Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We're retiring the forums!

The SilverStripe forums have passed their heyday. They'll stick around, but will be read only. We'd encourage you to get involved in the community via the following channels instead:

Archive /

Our old forums are still available as a read-only archive.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo

discrete user access

Go to End

3 Posts   1749 Views


Community Member, 13 Posts

5 July 2008 at 5:10am

i have an upcoming project that is going to require what essentially boils down to an editable user page for 200+ users. something like

the mypage section needs to be editable by the user of that page and by the site admin, but no one else. the owner of the mypage section should also only be allowed to see/edit their page in the admin console. based on the last site i did with silverstripe it would appear i need to create a group for each user in order to limit their access to a single page. is that correct or have i missed something?


Forum Moderator, 801 Posts

5 July 2008 at 10:52am

Yes, we don't do permissions by user - if you want to use the built-in permission controls, that means one group per user. for the frontend it would be possible to customize this in your Page_Controller->init() method (and some custom page-relation-fields on the Member object). in the backend this level of customization would be tricky though.

ideally the sitetree and cms UI would query the canView()/canEdit()/canDelete() methods on each Page object, which you could then overload to check for a specific user-id etc. - but thats not implemented yet afaik.


Administrator, 690 Posts

7 July 2008 at 1:41pm

Edited: 07/07/2008 1:42pm

Another solution here is to overload the Page::canEdit() method - make this return true when the currently logged-in user is allowed to edit the current page.

The CMS will automatically update itself in response to this value. Please note that in defining this method you will be overriding the built-in permission control on page editing. You might want to limit this functionality to a custom page class.

Here's a little example to get you started.

function canEdit() {
  return Permission::check("ADMIN") || ($this->OwnerID && $this->OwnerID = Member::currentUserID());