2015-12-10 05:45:46 +01:00
|
|
|
# 3.3.0
|
|
|
|
|
|
|
|
|
|
## Upgrading notes
|
|
|
|
|
|
|
|
|
|
### New permission model for Versioned DataObjects
|
|
|
|
|
|
|
|
|
|
When adding the `Versioned` extension to dataobjects, typically it's necessary to explicitly declare
|
|
|
|
|
permissions on these objects in order to prevent un-published content surfacing to unauthenticated users.
|
|
|
|
|
|
|
|
|
|
In order to better support this, versioned by default will now deny canView permissions on objects
|
|
|
|
|
that are not published.
|
|
|
|
|
|
|
|
|
|
For more information on how to customise the permission model for versioned dataobjects then please
|
2015-12-23 02:12:02 +01:00
|
|
|
refer to the [versioned extension documentation](../developer_guides/model/versioning).
|
2015-12-10 05:45:46 +01:00
|
|
|
|
|
|
|
|
### Block ?stage=Stage for unauthenticated users
|
|
|
|
|
|
|
|
|
|
By default users must now be logged in with CMS access permissions in order to change the viewing
|
|
|
|
|
mode of the site frontend using the `?stage` querystring parameter.
|
|
|
|
|
|
|
|
|
|
This permission can be customised by altering the `Versioned.non_live_permissions`
|
|
|
|
|
config by assigning a different set of permissions.
|
