Jump to:

3450 Posts in 1063 Topics by 738 members

Data Model Questions

SilverStripe Forums » Data Model Questions » ModelAdmin & Security - Users Can View But Not Edit

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1 2
Go to End
Author Topic: 4507 Views
  • Ben Gribaudo
    Avatar
    Community Member
    181 Posts

    ModelAdmin & Security - Users Can View But Not Edit Link to this post

    Hello,

    I created a SS security group which has access to my model admin. The user who I put in this group can login to the admin interface and view model admin entries but cannot edit them or create new ones. How do I give read/write access to a model admin without giving full admin access?

    Thank you,
    Ben

  • Ingo
    Avatar
    Forum Moderator
    801 Posts

    Re: ModelAdmin & Security - Users Can View But Not Edit Link to this post

    You need to overwrite the canEdit() and canDelete() methods on your DataObject subclass - they default to checking for ADMIN permissions.

  • Ben Gribaudo
    Avatar
    Community Member
    181 Posts

    Re: ModelAdmin & Security - Users Can View But Not Edit Link to this post

    Thanks, Ingo!

  • steve_nyhof
    Avatar
    Community Member
    224 Posts

    Re: ModelAdmin & Security - Users Can View But Not Edit Link to this post

    Where do I find the file to edit this?

  • TotalNet
    Avatar
    Community Member
    181 Posts

    Re: ModelAdmin & Security - Users Can View But Not Edit Link to this post

    The file is the php you created with the DataObject class that is managed by ModelAdmin. e.g.

    /* MyItem.php */
    class MyItem extends DataObject{

    ...

    function canCreate($member){
    if (Permission::check('ADMIN')) return true;
    }
    }

    That would allow only Admins to create a MyItem object, you can do the same for canEdit() canDelete() & canView()

    You could also add a new permission and use that instead for more flexibility. e.g.

    /* MyItemAdmin.php */
    class MyItemAdmin_Controller extends ContentController implements PermissionProvider {

    ...

    function providePermissions(){
    return array(
    "CREATE_MYITEM" => "User Can Create a MyItem",
    );
    }
    }


    Then, the replace ADMIN in the previous example with CREATE_MYITEM

    You can then add more permission codes for delete, edit, view and can even group them together as they appear on the permissions tab for the user's group in security - but that's another topic ;)

    Rich

  • steve_nyhof
    Avatar
    Community Member
    224 Posts

    Re: ModelAdmin & Security - Users Can View But Not Edit Link to this post

    Thank you for the response. I will send this link to my programmer. I am always looking out for new things to do with SS. Been watching some videos and learning about the modeladmin - don't get it yet.

  • Sphere
    Avatar
    Community Member
    44 Posts

    Re: ModelAdmin & Security - Users Can View But Not Edit Link to this post

    A more extended option (*NYT* stands for Not Yet Translated):

    public function providePermissions() {
    return(array(
    'CREATE_NEWS' => array(
    'name' => _t($this->class . '.CREATE_NEWS', 'User can create Newsitems *NYT*'),
    'category' => _t($this->class . '.NEWS_PERMISSIONS_CATEGORY', 'News permission *NYT*'),
    'help' => _t($this->class . '.CREATE_NEWS_HELP', 'User can create Newsitems *NYT*'),
    'sort' => 0,
    ),
    'EDIT_NEWS' => array(
    'name' => _t($this->class . '.EDIT_NEWS', 'User can edit Newsitems *NYT*'),
    'category' => _t($this->class . '.NEWS_PERMISSIONS_CATEGORY', 'News permission *NYT*'),
    'help' => _t($this->class . '.EDIT_NEWS_HELP', 'User can edit Newsitems *NYT*'),
    'sort' => 1,
    ),
    'DELETE_NEWS' => array(
    'name' => _t($this->class . '.DELETE_NEWS', 'User can delete Newsitems *NYT*'),
    'category' => _t($this->class . '.NEWS_PERMISSIONS_CATEGORY', 'News permission *NYT*'),
    'help' => _t($this->class . '.DELETE_NEWS_HELP', 'User can delete Newsitems *NYT*'),
    'sort' => 2,
    ),
    ));
    }

  • DasplaNN O)))
    Avatar
    Community Member
    3 Posts

    Re: ModelAdmin & Security - Users Can View But Not Edit Link to this post

    just a little extra info on the example in the previous post.
    in the arrays for each permission, the 'category' is the group-title, and 'help' is the tooltip.

    4507 Views
Page: 1 2
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.