From 943340c114db3dbfae5b995751b76e394127798a Mon Sep 17 00:00:00 2001
From: Daniel Hensby <dhensby@users.noreply.github.com>
Date: Mon, 9 Feb 2015 13:35:07 +0000
Subject: [PATCH] NEW Don't modify the field if no canCreate

This stops the Add button showing if the member doesn't have permission to create the object type.
---
 code/extensions/QuickAddNewExtension.php | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/code/extensions/QuickAddNewExtension.php b/code/extensions/QuickAddNewExtension.php
index 39459f1..529f148 100644
--- a/code/extensions/QuickAddNewExtension.php
+++ b/code/extensions/QuickAddNewExtension.php
@@ -58,6 +58,11 @@ public function useAddNew($class, $sourceCallback, FieldList $fields = null, Req
 		if(!is_callable($sourceCallback)){
 			throw new Exception('the useAddNew method must be passed a callable $sourceCallback parameter, ' . gettype($sourceCallback) . ' passed.');
 		}
+		
+		// if the user can't create this object type, don't modify the form
+		if (!singleton($class)->canCreate()) {
+			return $this->owner;
+		}
 
 		Requirements::javascript(THIRDPARTY_DIR . '/jquery/jquery.js');
 		Requirements::javascript(THIRDPARTY_DIR . '/jquery-entwine/dist/jquery.entwine-dist.js');
@@ -132,6 +137,9 @@ public function AddNewFormHTML(){
 	 **/
 	public function doAddNew($data, $form){
 		$obj = Object::create($this->addNewClass);
+		if (!$obj->canCreate()) {
+			return Security::permissionFailure(Controller::curr(), "You don't have permission to create this object");
+		}
 		$form->saveInto($obj);
 		
 		try {