[TYPO3-mvc] Access control (very simple) example
Martin Kutschker
masi-no at spam-typo3.org
Fri Jan 8 11:56:27 CET 2010
Franz Koch schrieb:
> Hi Masi,
>
>> Better: pass only those content to the view the client has access to.
>>
>> public function index() {
>> if ($this->hasAccess()) {
>>
>> $this->view->assign('yourObject',$this->yourObjectRepository->findAll());
>> }
>> }
>
> yes, that's of course also possible. But in some cases you might need to
> only display limited data of your objects (maybe only logged in users
> can see email addresses or the real name of a user, or only logged in
> users can edit/create/delete things) and thus you might also need ways
> inside the template to decide what's allowed to be displayed.
Sure. But I thought it to be a cleaner approach to encapsulate access control in one place. A broken
template may disclose data and you have to checker the controller and all your templates for the leak.
Masi
More information about the TYPO3-project-typo3v4mvc
mailing list