Jump to:

22976 Posts in 11702 Topics by 2826 members

General Questions

SilverStripe Forums » General Questions » Forbid an action on a class using allowed_actions

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1
Go to End
Author Topic: 1545 Views
  • paradigmincarnate
    Avatar
    Community Member
    2 Posts

    Forbid an action on a class using allowed_actions Link to this post

    Using this example setup:

    Page_Controller::$allowed_actions = array('index', 'tag');

    class SubPage_Controller extends Page_Controller {
    }

    How can I ensure the action "date" isn't allowed on SubPage?

    /my-subpage/date

    I'm looking in RequestHandler::checkAccessAction() and it looks like - because SubPage_Controller doesn't explicitly define any allowed_actions, and because there's no method for this non-existent "date" action, that the date action is allowed.

    Oddly, I can avoid that by declaring another unrelated allowed action, or by re-declaring the ones from the parent.
    e.g.
    SubPage_Controller::$allowed_actions = array('index');
    or
    SubPage_Controller::$allowed_action = array('apple');

    This is a little confusing to me. Surely if an action isn't in $allowed_actions, it's not allowed? The inline comment is "Return true so that a template can handle this action", but my only response to that is "wtf".

    Thanks in advance for any help or explanation.

  • Willr
    Avatar
    Forum Moderator
    5462 Posts

    Re: Forbid an action on a class using allowed_actions Link to this post

    I believe this is coming from a legacy issue - because a lot of projects never had allowed_actions it broke applications left, right and center when it was added to the core, so to prevent apps from breaking if no allowed actions are defined on a controller then it doesn't check the action permissions. Haven't played around with checking if it respects the parent controller allowed action though so that could still be a bug.

    1545 Views
Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.