[FLOW3-general] Modify role dependent Access Denied message

Bernhard Fischer bernhard at fischli.org
Wed Nov 2 11:57:28 CET 2011 

Hi Andi,

sorry for not realizing the ability of the IfAccess view helper. I'll 
try to implement my demands this way (otherwise I'll be back again on 
the list with this topic)

Thanks for sharing your thoughts!
Greetings Bernhard

On 11/02/2011 10:57 AM, Andreas Förthner wrote:
> Hi Bernhard,
>
> sorry I don't have too much time at the moment, so only a short answer.
> Did you see the ifHasAccess view helper? It gets a resource and will
> render its children only if the current user has access to this policy
> resource. Isn't that exactly what you need? No roles in the view! Or did I
> get something wrong?
>
> Greets Andi
>
> Am 02.11.11 09:12 schrieb "Bernhard Fischer" unter<bernhard at fischli.org>:
>
>> Hi Andi,
>>
>> I would agree to you in using AOP for a finer access granulation (if you
>> need full flexibility). From my point of view it would be more intuitive
>> if I could manage most of my policies inside Policy.yaml. So, if we
>> don't want to code role-based access methods with AOP, it should be
>> possible to extend the ACLs with policies, related to the userrole. And
>> in the case of an denial I'd like to redirect to a separate view,
>> showing a message that the users role denys access to the selected
>> functionality. To build userspecific views, with disabled buttons and
>> links as you suggested, would move access-logic to an additional place
>> (the view) we have to care about. While building the view I'd like to
>> know if the user has access to different elements/methods and not only
>> in general (it's not enough to know to which role the user belongs to).
>> Then it would be easier to show up user specific views (would be nice to
>> have viewhelpers for elements like buttons and links which would be
>> rendered automatically as disabled in the case of an access deny).
>>
>> Maybe I'm missing some conceptual thoughts?
>>
>> Greetings Bernhard
>>
>>
>> On 10/31/2011 10:26 AM, Andreas Förthner wrote:
>>> Hi,
>>>
>>> I think AOP would be the fastest way to go here, indeed. But in fact
>>> there
>>> was a reason why this message is that short. It was originally intended
>>> to
>>> be the last resort and not meant to be shown in usual access denied
>>> cases.
>>> What I thought here was, that you modify your views according to the
>>> current situation, i.e. you never see a link to some restricted
>>> resource,
>>> or at least those links will trigger authentication and call an
>>> authentication entry point. However, if you have good use cases, why we
>>> would need a nice access denied view, we could add this simply as a
>>> feature for FLOW3 1.1.
>>>
>>> Looking forward to your responses.
>>>
>>> Greets Andi
>>>
>>> Am 26.10.11 23:20 schrieb "Peter Russ" unter<peter.russ at 4many.net>:
>>>
>>>> --- Original Nachricht ---
>>>> Absender:   Bernhard Fischer
>>>> Datum:       26.10.2011 10:48:
>>>>>>> Hi all,
>>>>>>>
>>>>>>> i always get the expressionless "Access Denied!" message if a
>>>>>>> method,
>>>>>>> based on it's role, will be denied. What's the right way to inject a
>>>>>>> customized view to inform the already logged in user, that he does
>>>>>>> not
>>>>>>> have enough rights to use this method or action?
>>>>>>>
>>>>>>> Anyone out there to make a proposal?
>>>>>>>
>>>>>>> Bernhard
>>>>>>
>>>>>> I would try to add an aspect around
>>>>>>
>>>>>>
>>>>>> \TYPO3\FLOW3\Security\Aspect\setAccessDeniedResponseHeader->setAccessD
>>>>>> en
>>>>>> iedResponseHeader
>>>>>>
>>>>>>
>>>>> I also had the awful feeling that this might be the proper way. I will
>>>>> have a closer look on AOP.
>>>>
>>>> awful? AOP is the right way to go!
>>>>
>>>> --
>>>> Fiat lux! Docendo discimus.
>>>>
>>> Andreas Förthner
>>> Leiter Web-Entwicklung
>>>
>>> Telefon: +49 (911) 539909 - 0
>>> E-Mail: andreas.foerthner at netlogix.de
>>> Website: media.netlogix.de
>>>
>>>
>>> --
>>> netlogix GmbH&   Co. KG
>>> IT-Services | IT-Training | Media
>>> Andernacher Straße 53 | 90411 Nürnberg
>>> Telefon: +49 (911) 539909 - 0 | Fax: +49 (911) 539909 - 99
>>> E-Mail: info at netlogix.de | Internet: http://www.netlogix.de
>>>
>>> netlogix GmbH&   Co. KG ist eingetragen am Amtsgericht Nürnberg (HRA
>>> 13338)
>>> Persönlich haftende Gesellschafterin: netlogix Verwaltungs GmbH (HRB
>>> 20634)
>>> Umsatzsteuer-Identifikationsnummer: DE 233472254
>>> Geschäftsführer: Stefan Buchta, Matthias Schmidt
>>>
>>>
>>>
>>>
> Andreas Förthner
> Leiter Web-Entwicklung
>
> Telefon: +49 (911) 539909 - 0
> E-Mail: andreas.foerthner at netlogix.de
> Website: media.netlogix.de
> _____________________________
>>>> uon GbR
>>>>
>>>> http://www.uon.li
>>>> http://www.xing.com/profile/Peter_Russ

More information about the FLOW3-general mailing list