[Typo3-dev] Making a better access control
tapio
tapio.markula at dnainternet.net
Wed Aug 24 10:10:11 CEST 2005
> He needs the feature now, so he needs to do the job right now
Yes. But I thought that my solution would be simple enough in order to
implement also int the core - and would not be a hack.
This is the code about in after the line 650
alt_doc.php
if ($hasAccess) {
$hasAccess = $BE_USER->recordEditAccessInternals($table,
$calcPRec);
/* I added here an additional condition */
if($hasAccess==1) /* if the value is '0' this is not needed;
after checking access on element type level this add element-level check */
{ if($BE_USER->user['admin']==0 &&
$calcPRec['editlock']==1) $hasAccess=0; /* If the user is not an admin
user and if the content element should be edited only an admin user,
access will be denied; needs 'editlock' field to the table 'tt_content'
and corresponding changes into TCA-settings - now in an extension but if
the source code is changes needs changes to core TCA setting and
changing a little bit default sql-file. */
}
/* added code ends */
$deniedAccessReason = $BE_USER->errorMsg;
}
corresponding changes to 'db_layout.php' about after the line 730
else {
$rec['uid'] = $uidVal;
// Checking internals access:
$recordAccess =
$BE_USER->recordEditAccessInternals($eRParts[0],$uidVal);
/* I added here an additional condition */
if($recordAccess==1)
{
if($BE_USER->user['admin']==0 && $rec['editlock']==1)/* see the
principle from a preceding comment */
$recordAccess=0;
}
/* added code ends */
}
Well - what's wrong with those codes? They utilize existing variables
with the syntax, which Typo3 uses.
Simple for users. Needs exact setting for non-admin users.
The question is if more precise content element level access control is
needed. Would that make Typo3 too complicated?
More information about the TYPO3-dev
mailing list