问题
I have dataobject :
class Documents extends DataObject implements PermissionProvider {
private static $db = array(
'DocType' => 'Text',
'ApprovalDate' => 'Date',
'PublicationDate' => 'Date',
'DocNumber' => 'Text',
'DocTitle' => 'Text',
'KeyWords' => 'Text'
);
private static $has_one = array(
'Member' => 'Member'
);
...
static $api_access = true;
public function canEdit($member = false) {
return (Member::currentUserID() == $this->MemberID) || parent::canEdit($member);
}
public function canDelete($member = false) {
return (Member::currentUserID() == $this->MemberID) || parent::canDelete($member);
}
public function canView($member = false) {
return Permission::check('DOCUMENTS_VIEW');
}
public function canCreate($member = false) {
return Permission::check('DOCUMENTS_CREATE');
}
function providePermissions() {
return array(
'DOCUMENTS_VIEW' => 'View Documents ',
'DOCUMENTS_EDIT' => 'Edit Documents ',
'DOCUMENTS_DELETE' => 'Delete Documents ',
'DOCUMENTS_CREATE' => 'Create Documents '
);
}
I have created group "Documents Developer" and granted it rightes DOCUMENTS_VIEW, EDIT, DELETE, CREATE. I want all users of this group could only view all documents and create new documents, and only owner (user with ID == MemberID) could edit and delete his documents. It works OK when user tryes to edit or delete his documents, or view other documents. But when he tryes to create new document (push "create" button in CMS), a pop-up window "Forbidden" appeares: (You can see CMS Window here) Give me please any ideas.
回答1:
I made some improvement in canEdit() function:
public function canEdit($member = false) {
if ($this->MemberID) return (Member::currentUserID() == $this->MemberID) || parent::canEdit($member);
return Permission::check('DOCUMENTS_EDIT') || parent::canEdit($member) ;
}
Now users can create Document. It seems to me, that when user tryes to create new document, $this->MemberID is undefined.
来源:https://stackoverflow.com/questions/36616176/silverstripe-model-level-permissions-cancreate-doesnt-work