silverstripe-framework/docs/en/04_Changelogs/3.3.0.md

23 lines
954 B
Markdown
Raw Normal View History

2015-12-10 05:45:46 +01:00
# 3.3.0
## Upgrading notes
### New permission model for Versioned DataObjects
When adding the `Versioned` extension to dataobjects, typically it's necessary to explicitly declare
permissions on these objects in order to prevent un-published content surfacing to unauthenticated users.
In order to better support this, versioned by default will now deny canView permissions on objects
that are not published.
For more information on how to customise the permission model for versioned dataobjects then please
2015-12-23 02:12:02 +01:00
refer to the [versioned extension documentation](../developer_guides/model/versioning).
2015-12-10 05:45:46 +01:00
### Block ?stage=Stage for unauthenticated users
By default users must now be logged in with CMS access permissions in order to change the viewing
mode of the site frontend using the `?stage` querystring parameter.
This permission can be customised by altering the `Versioned.non_live_permissions`
config by assigning a different set of permissions.