment) and it always allows me to save the entry when I click the Add button. It respects all other methods (e.g. I can't delete an entry).

    Can anybody tell me what I'm doing wrong with the canCreate() method?

    Attached Files
  • swaiba
    Avatar
    Forum Moderator
    1689 Posts

    Re: ModelAdmin and canCreate() Link to this post

    7 November 2012 at 4:00pm

    try this instead...

       function canAdd() {
          return false;
       }

  • Azlein
    Avatar
    Community Member
    5 Posts

    Re: ModelAdmin and canCreate() Link to this post

    8 November 2012 at 12:20am

    Thanks for the answer, but adding a canAdd($member=null) function to my DataObject doesn't change anything.

    Just to be sure, I also tried the function without parameters and tried adding the canAdd function in the ModelAdmin, but neither had any effect. The Add button was still there and I was still able to save the new entry.

  • Azlein
    Avatar
    Community Member
    5 Posts

    Re: ModelAdmin and canCreate() Link to this post

    13 November 2012 at 12:57am Last edited: 13 November 2012 12:58am

    I did some more testing - I created a user that has access to all parts of the CMS, but has no other rights (e.g. he can't view or edit a page).

    Using that User, I was then able to, for example, create a site. I wasn't able to look at the site I created or edit the contents, but I was able to create one.
    Same way when I wanted to create a User - the CMS didn't show me any users in the table of the security tab, but I was still able to create one. This one was then also not displayed, but it was there (I checked with the admin account).

    Now, this is obviously a very special case (why would I let someone access the security tab, if he can't modify users), but there might be a case where this is more relevant (I just can't think of one right now ). Therefore it would be good to know if this behaviour is really intended.

    So, can someone please confirm or deny that this the default and intended behaviour of Silverstripe?

    325 Views
Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.