This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.
Please use forum.silverstripe.org for any new questions
(announcement).
The forum archive will stick around, but will be read only.
You can also use our Slack channel
or StackOverflow to ask for help.
Check out our community overview for more options to contribute.
Hi,
I want to add a member state (active, inactive, banned) which gets checked on login. The value is only set by the admin in the cms and is never visible to public. I have got this bit happening no worries.
So if the member tries to login it checks the account to see which state it is in and acts appropriately.
Where should i start to look for this?
thanks.
anyone?
I would implement a DataObjectDecorator.
Then add it as a role to Member
http://doc.silverstripe.com/doku.php?id=dataobjectdecorator&s=decorator
then implement
updateCMSFields
so that this 'member state' is only shown if a 'administor' is logged in...
g
Helmut
thanks Helmut,
I have already decorated the member to include the member state.
I now need to workout how to extend the authenticator classes to get it to check the member state.
i'm not sure why there's a need for a special authenticator?
DataObjectDecorator can define default for field-values
fe: 'active' for your 'member state'.
then someone could fe. 'special implement'
SiteTree::canEdit() for pages,
if these Memers are canCMS Members.
Additionally you could generate getCMSFields on your classes, depending on member state...
And only for restrictions about frontend users (members)
i could do things specially while frontend rendering, depending on your member state.
what is the missing part, so where's the need for an authenticator?
g
helmut
Because, won't that still log them in and just block them from seeing certain content?
I want them to be blocked from logging in but not have to remove them as members.
ok,
i thought about
'why not let him log in, if then, there's nothing he can do?'
which means i'ld throw
Security::permissionFailure(null);
in any controller, if he's not 'active'.
so it wouldn't matter that he is logged in...
i could additionally show him 'you're blocked' in his member profile...
g
helmut
Actually that is a good idea Helmut, that would make customising the message that they get much easier.
It would also allow them to take the right steps to have the ban removed but delivering custom messages through to them in their profile page.
