Hi,
It might be a bit risky trying to replicate the behaviour of CanViewSecured - better just to call it directly, but the solution will depend on a few things, like how many files there are and how much traffic you're likely to get.
The easiest way would be to simply return an object with all Files to the template and call CanView (CanViewSecured is really an internal API method), eg (these examples are untested):
// MODEL:
<?php
function getAllFiles() {
return DataObject::get('File');
}
?>
// TEMPLATE:
<% if AllFiles %>
<% control AllFiles %>
<% if CanView %>
<p>Download <a href="$URL">$Name</a></p>
<% end_if %>
<% end_control %>
<% end_if %>
However this is going to be database intensive, especially if you have lots of files or folders.
Another solution would be to test Folders instead of Files, then return the Files in Folders that the current Member can view:
// MODEL:
function getViewableFiles() {
$files = new DataObjectSet();
$folders = DataObject::get('Folder');
if(!$folders) return $files;
foreach($folders as $folder)
if($folder->CanView())
if($subFiles = DataObject::get('File', "ClassName != 'Folder' && ParentID = {$folder->ID}"))
$files->merge($subFiles);
return $files; // Should contain all files that the member can view.
}
This will be more efficient that the first option, but it's still pretty hard on the database if there are a lot of folders.
The best option would probably be an extension that cached view permissions somehow, but that would be an advanced option if the above options were not suitable.
Hope this helps.
Hamish