Hi

I want to extend or decorate securityadmin to create an area with slightly less permissions. In a situation where there are admin, regular members and content providers, content providers should be able to view, create and update members but not be able to even see admin, let alone be able to change them.

I might be able to just extend permissions and create a new permission such as 'Access to security for members' instead of 'access to security' where they are granted full access.

I think this would be useful for many sites but not sure the best way to go about this. Anyone have any advice?

Thanks

Will

The default way permissions are set up is that only an admin can edit an admin. If you need more control than this, you can decorate Member and provide canEdit($member) and canView($member) methods (where $member is the Member that's requesting permission, $this->owner is the Member they want the permission to edit/view).

Hi Simon

thanks for the help and sorry for the slow reply. Am I right in the way you are saying that I would use a function like

canView($member){
if(permission::check('ADMIN')){
return true;
}else{
if($this->owner->Group=admin){
return false;
}
}

}

to grant permission if they are admin and if they are not, see whether they are looking at admins and is so block.

I find the permission system on SS can be a bit temperamental for example if I block a user group from viewing a certain page type but they still have cms access, when they are in the admin area it can become unresponsive. The error message is

$("Form_EditForm") is null

which seems to be a problem from trying to pull up a page they can't see. there may be a simpler way to go about this I'm not seeing but i would like to have a group who can get access to the CMS but not see all pages, edit and add users but not see administrators details.

thanks for the time