15 July 2009 at 10:24am
I have a ModelAdmin that allows editing of a DataObject by a member. However different members who log into the ModelAdmin part of the CMS are allowed to access only the DataObjects of a specific ID. However if a user types a path in the URL to another ID to edit then they are allowed access to it.
I need to find a way to make sure that the ModelAdmin currentRecord ID matches the ID that the member is allowed to view and edit.
I cannot seem to find a way to access the ModelAdmin_RecordController and get the currentRecord nor can I figure out how to extend the RecordController to one that is associated with my custom ModelAdmin.
18 July 2009 at 11:09am
I was able to extend ModelAdmin_RecordController to include some security tests in the edit function. So it works now. Figuring out how to extend the ModelAdmin Controllers opens up a lot of possibilities.