silverstripemodeladmin

Silverstripe access to one page with model admin

Does anybody knows how to get an access to dataobject entries when one group is limited to one site section?

I have sections like:

Home
About us 
Products |        <----- Group "Marketing" have an access to this place only.
         |-> Product group 1
         |-> Product group 2

The problem I have is that I can limit an access for "Marketing" group and they're able to edit and view the page (and children-pages) but don't see DataObject entries (there's no listing) as well as add/delete or edit those entries.

If I will set "all administrator access" to the "Marketing" group the it works but at the same this group have an access to the whole site. (and I'd like it to have it just to "Products" and it's children.

Does anybody knows how to sort this out?

Solution

  • The permissions on DataObjects require "ADMIN" permissions by default. I usually just add an extension to DataObjects that should be editable by non-admins, something like this:

    class CanEditExtension extends DataExtension
{
    public function canEdit($member){
        return 
            Permission::check('CMS_ACCESS_CMSMain', 'any', $member) 
            || Permission::check('CMS_ACCESS_LeftAndMain', 'any', $member);
    }   
    public function canView($member){
        return 
            Permission::check('CMS_ACCESS_CMSMain', 'any', $member) 
            || Permission::check('CMS_ACCESS_LeftAndMain', 'any', $member);
    }

    public function canCreate($member = null){
        return 
            Permission::check('CMS_ACCESS_CMSMain', 'any', $member) 
            || Permission::check('CMS_ACCESS_LeftAndMain', 'any', $member);
    }

    public function canDelete($member = null){
        return 
            Permission::check('CMS_ACCESS_CMSMain', 'any', $member) 
            || Permission::check('CMS_ACCESS_LeftAndMain', 'any', $member);
    }
}

    Then, apply the extension via YAML config:

    # in mysite/_config/config.yml
MyDataObject:
  extensions:
    - CanEditExtension

    Or you can specify the extension directly in your class:

    class MyDataObject extends DataObject
{
    private static $extensions = array('CanEditExtension');
}