[TYPO3-dev] Can user X access record Y?

Mon May 28 18:35:12 CEST 2012

Hey Oliver,

your loking for "TYPO3 enableFields". Google give you same examples. The
enableFields method will check deleted, hidden, starttime... and also
fe_user permissions.

You can access the function via t3lib_PageSelect. ExtBase does this
internally...

Regards,
Tim

Am 28.05.12 14:08, schrieb Oliver Salzburg:
> On 2012-05-28 06:13, Michael wrote:
>> On 2012-05-10 02:08, Oliver Salzburg wrote:
>>
>>> If I pick an arbitrary user (user id 42) and an arbitrary other record
>>> (table tx_news_domain_model_file, uid:123), what is the correct
>>> approach to check access permissions set between these object?
>>
>> I stumbled across this chapter today and remembered your question, so maybe
>> this is an option for you?
>>
>> http://typo3.org/documentation/document-library/core-documentation/doc_core_api/
>>
>> Chapter 3.6. "Backend User Object".
>>
>> And then something like:
>>
>> $BE_USER->check(...);
>> $BE_USER->doesUserHaveAccess(...);
>>
>> But I haven't used these yet, so this is just the way I would
>> investigate further.
>>
>> HTH - Cheers
>> Michael
>>
> 
> Yes, that would be something like I had in mind. But not exactly.
> Primarily because I was interested in FE users.
> 
> I haven't developed much with TYPO3 yet so some approaches seem very
> unnatural to me.
> 
> For example, I just couldn't believe that the only place where you can
> do access permission checks between FE users and arbitrary data records
> is the database itself.
> Because, to my understanding, no further abstraction of that concept is
> done after that. Which I find irritating and shocking.
> 
> Even if you use the abstracted approaches like extbase, this concept is
> still lost in it.
> Once I retrieve my model object from the database, all access
> permission information is no longer present. So access permission
> checks, again, have to be done at the database level.
> 
> Something like that just seems so strange and alien to me that I
> couldn't believe it. I still can't. It makes no sense.
> 
> So I posted this, very unspecific, question on the list in the hope
> that someone would call me an idiot for not having grasped the true
> power of TYPO3 in this regard (and then tell me about that power).
> 
> By now, I have rewritten my code to run additional queries against the
> database to make sure any access permissions are respected.
> 
> Thanks for your mail :)
> Oliver
> _______________________________________________
> TYPO3-dev mailing list
> TYPO3-dev at lists.typo3.org
> http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-dev
> 

Beste Grüße,
Tim

-- 

360°Friends Blog - http://360friends.de/
   360friends.de Blog Tour #3 – Kanufahren - 21.05.2012
   Rollen-Trolley Set - Von kleinem Trolley bis große Reise - 12.05.2012
   So gratuliert man heute zum Geburtstag - 03.05.2012

TYPO3 Blog - http://typo3blogger.de/
Facebook - http://www.facebook.com/lochmueller
Twitter - http://twitter.com/360friends