[TYPO3-mvc] access control & localization: are they killing the idea of extbase by now?
Jochen Rau
jochen.rau at typoplanet.de
Tue Jan 19 10:06:24 CET 2010
Hi Andreas.
On 12.01.10 14:28, Andreas Rieser wrote:
> Am 07.01.2010 um 11:09 schrieb Jochen Rau:
>> As we probably never backport AOP to 4.x (lets keep some things to
>> FLOW3 ;-)), we will have to implement access control
>> half-transparently and not ressouces aware, which is no handicap imo.
>> The point to hook in is imo the AccessController::processRequest()
>> method as we have to check access rights to arguments. But we can also
>> hook into the RequestBuilder.
>
> I'll try ActionController::processRequest() first... ;-)
>
>> Any other Ideas?
>
>
> The question is how to "connect" these two worlds properly. Did you
> spend some time on this? I think in v4 the v5 roles can be expressed by
> FE&BE groups and FE&BE users. So it would be a good thing to invent a
> role in v4 as well. The roles could be linked to FE&BE groups as well as
> directly to FE&BE users. BTW: Are roles defined system-wide? Or isn't
> this a matter of one package/extension?
> Then we could adopt the concept with the security top-level
> configuration and combine it with my suggestion of a BE module for
> changing this accordingly.
> ACL's regarding content should imo reside somewhere in the repository
> logic, but that's the next step I guess...
Would you like to take over the subproject "AccesControl" of Extbase?
IMO this a very interesting and important part of Extbase 2.0 (TYPO3
4.4). This involves a tight coordination with the FLOW3-team (namely
Andreas Förthner).
Regards
Jochen
More information about the TYPO3-project-typo3v4mvc
mailing list