silverstripe-framework/docs/en/04_Changelogs/3.3.0.md
2015-12-23 14:12:02 +13:00

23 lines
954 B
Markdown

# 3.3.0
## Upgrading notes
### New permission model for Versioned DataObjects
When adding the `Versioned` extension to dataobjects, typically it's necessary to explicitly declare
permissions on these objects in order to prevent un-published content surfacing to unauthenticated users.
In order to better support this, versioned by default will now deny canView permissions on objects
that are not published.
For more information on how to customise the permission model for versioned dataobjects then please
refer to the [versioned extension documentation](../developer_guides/model/versioning).
### Block ?stage=Stage for unauthenticated users
By default users must now be logged in with CMS access permissions in order to change the viewing
mode of the site frontend using the `?stage` querystring parameter.
This permission can be customised by altering the `Versioned.non_live_permissions`
config by assigning a different set of permissions.