21288 Posts in 5733 Topics by 2602 members
|
Page:
1
|
Go to End | |
| Author | Topic: | 973 Views |
-
Security on DataObjects accessed via URL
15 July 2009 at 10:24am
I have a ModelAdmin that allows editing of a DataObject by a member. However different members who log into the ModelAdmin part of the CMS are allowed to access only the DataObjects of a specific ID. However if a user types a path in the URL to another ID to edit then they are allowed access to it.
I need to find a way to make sure that the ModelAdmin currentRecord ID matches the ID that the member is allowed to view and edit.
I cannot seem to find a way to access the ModelAdmin_RecordController and get the currentRecord nor can I figure out how to extend the RecordController to one that is associated with my custom ModelAdmin.
-
Re: Security on DataObjects accessed via URL
18 July 2009 at 11:09am
I was able to extend ModelAdmin_RecordController to include some security tests in the edit function. So it works now. Figuring out how to extend the ModelAdmin Controllers opens up a lot of possibilities.
-
Re: Security on DataObjects accessed via URL
16 March 2011 at 7:50am Last edited: 17 March 2011 12:38am
{SOLVED}
Hello,I know this is a verry verry old post...
Dog (DataObject) has_one breeder, owner
Breeder(DataObject) extends member has_many DogsI need a way to let Breeders only edit there own Dogs
| 973 Views | ||
|
Page:
1
|
Go to Top |
