Permission to create pagetypes

Prevent users from creating certain pagetypes

- Unless they have the proper permission!!!

Case: only the administrator should be able to add/delete certain pagetypes. These pagetypes should not be available in the Create dropdown in the CMS, nor in the 'Page Type' dropdown on the behaviour tab. One way to handle this would be by adding a new special permission for this. This is what we need to do:

  • Add a new permission 'Can manage restricted pagetypes'
  • Create a canManageRestrictedPagetypes() method that checks if the user can...
  • Extend the canView() and the canDelete() to use canManageRestrictedPagetypes()
  • Define a static variable $restricted_pagetypes, to set which pagetypes are restricted

Read more about adding new permissions

Preparing the Page class

In your Page class:

class Page extends SiteTree implements PermissionProvider  {

	...

	/*
	 *  array of restricted pagetypes, only to be managed
	 *  by users that have MANAGE_RESTRICTED_PAGETYPES permission
	 */
	protected static $restricted_pagetypes = array();



	/*
	 *  Add a new permission
	 */ 
	function providePermissions(){
		return array(
			'MANAGE_RESTRICTED_PAGETYPES' => array(
				'name' => _t(
					'Page.RESTRICTED_PAGETYPES',
					'Manage restricted pagetypes'
				),
				'category' => _t(
					'Page.PERMISSIONS_SETTINGS',
					'Special settings'
				),
				'help' => _t(
					'Page.RESTRICTED_PAGETYPES_HELP',
					'Can create and delete restricted pagetypes'
				),
				'sort' => 100
			)
		);
	} 



	/*
	 * setter for resticted pagetpes
	 */
	public function set_restricted_pagetypes($pagetypes) {
		self::$restricted_pagetypes = $pagetypes;
	}



	/*
	 *  check if this is a restricted pagetype and if the user
	 *  has permission to manage restricted pagetypes
	 */
	protected function canManageRestrictedPagetypes($Member) {

		// are there any restricted pagetypes?
		if (!empty(self::$restricted_pagetypes)) {
			if (in_array($this->ClassName, self::$restricted_pagetypes)) {

				if (!permission::check('MANAGE_RESTRICTED_PAGETYPES')) {
					return false;
				}
			}
		}
		return true;
	}



	/*
	 *  disable the creation of restricted pages for people
	 *  that don't have the right pernmissions
	 */
 	function canCreate($Member = null){
		if ($this->canManageRestrictedPagetypes($Member)) {
			return parent::canCreate($Member);
		} else {
			return false;
		}
	}



	/*
	 *  disable the deletion of restricted pages for people
	 *  that don't have the right pernmissions
	 */
	function canDelete($Member = null){
		if ($this->canManageRestrictedPagetypes($Member)) {
			return parent::canDelete($Member);
		} else {
			return false;
		}
	}

	...
}

This codeshould be pretty much self explanatory, if not, please read 'Adding new permissions'.

Setting the restricted pagetypes in your config

in your _config .php

// create a set of restricted pagetypes
Page::set_restricted_pagetypes(array(
	'ErrorPage', 
	'VirtualPage', 
	'RedirectorPage'
));

Comments

  • Thanks for pointing that out, Marijn. Goes to show I should be more careful when rewriting things...

    Updated, should be OK now.

    Verstuurd door Martine, 16/02/2012 4:10pm (6 jaar geleden)

  • Hi,

    Thanks for the sample code, there are a few minor bugs in it though:

    Line 29 missing )

    Lines 47 and 61 checkRestrictedPagetypes should be canManageRestrictedPagetypes

    To be able to set the permissions in Security it also requires:
    // Add a new permission
    function providePermissions(){
    return array('MANAGE_RESTRICTED_PAGETYPES' => 'Manage Restricted Page Types');
    }


    Best wishes,

    Marijn.

    Verstuurd door Marijn Kampf, 16/02/2012 11:42am (6 jaar geleden)

Het versturen van reacties is uitgeschakeld.

RSS feed voor reacties op deze pagina