Jump to:

22977 Posts in 11742 Topics by 2826 members

General Questions

SilverStripe Forums » General Questions » Permissions - canView, canEdit, ...

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1
Go to End
Author Topic: 1997 Views
  • danzzz
    Avatar
    Community Member
    175 Posts

    Permissions - canView, canEdit, ... Link to this post

    hi there,

    just playing arround wiht permissions ... I have a group "Testgroup". Users in testgroup can just login to the CMS and have
    access to page content (minimal rights to login to backend).

    page.php

    class Page_Controller extends ContentController implements PermissionProvider {
    {

    // I dont add group checking, just disallow for all for testing

    function canView() {
       return false;
    }

    function canEdit(){
       return false;
    }

    function canCreate(){
       return false;
    }

    //....

    Now, if I login with a user of the "Testgroup" I see all pages and can edit them. But I cant create pages.
    Why I can view Pages and can edit them with this settings?

    How should I do if I want this:

    User should can create pages, and can only view and edit HIS pages, the pages he created.

    thx

  • Willr
    Avatar
    Forum Moderator
    5462 Posts

    Re: Permissions - canView, canEdit, ... Link to this post

    Permissions should be tied to your model record (e.g Page) not the controller as the controller is only used on the front end to handle the requests.

    In your example - if you're dealing with pages only, you can set the permissions via the backend 'Access' tab rather than needed to hard code everything if thats easier. You'll also need to make sure your override can* methods call parent::can... as well so that the built in permission checking still works (unless you want to fully override them)

    One thing to note that has caught me out today is the CMS will check for canView() as well as canEdit() in the backend so all users who can edit an object need to be able to view that object as well.

    1997 Views
Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.