Jump to:

23454 Posts in 18904 Topics by 2877 members

General Questions

SilverStripe Forums » General Questions » Security on DataObjects accessed via URL

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1
Go to End
Author Topic: 1096 Views
  • micahsheets
    Avatar
    Community Member
    164 Posts

    Security on DataObjects accessed via URL Link to this post

    I have a ModelAdmin that allows editing of a DataObject by a member. However different members who log into the ModelAdmin part of the CMS are allowed to access only the DataObjects of a specific ID. However if a user types a path in the URL to another ID to edit then they are allowed access to it.

    I need to find a way to make sure that the ModelAdmin currentRecord ID matches the ID that the member is allowed to view and edit.

    I cannot seem to find a way to access the ModelAdmin_RecordController and get the currentRecord nor can I figure out how to extend the RecordController to one that is associated with my custom ModelAdmin.

  • micahsheets
    Avatar
    Community Member
    164 Posts

    Re: Security on DataObjects accessed via URL Link to this post

    I was able to extend ModelAdmin_RecordController to include some security tests in the edit function. So it works now. Figuring out how to extend the ModelAdmin Controllers opens up a lot of possibilities.

  • Stefdv
    Avatar
    Community Member
    110 Posts

    Re: Security on DataObjects accessed via URL Link to this post

    {SOLVED}
    Hello,

    I know this is a verry verry old post...

    Dog (DataObject) has_one breeder, owner
    Breeder(DataObject) extends member has_many Dogs

    I need a way to let Breeders only edit there own Dogs

    1096 Views
Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.