[FLOW3-general] Security: You are not allowed to perform this action

Andreas Förthner andreas.foerthner at netlogix.de
Wed May 11 09:44:03 CEST 2011 

Hi Julian,

CSRF protection got you ;-) You probably want to add @skipCsrfProtection
annotations to those restricted controller actions, that are just
displaying and not modifying data. I've written a blog post about this new
feature, maybe this makes it a bit more clear what to do:
http://media.netlogix.de/community/details/artikel/csrf-protection-in-typo3
-phoenix-kindly-provided-by-flow3

Greets


Am 10.05.11 22:27 schrieb "Julian Kleinhans" unter <typo3 at kj187.de>:

>Hey list..
>
>with the latest master i get a strange exception..
>I create a new user with
>
>
> > $account = $this->accountFactory->createAccountWithPassword('jk',
>'jk', array('Administrator'));
> > $this->accountRepository->add($account);
>
>
>injections
>
> >     /**
> >      * @inject
> >      * @var \F3\FLOW3\Security\AccountRepository
> >      */
> >     protected $accountRepository;
> >
> >     /**
> >      * @inject
> >      * @var \F3\FLOW3\Security\AccountFactory
> >      */
> >     protected $accountFactory;
>
>
>my Policy.yaml looks like
>
> > resources:
> >   methods:
> >     F3_Tutorials_RestrictedAdminArea:
>'class(F3\Tutorials\Controller\Admin\.*)'
> > roles:
> >   Administrator: []
> > acls:
> >   Administrator:
> >     methods:
> >       F3_Tutorials_RestrictedAdminArea: GRANT
> >       F3_Tutorials_RestrictedDashbaord: GRANT
> >       F3_Tutorials_Comments: GRANT
>
>
>an when i try to login i get this Exception
>
> > #1216919280: You are not allowed to perform this action. (More
>information)
> >
> > F3\FLOW3\Security\Exception\AccessDeniedException thrown in file
> >
>/data/htdocs/privat/tutorials3/flow3/FLOW3/Data/Temporary/Development/Cach
>e/Code/FLOW3_Object_Classes/F3_FLOW3_Security_Authorization_Interceptor_Ac
>cessDeny_Original.php
>in line 41.
>
>
>Some ideas ?
>
>greetz
>julian
>
>
Andreas Förthner
Leiter Web-Entwicklung

Telefon: +49 (911) 539909 - 0
E-Mail: andreas.foerthner at netlogix.de
Website: media.netlogix.de


--
netlogix GmbH & Co. KG
IT-Services | IT-Training | Media
Andernacher Straße 53 | 90411 Nürnberg
Telefon: +49 (911) 539909 - 0 | Fax: +49 (911) 539909 - 99
E-Mail: info at netlogix.de | Internet: http://www.netlogix.de

netlogix GmbH & Co. KG ist eingetragen am Amtsgericht Nürnberg (HRA 13338)
Persönlich haftende Gesellschafterin: netlogix Verwaltungs GmbH (HRB 20634)
Umsatzsteuer-Identifikationsnummer: DE 233472254
Geschäftsführer: Stefan Buchta, Matthias Schmidt



_______________________________________________
>FLOW3-general mailing list
>FLOW3-general at lists.typo3.org
>http://lists.typo3.org/cgi-bin/mailman/listinfo/flow3-general

More information about the FLOW3-general mailing list