Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We've moved the forum!

Please use forum.silverstripe.org for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

General Questions /

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

Restricting Access to "Logged in users" not working


Go to End


4 Posts   1812 Views

Avatar
TC81

Community Member, 11 Posts

14 July 2011 at 5:22am

I'm running Silverstripe 2.4.3 on a reasonable size site (around 500 pages) and we've just noticed a weird problem. We have several custom page typed (about 20 or so) and for only one of them, the Access settings no longer seem to work. Regardless of what it is set to it allows anyone to access the page (logged in or not). This doesn't happen on standard "Pages" or on the other custom page type pages that I have checked. We need this page type to be restricted to logged in users as it contains premium content.

Below is the code of the page:

<?php
/**
 * Defines the Song of the Week page type
 */
class SongOfTheWeek extends Page {
	
	static $icon = 'mysite/images/icons/songstory';
	
	public static $db = array(
		'Writer' => 'Varchar(250)',
		'Show_UK' => 'Boolean',
		'Show_US' => 'Boolean'
							 );
	
	public static $has_one = array(
		'Artist' => 'ArtistPage',
		'MP3' => 'File',
		'PDFSheet' => 'File'
	);
	
	public static $has_many = array(
		'MediaPlayerTracks' => 'MediaPlayerTrack',
		);
	
	static $field_labels = array(
			'Title' => 'Song Title',	
			);
	
	function getCMSFields() {
  		$fields = parent::getCMSFields();
		$fields->removeFieldFromTab("Root","Widgets");
		$fields->addFieldToTab('Root.Content.Main', new CheckboxField('Show_UK','Show on UK site?'), 'Content');
		$fields->addFieldToTab('Root.Content.Main', new CheckboxField('Show_US','Show on US site?'), 'Content');
		$fields->addFieldToTab("Root.Content.Main", new DropdownField('ArtistID', 'Artist', Dataobject::get('ArtistPage')->toDropdownMap('ID','Title')),'Content');
		$fields->addFieldToTab("Root.Content.Main", new TextField('Writer', 'Writer'),'Content');
		$fields->addFieldToTab('Root.Content.Main', new FileIFrameField('MP3','MP3 File for download'));
		$fields->addFieldToTab('Root.Content.Main', new FileIFrameField('PDFSheet','PDF Music sheet for download'));
		
		$MediaTable = new FileDataObjectManager(
			$this, // Controller
			'MediaPlayerTracks', // Source name
			'MediaPlayerTrack', // Source class
			'MP3', // File name on DataObject
			array(
				'Title' => 'Title', 
				'Artist' => 'Artist'
			), // Headings 
			'getCMSFields_forPopup' // Detail fields (function name or FieldSet object)
			// Filter clause
			// Sort clause
			// Join clause
		);
		
		
		//$MediaTable = new HasManyFileManager($this, 'MediaPlayerTracks', 'TrackFile');
		
		$fields->addFieldToTab('Root.Content.MediaPlayer', $MediaTable);
		
		return $fields;
	}
}
 
class SongOfTheWeek_Controller extends Page_Controller {
}
 
?>

I don't know if it's connected, but I load these pages for display on the home page using the following code. I have been using this approach for well over a year and it never caused this issue before:

function FreeSong() {
		$now = strtotime('now');
		$country = Session::get('KWCountry');
		if ($country == "US" || $country == "CA") {
				$freesong = DataObject::get('SongOfTheWeek', '"SongOfTheWeek_Live"."Expiry" >= NOW() AND "SongOfTheWeek_Live"."Embargo" <= NOW() AND ParentID = 227 AND Show_US = True ','','',1);				
			}
		else {						 
			$freesong = DataObject::get('SongOfTheWeek', '"SongOfTheWeek_Live"."Expiry" >= NOW() AND "SongOfTheWeek_Live"."Embargo" <= NOW() AND ParentID = 227 AND Show_UK = True','','',1);	
			}
		
		return $freesong;
	}

I've drawn a blank so far - any help would be appreciated.

Avatar
TC81

Community Member, 11 Posts

14 July 2011 at 10:53am

I managed to fix my own problem. It was caused by the Embargo Expiry Module. In case anyone else has the same issue in future the fix is to edit EmbargoExpiryDecorator.php to the following:


<?php

class EmbargoExpiryDecorator extends DataObjectDecorator {
	function extraStatics() {
		return array("db" => array('Embargo' => 'Datetime', 'Expiry' => 'Datetime'));
	}
	
	function canView($member) {
		if(Permission::checkMember($member, 'ADMIN')) {
			return true;
		}
		$now = strtotime('now');
		if($this->owner->Embargo && strtotime($this->owner->Embargo) > $now) {
			return false;
		} elseif($this->owner->Expiry && strtotime($this->owner->Expiry) < $now) {
			return false;
		} elseif($this->can("View"))  {
			return true;
		} else {
			return false;
		}
	}
	
	function updateCMSFields(&$fields) {
		$tab = 'Root.Content.Times';
		
		$fields->addFieldToTab($tab, new PopupDateTimeField('Embargo', _t('EmbargoExpiryDecorator.EMBARGO', 'Embargo')));
		$fields->addFieldToTab($tab, new PopupDateTimeField('Expiry', _t('EmbargoExpiryDecorator.EXPIRY', 'Expiry')));
	}
}

Avatar
jamie

Community Member, 4 Posts

26 July 2011 at 7:54am

Edited: 26/07/2011 9:28am

Actually, I was getting problems using
$this->can("View") as a condition so I returned the result e.g.

	function canView($member) {
		if(Permission::checkMember($member, 'ADMIN')) {
			return true;
		}
		$now = strtotime('now');
		if($this->owner->Embargo && strtotime($this->owner->Embargo) > $now) {
			return false;
		} elseif($this->owner->Expiry && strtotime($this->owner->Expiry) < $now) {
			return false;
		}else{
        	        return $this->can("View");
      	        }
	}

Anyone know why this is?

Avatar
TC81

Community Member, 11 Posts

26 July 2011 at 11:19am

Sorry, yes... I meant to update this saying that my change still wasn't working right. It was allowing the user onto the page but displaying an error message on the page itself saying that they could view the content. I just disabled embargo / expiry on the site as the client neededma quick fix. I will try yours and see if it works correctly for me.