Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

General Questions /

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Security on DataObjects accessed via URL


Reply


3 Posts   1138 Views

Avatar
micahsheets

Community Member, 165 Posts

15 July 2009 at 10:24am

I have a ModelAdmin that allows editing of a DataObject by a member. However different members who log into the ModelAdmin part of the CMS are allowed to access only the DataObjects of a specific ID. However if a user types a path in the URL to another ID to edit then they are allowed access to it.

I need to find a way to make sure that the ModelAdmin currentRecord ID matches the ID that the member is allowed to view and edit.

I cannot seem to find a way to access the ModelAdmin_RecordController and get the currentRecord nor can I figure out how to extend the RecordController to one that is associated with my custom ModelAdmin.

Avatar
micahsheets

Community Member, 165 Posts

18 July 2009 at 11:09am

I was able to extend ModelAdmin_RecordController to include some security tests in the edit function. So it works now. Figuring out how to extend the ModelAdmin Controllers opens up a lot of possibilities.

Avatar
Stefdv

Community Member, 110 Posts

16 March 2011 at 7:50am

Edited: 17/03/2011 12:38am

{SOLVED}
Hello,

I know this is a verry verry old post...

Dog (DataObject) has_one breeder, owner
Breeder(DataObject) extends member has_many Dogs

I need a way to let Breeders only edit there own Dogs