Silverstripe 3 - 无法从CMS实施控制器访问安全性 [英] Silverstripe 3 - Unable to implement controller access security from CMS
问题描述
下午好,
我还是新鲜的银条,我想弄清楚一些非常简单的任务。
目前,我尝试通过我的页面控制器函数实现安全限制,该函数已经在DataObject中创建并通过CMS配置。
请参阅以下示例:
class MyComponent extends DataObject implements PermissionProvider {
///> ...这只是一个片段而不是完整的类...
///> @Override
public function canView($ member = null){
return Permission :: check('COMPONENT_VIEW');
} // canView
/ **
* \brief其余的权限函数遵循与上面相同的格式
* ie:canEdit,canDelete, canCreate
* /
///> @Override
function providePermissions(){
return array(
'COMPONENT_VIEW'=>'Can查看组件对象',
'COMPONENT_EDIT'=>'可以编辑组件对象',
'COMPONENT_DELETE'=>'可以删除组件对象',
'COMPONENT_CREATE' >'可以创建组件对象',
);
} // providePermissions
} // class
好的,所以上面的类工作伟大;
这里是问题的所在,请参阅下面的代码:
///>控制器类片段
类My_Controller扩展Page_Controller {
public function ListMyComponents {
$ components = MyComponent :: get() - > filter(array('Status'=>'Enable'));
///>注意:我如何检查用户是否有权查看组件?
///>我甚至尝试,Member :: canView(Member :: currentUser());它不工作!
return $ components;
} // ListMyComponents
} // class
///> ss模板文件片段
<%if ListMyComponents%>
<%loop ListMyComponents%>
$标题
<%end_loop%>
<%end_if%>感谢您的帮助。 解决方案我想出来了。
基本上,我可以只在控制器中做一个Permission :: check。请参阅下面的解决方案代码:
public function ListMyComponents(){
$ components = null;
if(Permission :: check('COMPONENT_VIEW')){
$ components = MyComponent :: get() - > filter(array('Status'=>'Enable'));
}
return $ components;
} // ListMyComponents
感谢,但对于那些可能已经研究解决这个问题。
Good afternoon,
I'm still new to silverstripe and I'm trying to figure out some really simple tasks.
Currently, I'm trying to implement the security restrictions from my page controller function that was already created within my DataObject and configured via the CMS.
However, whether or not I grant the user access to view the object, the user sees it anyhow.
See example below:
class MyComponent extends DataObject implements PermissionProvider{
///>... this is just a snippet not the full class ...
///>@Override
public function canView($member = null){
return Permission::check('COMPONENT_VIEW');
}//canView
/**
* \brief the rest of the permission functions follow the same format as above
* i.e: canEdit, canDelete, canCreate
*/
///>@Override
function providePermissions(){
return array(
'COMPONENT_VIEW' => 'Can view a component object',
'COMPONENT_EDIT' => 'Can edit a component object',
'COMPONENT_DELETE' => 'Can delete a component object',
'COMPONENT_CREATE' => 'Can create a component object',
);
}//providePermissions
}//class
Okay, so the class above works great; I can toggle the permissions on|off within a group for a user from the CMS admin section.
Here's where the problem is at, see code below:
///>Controller class snippet
class My_Controller extends Page_Controller{
public function ListMyComponents(){
$components = MyComponent::get()->filter(array('Status' => 'Enable'));
///>NOTE: How can I check to see if the user has access to view the component???
///> I've even tried, Member::canView(Member::currentUser()); It doesn't work!
return $components;
}//ListMyComponents
}//class
///>ss template file snippet
<% if ListMyComponents %>
<% loop ListMyComponents %>
$Title
<% end_loop %>
<% end_if %>
Thanks for your assistance.
解决方案 I've figured it out.
Basically, I can just do a Permission::check within the Controller as well. See below code for solution:
public function ListMyComponents(){
$components = null;
if(Permission::check('COMPONENT_VIEW')){
$components = MyComponent::get()->filter(array('Status' => 'Enable'));
}
return $components;
}//ListMyComponents
Thanks though, for those who may have been researching to solve this.
这篇关于Silverstripe 3 - 无法从CMS实施控制器访问安全性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
