21294 Posts in 5734 Topics by 2602 members
|
Page:
1
|
Go to End | |
| Author | Topic: | 1503 Views |
-
Permissions - canView, canEdit, ...
13 May 2011 at 9:56am
hi there,
just playing arround wiht permissions ... I have a group "Testgroup". Users in testgroup can just login to the CMS and have
access to page content (minimal rights to login to backend).page.php
class Page_Controller extends ContentController implements PermissionProvider {
{// I dont add group checking, just disallow for all for testing
function canView() {
return false;
}function canEdit(){
return false;
}function canCreate(){
return false;
}//....
Now, if I login with a user of the "Testgroup" I see all pages and can edit them. But I cant create pages.
Why I can view Pages and can edit them with this settings?How should I do if I want this:
User should can create pages, and can only view and edit HIS pages, the pages he created.
thx
-
Re: Permissions - canView, canEdit, ...
14 May 2011 at 1:23pm
Permissions should be tied to your model record (e.g Page) not the controller as the controller is only used on the front end to handle the requests.
In your example - if you're dealing with pages only, you can set the permissions via the backend 'Access' tab rather than needed to hard code everything if thats easier. You'll also need to make sure your override can* methods call parent::can... as well so that the built in permission checking still works (unless you want to fully override them)
One thing to note that has caught me out today is the CMS will check for canView() as well as canEdit() in the backend so all users who can edit an object need to be able to view that object as well.
| 1503 Views | ||
|
Page:
1
|
Go to Top |
