-
-
Save svandragt/b151bbf2efd0138d5e04 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
class Course extends DataObject { | |
public static $db = array( | |
'Title' => 'Varchar(500)', | |
); | |
public static $summary_fields = array( | |
'Title', | |
); | |
public static $searchable_fields = array( | |
'ID', | |
'Title', | |
); | |
public function canCreate($member = null) { | |
return true; | |
} | |
public function canDelete($member = null) { | |
return Permission::check('ADMIN'); | |
} | |
public function canEdit($member = null) { | |
return Permission::check('ADMIN'); | |
} | |
public function canView($member = null) { | |
return true; | |
} | |
public function getCMSFields() { | |
$fields = parent::getCMSFields(); | |
Debug::show($this->canEdit()); | |
return $fields; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
class CourseModelAdmin extends ModelAdmin { | |
public static $managed_models = array( | |
'Course', | |
); | |
// Can manage multiple models | |
static $url_segment = 'courses'; | |
static $menu_title = 'Courses'; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* login as admin & /dev/build | |
* create another user that's not admin | |
* Browse to /admin | |
* click on courses in the left hand navigation and create a course. copy the URL | |
* login as the other user | |
* Confirm that you cannot click into the course from the listing | |
* paste the url of the course and see that all fields are editable and that the edit/delete button is there even though the user doesn't have permission. (/admin/courses/Course/EditForm/field/Course/item/1/edit) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment