"Varchar", ); private static $has_one = array( "Role" => "PermissionRole", ); protected function validate() { $result = parent::validate(); // Check that new code doesn't increase privileges, unless an admin is editing. $privilegedCodes = Config::inst()->get('Permission', 'privileged_permissions'); if( $this->Code && in_array($this->Code, $privilegedCodes) && !Permission::check('ADMIN') ) { $result->error(sprintf( _t( 'PermissionRoleCode.PermsError', 'Can\'t assign code "%s" with privileged permissions (requires ADMIN access)' ), $this->Code )); } return $result; } public function canCreate($member = null, $context = array()) { return Permission::check('APPLY_ROLES', 'any', $member); } public function canEdit($member = null) { return Permission::check('APPLY_ROLES', 'any', $member); } public function canDelete($member = null) { return Permission::check('APPLY_ROLES', 'any', $member); } }