Silverstripe 3 - Unable to implement controller access security from CMS

问题

Good afternoon,

I'm still new to silverstripe and I'm trying to figure out some really simple tasks.

Currently, I'm trying to implement the security restrictions from my page controller function that was already created within my DataObject and configured via the CMS.

However, whether or not I grant the user access to view the object, the user sees it anyhow.

See example below:

class MyComponent extends DataObject implements PermissionProvider{
  ///>... this is just a snippet not the full class ...

  ///>@Override
  public function canView($member = null){
      return Permission::check('COMPONENT_VIEW');
  }//canView

  /**
   * \brief the rest of the permission functions follow the same format as above 
   * i.e: canEdit, canDelete, canCreate
   */

  ///>@Override
  function providePermissions(){
     return array(
        'COMPONENT_VIEW' => 'Can view a component object',
        'COMPONENT_EDIT' => 'Can edit a component object',
        'COMPONENT_DELETE' => 'Can delete a component object',
        'COMPONENT_CREATE' => 'Can create a component object',
     );
  }//providePermissions


}//class

Okay, so the class above works great; I can toggle the permissions on|off within a group for a user from the CMS admin section.

Here's where the problem is at, see code below:

///>Controller class snippet
class My_Controller extends Page_Controller{

      public function ListMyComponents(){
          $components = MyComponent::get()->filter(array('Status' => 'Enable'));

          ///>NOTE: How can I check to see if the user has access to view the component???
          ///> I've even tried, Member::canView(Member::currentUser()); It doesn't work!

          return $components;
      }//ListMyComponents
}//class

///>ss template file snippet
<% if ListMyComponents %>
   <% loop ListMyComponents %>
       $Title
   <% end_loop %>
<% end_if %>

Thanks for your assistance.

回答1:

I've figured it out. Basically, I can just do a Permission::check within the Controller as well. See below code for solution:

public function ListMyComponents(){
    $components = null;
    if(Permission::check('COMPONENT_VIEW')){
       $components = MyComponent::get()->filter(array('Status' => 'Enable'));
    }
    return $components;
}//ListMyComponents

Thanks though, for those who may have been researching to solve this.

来源：https://stackoverflow.com/questions/26807801/silverstripe-3-unable-to-implement-controller-access-security-from-cms