[TYPO3-hci] Extended page/record lookup "window"
Steffen Ritter
info at rs-websystems.de
Fri Apr 3 17:36:53 CEST 2009
Martin Kutschker schrieb:
> You didn't say so :)
>
I'm sorry ;)
> * You can leave out the admin check as
> $GLOBALS['BE_USER']->isInWebMount() does this for you. IMHO it doesn't
> add extra security, but adds complexity.
>
I know, but your point three contains my reason for doing so...
> * You should call $GLOBALS['BE_USER']->getPagePermsClause(2) and use the
> return value in the call to $GLOBALS['BE_USER']->isInWebMount().
> Otherwise you link to records on pages the user may not edit.
> See class.t3lib_userauthgroup.php for details.
>
OK
> * You should cache the results of the permission check locally. The
> calls are expensive and you might have a search that finds many results
> pn a single page.
This is why I do admin-check before, it's a very simple request against
isInWebMount.
thank you for your help...
Steffen
More information about the TYPO3-team-hci
mailing list