[TYPO3-mvc] Access control (very simple) example

[Nathan Lenz]

Franz Koch wrote:
> Hi Masi,
> 
>> Better: pass only those content to the view the client has access to.
>>
>>    public function index() {
>>      if ($this->hasAccess()) {
>>       
>> $this->view->assign('yourObject',$this->yourObjectRepository->findAll());
>>      }
>>    }
> 
> yes, that's of course also possible. But in some cases you might need to
> only display limited data of your objects (maybe only logged in users
> can see email addresses or the real name of a user, or only logged in
> users can edit/create/delete things) and thus you might also need ways
> inside the template to decide what's allowed to be displayed.
> 

In my case I need to show/hide administrative related links.

I tried the previously suggested way of creating a new page, restricting
it's access to my "specialgroup" and then creating <f:link.action
pageUid="{securepageid}">edit</f:/link>

I have two problems with this.

1. When a non-logged in user renders the page, the "edit" link still
shows up, but it links to the homepage of my site.  Definitely don't
want that. (I am not setting linkAccessRestrictedPages.)

2. What if I want to show/hide more than a single link?  I am creating a
little "admin panel" which contains more than just links and should only
show up to people who have access.

------------------

I suppose I could create an "administrativePanel" domain object and then
each controller could assign it to a template IF the user has access.

if ($userHasAccess == true) {
	$this->view->assign('administrativePanel',$administrativePanel);
}

Then the template could just say:

<f:if condition="{administrativePanel}">
	{administrativePanel.name}
	<f:for each="{administrativePanel.links}" as="link">
		<f:link.action controller="{link.controller}" action="{link.action}"
arguments="{link.arguments}">{link.name}</f:link.action>
	</f:for>
</f:/if>