[FLOW3-general] Object Security
Bernhard Fischer
bernhard at fischli.org
Tue Nov 8 22:28:38 CET 2011
Hi everybody,
I'm not sure how to implement ACL's on an object level. I do have
structured data (like a tree) and I want to restrict access only to
objects with matching owner properties. At the moment I'm using user
constrained queries to the repositories. Working this way I don't have
to care about the rendering process inside the view, because the user
will only get data he is allowed to see.
So far, so good. But that's kind of security by obscurity.
Anyone out there with another approach?
BTW: I have to do a
$this->authenticationManager->getSecurityContext()->clearContext()
to completely logout the current user
$this->authenticationManager->logout()
is not enough because otherwise
$this->authenticationManager->getSecurityContext()->getAccount()->getAccountIdentifier()
still returns the last useridentifier which I'm using for my queries?!?
Maybe I should implement it in a different way?
I'm grateful for any hint
Bernhard
More information about the FLOW3-general
mailing list