DOC Document new "Only these users" permission (#298)

silverstripe · Jul 6, 2023 · 32ddcf4 · 32ddcf4
1 parent 051908d
commit 32ddcf4
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 1 deletion.
diff --git a/en/02_Developer_Guides/14_Files/03_File_Security.md b/en/02_Developer_Guides/14_Files/03_File_Security.md
@@ -59,7 +59,7 @@ There's a few rules guiding their access, in descending order of priority:
    have edit access by default, regardless of further restrictions below.
  * View or edit access can be restricted per file or folder through
    an inherited permissions model similar to page content (through [api:SilverStripe\Security\InheritedPermissionsExtension]).
-   There are four types: "Inherit from parent" (default), "Anyone", "Logged-in users", or "Only these groups".
+   There are five types: "Inherit from parent" (default), "Anyone", "Logged-in users", "Only these groups", or "Only these users".
  * Protected files (incl. draft files) allow view/edit access when `File::$non_live_permissions` is satisfied.
    By default, that's configured for anyone with access to any CMS section, or
    the ability to "view draft content".

diff --git a/en/04_Changelogs/5.1.0.md b/en/04_Changelogs/5.1.0.md
@@ -10,6 +10,7 @@ title: 5.1.0 (unreleased)
   - [Eager loading](#eager-loading)
   - [GraphQL schema can be stored in `silverstripe-cache`](#gql-schema-is-cache)
   - [Improvement to page search performance with Elemental](#cms-search-performance)
+  - [New `InheritedPermissions` option - only these members](#only-these-members)
   - [Other new features](#other-features)
 - [API changes](#api-changes)
 - [Dependency changes](#dependency-changes)
@@ -68,6 +69,14 @@ App\MyElement:
     - AnotherFieldToExclude
 ```
 
+### New `InheritedPermissions` option - only these members {#only-these-members}
+
+Applying the [`InheritedPermissionsExtension`](api:SilverStripe\Security\InheritedPermissionsExtension) to a `DataObject` class gives you the ability to declare that only users in certain groups can view or edit those records. This extension is applied by default to the [`File`](api:SilverStripe\Assets\File) and [`SiteTree`](SilverStripe\CMS\Model\SiteTree) classes.
+
+A new permission has been added to [`InheritedPermissions`](api:SilverStripe\Security\InheritedPermissions), which powers that extension. The new permission (`InheritedPermissions::ONLY_THESE_MEMBERS`) allows you to define which specific `Member` records should have access to your records, regardless of which groups those members belong to.
+
+In the CMS, this new permission is available for files and pages by setting "Who can view/edit this page/file" to "Only these users".
+
 ### Other new features
 
 - You can now exclude specific `DataObject` models from the check and repair step of `dev/build` - see [ORM Performance](/developer_guides/performance/orm/#skip-check-and-repair) for more information.