silverstripe-framework/docs/en/04_Changelogs/3.3.0.md
2015-12-10 17:48:06 +13:00

953 B

3.3.0

Upgrading notes

New permission model for Versioned DataObjects

When adding the Versioned extension to dataobjects, typically it's necessary to explicitly declare permissions on these objects in order to prevent un-published content surfacing to unauthenticated users.

In order to better support this, versioned by default will now deny canView permissions on objects that are not published.

For more information on how to customise the permission model for versioned dataobjects then please refer to the versioned extension documentation.

Block ?stage=Stage for unauthenticated users

By default users must now be logged in with CMS access permissions in order to change the viewing mode of the site frontend using the ?stage querystring parameter.

This permission can be customised by altering the Versioned.non_live_permissions config by assigning a different set of permissions.