Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

General Questions

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Security on DataObjects accessed via URL


3 Posts   1108 Views


15 July 2009 at 10:24am Community Member, 164 Posts

I have a ModelAdmin that allows editing of a DataObject by a member. However different members who log into the ModelAdmin part of the CMS are allowed to access only the DataObjects of a specific ID. However if a user types a path in the URL to another ID to edit then they are allowed access to it.

I need to find a way to make sure that the ModelAdmin currentRecord ID matches the ID that the member is allowed to view and edit.

I cannot seem to find a way to access the ModelAdmin_RecordController and get the currentRecord nor can I figure out how to extend the RecordController to one that is associated with my custom ModelAdmin.


18 July 2009 at 11:09am Community Member, 164 Posts

I was able to extend ModelAdmin_RecordController to include some security tests in the edit function. So it works now. Figuring out how to extend the ModelAdmin Controllers opens up a lot of possibilities.


16 March 2011 at 7:50am (Last edited: 17 March 2011 12:38am), Community Member, 110 Posts


I know this is a verry verry old post...

Dog (DataObject) has_one breeder, owner
Breeder(DataObject) extends member has_many Dogs

I need a way to let Breeders only edit there own Dogs