[FLOW3-general] Modify role dependent Access Denied message

Wed Nov 2 10:57:53 CET 2011

Hi Bernhard,

sorry I don't have too much time at the moment, so only a short answer.
Did you see the ifHasAccess view helper? It gets a resource and will
render its children only if the current user has access to this policy
resource. Isn't that exactly what you need? No roles in the view! Or did I
get something wrong?

Greets Andi

Am 02.11.11 09:12 schrieb "Bernhard Fischer" unter <bernhard at fischli.org>:

>Hi Andi,
>
>I would agree to you in using AOP for a finer access granulation (if you
>need full flexibility). From my point of view it would be more intuitive
>if I could manage most of my policies inside Policy.yaml. So, if we
>don't want to code role-based access methods with AOP, it should be
>possible to extend the ACLs with policies, related to the userrole. And
>in the case of an denial I'd like to redirect to a separate view,
>showing a message that the users role denys access to the selected
>functionality. To build userspecific views, with disabled buttons and
>links as you suggested, would move access-logic to an additional place
>(the view) we have to care about. While building the view I'd like to
>know if the user has access to different elements/methods and not only
>in general (it's not enough to know to which role the user belongs to).
>Then it would be easier to show up user specific views (would be nice to
>have viewhelpers for elements like buttons and links which would be
>rendered automatically as disabled in the case of an access deny).
>
>Maybe I'm missing some conceptual thoughts?
>
>Greetings Bernhard
>
>
>On 10/31/2011 10:26 AM, Andreas Förthner wrote:
>> Hi,
>>
>> I think AOP would be the fastest way to go here, indeed. But in fact
>>there
>> was a reason why this message is that short. It was originally intended
>>to
>> be the last resort and not meant to be shown in usual access denied
>>cases.
>> What I thought here was, that you modify your views according to the
>> current situation, i.e. you never see a link to some restricted
>>resource,
>> or at least those links will trigger authentication and call an
>> authentication entry point. However, if you have good use cases, why we
>> would need a nice access denied view, we could add this simply as a
>> feature for FLOW3 1.1.
>>
>> Looking forward to your responses.
>>
>> Greets Andi
>>
>> Am 26.10.11 23:20 schrieb "Peter Russ" unter<peter.russ at 4many.net>:
>>
>>> --- Original Nachricht ---
>>> Absender:   Bernhard Fischer
>>> Datum:       26.10.2011 10:48:
>>>>>> Hi all,
>>>>>>
>>>>>> i always get the expressionless "Access Denied!" message if a
>>>>>>method,
>>>>>> based on it's role, will be denied. What's the right way to inject a
>>>>>> customized view to inform the already logged in user, that he does
>>>>>>not
>>>>>> have enough rights to use this method or action?
>>>>>>
>>>>>> Anyone out there to make a proposal?
>>>>>>
>>>>>> Bernhard
>>>>>
>>>>> I would try to add an aspect around
>>>>>
>>>>>
>>>>>\TYPO3\FLOW3\Security\Aspect\setAccessDeniedResponseHeader->setAccessD
>>>>>en
>>>>> iedResponseHeader
>>>>>
>>>>>
>>>> I also had the awful feeling that this might be the proper way. I will
>>>> have a closer look on AOP.
>>>
>>> awful? AOP is the right way to go!
>>>
>>> --
>>> Fiat lux! Docendo discimus.
>>>
>> Andreas Förthner
>> Leiter Web-Entwicklung
>>
>> Telefon: +49 (911) 539909 - 0
>> E-Mail: andreas.foerthner at netlogix.de
>> Website: media.netlogix.de
>>
>>
>> --
>> netlogix GmbH&  Co. KG
>> IT-Services | IT-Training | Media
>> Andernacher Straße 53 | 90411 Nürnberg
>> Telefon: +49 (911) 539909 - 0 | Fax: +49 (911) 539909 - 99
>> E-Mail: info at netlogix.de | Internet: http://www.netlogix.de
>>
>> netlogix GmbH&  Co. KG ist eingetragen am Amtsgericht Nürnberg (HRA
>>13338)
>> Persönlich haftende Gesellschafterin: netlogix Verwaltungs GmbH (HRB
>>20634)
>> Umsatzsteuer-Identifikationsnummer: DE 233472254
>> Geschäftsführer: Stefan Buchta, Matthias Schmidt
>>
>>
>>
>>
Andreas Förthner
Leiter Web-Entwicklung

Telefon: +49 (911) 539909 - 0
E-Mail: andreas.foerthner at netlogix.de
Website: media.netlogix.de
_____________________________
>>> uon GbR
>>>
>>> http://www.uon.li
>>> http://www.xing.com/profile/Peter_Russ
>_______________________________________________
>FLOW3-general mailing list
>FLOW3-general at lists.typo3.org
>http://lists.typo3.org/cgi-bin/mailman/listinfo/flow3-general