[TYPO3-dev] Can user X access record Y?
Oliver Salzburg
oliver.salzburg at googlemail.com
Mon May 28 19:32:54 CEST 2012
Hi Tim,
I am using the enableFields to control access to the records.
>From the brief look I was just able to take at t3lib_PageSelect, it
actually looks pretty much like the thing I was looking for.
Thanks for the suggestion :)
Cheers
Oliver
On 2012-05-28 18:35, Tim Lochmueller wrote:
> Hey Oliver,
>
> your loking for "TYPO3 enableFields". Google give you same examples. The
> enableFields method will check deleted, hidden, starttime... and also
> fe_user permissions.
>
> You can access the function via t3lib_PageSelect. ExtBase does this
> internally...
>
> Regards,
> Tim
>
> Am 28.05.12 14:08, schrieb Oliver Salzburg:
>> On 2012-05-28 06:13, Michael wrote:
>>> On 2012-05-10 02:08, Oliver Salzburg wrote:
>>>
>>>> If I pick an arbitrary user (user id 42) and an arbitrary other record
>>>> (table tx_news_domain_model_file, uid:123), what is the correct
>>>> approach to check access permissions set between these object?
>>>
>>> I stumbled across this chapter today and remembered your question, so maybe
>>> this is an option for you?
>>>
>>> http://typo3.org/documentation/document-library/core-documentation/doc_core_api/
>>>
>>> Chapter 3.6. "Backend User Object".
>>>
>>> And then something like:
>>>
>>> $BE_USER->check(...);
>>> $BE_USER->doesUserHaveAccess(...);
>>>
>>> But I haven't used these yet, so this is just the way I would
>>> investigate further.
>>>
>>> HTH - Cheers
>>> Michael
>>>
>>
>> Yes, that would be something like I had in mind. But not exactly.
>> Primarily because I was interested in FE users.
>>
>> I haven't developed much with TYPO3 yet so some approaches seem very
>> unnatural to me.
>>
>> For example, I just couldn't believe that the only place where you can
>> do access permission checks between FE users and arbitrary data records
>> is the database itself.
>> Because, to my understanding, no further abstraction of that concept is
>> done after that. Which I find irritating and shocking.
>>
>> Even if you use the abstracted approaches like extbase, this concept is
>> still lost in it.
>> Once I retrieve my model object from the database, all access
>> permission information is no longer present. So access permission
>> checks, again, have to be done at the database level.
>>
>> Something like that just seems so strange and alien to me that I
>> couldn't believe it. I still can't. It makes no sense.
>>
>> So I posted this, very unspecific, question on the list in the hope
>> that someone would call me an idiot for not having grasped the true
>> power of TYPO3 in this regard (and then tell me about that power).
>>
>> By now, I have rewritten my code to run additional queries against the
>> database to make sure any access permissions are respected.
>>
>> Thanks for your mail :)
>> Oliver
>> _______________________________________________
>> TYPO3-dev mailing list
>> TYPO3-dev at lists.typo3.org
>> http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-dev
>>
>
> Beste Grüße,
> Tim
>
More information about the TYPO3-dev
mailing list