Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We've moved the forum!

Please use forum.silverstripe.org for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

General Questions /

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

Security on DataObjects accessed via URL


Go to End


3 Posts   1397 Views

Avatar
micahsheets

Community Member, 165 Posts

15 July 2009 at 10:24am

I have a ModelAdmin that allows editing of a DataObject by a member. However different members who log into the ModelAdmin part of the CMS are allowed to access only the DataObjects of a specific ID. However if a user types a path in the URL to another ID to edit then they are allowed access to it.

I need to find a way to make sure that the ModelAdmin currentRecord ID matches the ID that the member is allowed to view and edit.

I cannot seem to find a way to access the ModelAdmin_RecordController and get the currentRecord nor can I figure out how to extend the RecordController to one that is associated with my custom ModelAdmin.

Avatar
micahsheets

Community Member, 165 Posts

18 July 2009 at 11:09am

I was able to extend ModelAdmin_RecordController to include some security tests in the edit function. So it works now. Figuring out how to extend the ModelAdmin Controllers opens up a lot of possibilities.

Avatar
Stefdv

Community Member, 110 Posts

16 March 2011 at 7:50am

Edited: 17/03/2011 12:38am

{SOLVED}
Hello,

I know this is a verry verry old post...

Dog (DataObject) has_one breeder, owner
Breeder(DataObject) extends member has_many Dogs

I need a way to let Breeders only edit there own Dogs