SSbits - Home page
Site by Carbon Crayon
Submit a Post >

Snippets - Little bits of code to make you happy

Using canCreate(), canEdit(), canDelete() and canPublish() to manage page type permissions

Often you will want to control which users can create, edit, delete and publish certain page types. For example you may only want high level users to be able to create ContactPage page types, or prevent low level users from deleting HomePage page types. This can easily be achieved by adding these functions to the page type model (usually just before getCMSFields()). Then within the function you can define conditionals which decide whether to return true or false.

So let's say you have created the permission code in this snippet. We can now use that permission code and the canCreate() function to decide whether a particular user can create this page type:

	function canCreate($Member = null){
		if(permission::check('SUPERUSER')){
			return true;
		}else{
			return false;
		}
	}

This function uses the Permission::check() call to check whether the current user is in a group which has a particular permission code assigned to it.

Alternatively you could check the ID of the group the user is in by using Member::currentUser()->inGroup($GroupID) in the if() statement.

This code goes for each of these functions:

canEdit($Member = null) - If false returned removes editing ability from a particular page type
canDelete($Member = null)
- If false returned removes the delete buttons from the page.
canCreate($Member = null) - If false returned removes from the page type dropdown.
canPublish($Member = null) - If false returned removes the publish button from the page.

Combining these functions gives you a powerful way to control your site permissions and when used alongside the CMS access permissions you have complete control over your sites security structure.

Note. The $Member = null argument for each function is used in Unit testing, and is good practice to include even though it will still work without.

Aram Balakjian avatar

Aram Balakjian

Aram is a web developer running London based agency Aab Web. He has a strong passion for developing attractive, usable sites around the SilverStripe CMS.

  • moloko_man
    26/01/2011 5:18pm (4 years ago)

    I have Silverstripe setup in a DEV environment on my local machine, then I push to the LIVE server.
    After trying to use Member::currentUser()->inGroup($GroupID) I found that it was breaking between my local version and the Live version. So I found (probably what most people already know) that the inGroup() can check for 3 different types of variables.

    Group.ID, Group.Title or Group.Code

    So you can use Member::currentUser()->inGroup('Administrators'); or Member::currentUser()->inGroup('content-authors'); and it wont break if the ID is different between different versions of your site.

  • Learner
    18/01/2013 5:51am (2 years ago)

    Hi..I am working on the permission currently.i have assigned permissions to my custom modules under the permission tab(in security )but what i want is to have individual checkbox to edit/Add/Delete in front of each module so that depending on the permission to add edit and Delete i can add code to my modules..

Post a comment ...

You cannot post comments until you have logged in. Login Here.

Advertisement

Site of the Month

Find SSbits on

Top Contributers

Rank Avatar Name
1 article image Aram Balakjian
2 article image Daniel Hensby
3 article image Marcus Dalgren
4 article image Hamish Campbell
5 article image Ty Barho
6 article image Martijn van Nieuwenhoven
7 article image Darren-Lee
8 article image Roman Schmid
9 article image Matt Clegg
10 article image dalesaurus

View full leaderboard


Advertisement