Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

General Questions

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Security on DataObjects accessed via URL


Reply

3 Posts   1108 Views

Avatar
micahsheets

15 July 2009 at 10:24am Community Member, 164 Posts

I have a ModelAdmin that allows editing of a DataObject by a member. However different members who log into the ModelAdmin part of the CMS are allowed to access only the DataObjects of a specific ID. However if a user types a path in the URL to another ID to edit then they are allowed access to it.

I need to find a way to make sure that the ModelAdmin currentRecord ID matches the ID that the member is allowed to view and edit.

I cannot seem to find a way to access the ModelAdmin_RecordController and get the currentRecord nor can I figure out how to extend the RecordController to one that is associated with my custom ModelAdmin.

Avatar
micahsheets

18 July 2009 at 11:09am Community Member, 164 Posts

I was able to extend ModelAdmin_RecordController to include some security tests in the edit function. So it works now. Figuring out how to extend the ModelAdmin Controllers opens up a lot of possibilities.

Avatar
Stefdv

16 March 2011 at 7:50am (Last edited: 17 March 2011 12:38am), Community Member, 110 Posts

{SOLVED}
Hello,

I know this is a verry verry old post...

Dog (DataObject) has_one breeder, owner
Breeder(DataObject) extends member has_many Dogs

I need a way to let Breeders only edit there own Dogs