[TYPO3-english] Extabse access check best practice
Viktor Livakivskyi
invisible.kinder at gmail.com
Fri Sep 4 19:34:26 CEST 2015
Hello, List.
I have very trivial task, but I don't know the expected way to handle it.
Say, I have a controller with:
public function getObject($object) {}
And I want to ensure, that action will perform only if $object->getOwner() === $loggedInUser
Now the question: how this check is supposed to be?
1. Simple if() condition inside of an action, which throws an excpetion or redirects to errorAction() in case of access violation. I don't like this solution, because it will force me to add such an if() in every action, that needs such a check. Sure, I can create some Trait, that perfroms this check and call ->checkAccess() from each of such controller actions, but still it seems like dirty for me.
2. Controller argument validator. Seems like more reliable solution, because I have separate class, that performs only what it should perform (validate access permissions). But is this really a validation or a misuse?
3. Some heavy system, based on signals, sent before action emitted or so.
4. Your variant?
More information about the TYPO3-english
mailing list