[TYPO3-dev] Might a additional inverted access policy might be usefull?

[Xavier Perseguers]

Hi,

> I've been asked if it is possible to restrict access to pages/content 
> for specific users or usergroups. So I was just asking myself that it 
> might be a good idea to add a additional access selector in the BE-forms 
> where you could select usergroups that might NOT see certain parts of 
> the website.
> 
> Currently, you have to create very complex nested usergroups for such 
> situations - which is not the nicest thing to do.
> 
> 
> The second thing that came to my mind when I thought about this is, that 
> it would not be possible to automatically apply such a enhancement to 
> extensions, because the rendering of the fe_group fields in BE is 
> hardcoded in the extensions TCA.
> So I was asking myself, why there has never been created a API for 
> adding access-fields etc. and why there are no hooks to extend the 
> access handling.
> 
> What do you think - should something like the API be added to the core? 
> How about the "deny for usergroup" field - you ever felt like this would 
> be something nice to have?

I think that it basically was created with same options as a standard 
Unix system with owner, group, everybody. If you wish to add a deny for 
usergroup field, then you will need to choose what to do with users both 
in "allowed" group and "deny" group. Which group takes precedence over 
which one?

I think there is already an extension somewhere in TER that add ACL 
capabilities a bit like Windows does. I did not test it nor do I know 
whether it still works with latest version of TYPO3 but maybe it would 
be worth starting to look at this extension, see what it does, if it 
fulfills your needs and when not, why and then enhance it or really 
propose some new concept to the Core.

Regards


-- 
Xavier Perseguers
http://xavier.perseguers.ch/en