CODEWITHSUNDEEP
phpsilverstripe
Semicolon
Semicolon

Reputation: 1914

SilverStripe hardcode permission setting EDIT_SITECONFIG

There is a specific PermissionCode that's not granted to ContentAuthor by default. It's about Permission code EDIT_SITECONFIG (enables Content Authors to view and edit "Settings" section).

This permission can be granted to roles in:
Security > Groups > Content Authors > Permissions > Manage site configuration

Site config permission

How can you force this permission to be granted to ContentAuthors by default?

Upvotes: 2

Views: 174

Answers (1)

3dgoo
3dgoo

Reputation: 15794

We can add an extension to the Group class that calls requireDefaultRecords to modify this variable.

mysite/code/extensions/CustomGroup.php

class CustomGroup extends DataExtension {

    public function requireDefaultRecords() {
        parent::requireDefaultRecords();

        $contentAuthorGroup = Group::get()->filter('Code', 'content-authors')->first();
        if ($contentAuthorGroup) {
            Permission::grant($contentAuthorGroup->ID, 'EDIT_SITECONFIG');
        }
    }
}

We enable our Group extension in our config.yml file.

mysite/_config/config.yml

Group:
  extensions:
    - CustomGroup

One thing to note with this solution is it will update the EDIT_SITECONFIG permission setting every time dev/build is called. This means if this permission is switched off through the CMS it will be switched back on the next time dev/build is called.

An alternative is to create the content author group on the first database build. This will only set EDIT_SITECONFIG once, allowing it to be overwritten through the CMS.

class CustomGroup extends DataExtension {

    public function requireDefaultRecords() {

        // Add default author group if no other group exists
        $allGroups = Group::get();
        if (!$allGroups->count()) {
            $authorGroup = new Group();
            $authorGroup->Code = 'content-authors';
            $authorGroup->Title = _t('Group.DefaultGroupTitleContentAuthors', 'Content Authors');
            $authorGroup->Sort = 1;
            $authorGroup->write();
            Permission::grant($authorGroup->ID, 'CMS_ACCESS_CMSMain');
            Permission::grant($authorGroup->ID, 'CMS_ACCESS_AssetAdmin');
            Permission::grant($authorGroup->ID, 'CMS_ACCESS_ReportAdmin');
            Permission::grant($authorGroup->ID, 'SITETREE_REORGANISE');
            Permission::grant($authorGroup->ID, 'EDIT_SITECONFIG');
        }

        parent::requireDefaultRecords();
    }
}

Upvotes: 3

Related Questions