diff --git a/code/CMSMain.php b/code/CMSMain.php
index 18424ec1..a2f9a1c0 100755
--- a/code/CMSMain.php
+++ b/code/CMSMain.php
@@ -369,7 +369,9 @@ JS;
  	public function getRecord($id) {
 		$treeClass = $this->stat('tree_class');
 
-		if($id && is_numeric($id)) {
+		if($id instanceof $treeClass) {
+			return $id;
+		} else if($id && is_numeric($id)) {
 			$version = isset($_REQUEST['Version']) ? $_REQUEST['Version'] : null;
 			if(is_numeric($version)) {
 				$record = Versioned::get_version($treeClass, $id, $version);
@@ -417,11 +419,12 @@ JS;
 		// Include JavaScript to ensure HtmlEditorField works.
 		HtmlEditorField::include_js();
 
+		if(!$id) $id = $this->currentPageID();
 		$form = parent::getEditForm($id);
 		
 		// TODO Duplicate record fetching (see parent implementation)
-		if(!$id) $id = $this->currentPageID();	
-		$record = ($id && $id != "root") ? $this->getRecord($id) : null;
+		$record = $this->getRecord($id);
+		if($record && !$record->canView()) return Security::permissionFailure($this);
 
 		$fields = $form->Fields();
 		$actions = $form->Actions();
diff --git a/code/LeftAndMain.php b/code/LeftAndMain.php
index 088a15b1..df63e372 100644
--- a/code/LeftAndMain.php
+++ b/code/LeftAndMain.php
@@ -474,10 +474,14 @@ class LeftAndMain extends Controller {
 		return $this->renderWith($this->getTemplatesWithSuffix('_right'));
 	}
 
-	public function getRecord($id, $className = null) {
-		if($id && is_numeric($id)) {
-			if(!$className) $className = $this->stat('tree_class');
+	public function getRecord($id) {
+		$className = $this->stat('tree_class');
+		if($id instanceof $className) {
+			return $id;
+		} else if(is_numeric($id)) {
 			return DataObject::get_by_id($className, $id);
+		} else {
+			return false;
 		}
 	}
 	
@@ -743,9 +747,13 @@ class LeftAndMain extends Controller {
 
 	public function getEditForm($id = null) {
 		if(!$id) $id = $this->currentPageID();
-
-		$record = ($id && $id != "root") ? $this->getRecord($id) : null;
-		if($record && !$record->canView()) return Security::permissionFailure($this);
+		
+		if(is_object($id)) {
+			$record = $id;
+		} else {
+			$record = ($id && $id != "root") ? $this->getRecord($id) : null;
+			if($record && !$record->canView()) return Security::permissionFailure($this);
+		}
 
 		if($record) {
 			$fields = $record->getCMSFields();
diff --git a/code/SecurityAdmin.php b/code/SecurityAdmin.php
index 34a4b378..25bf9ab7 100644
--- a/code/SecurityAdmin.php
+++ b/code/SecurityAdmin.php
@@ -42,8 +42,13 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider {
 	}
 	
 	function getEditForm($id = null) {
+		// TODO Duplicate record fetching (see parent implementation)
 		if(!$id) $id = $this->currentPageID();
-		$record = ($id && $id != "root") ? $this->getRecord($id) : null;
+		$form = parent::getEditForm($id);
+		
+		// TODO Duplicate record fetching (see parent implementation)
+		$record = $this->getRecord($id);
+		if($record && !$record->canView()) return Security::permissionFailure($this);
 		
 		if($id && is_numeric($id)) {
 			$form = parent::getEditForm($id);