[FLOW3-general] Object Security
Pankaj Lele
pankaj at lelesys.com
Tue Nov 8 22:41:14 CET 2011
Hello Bernhard,
You can go with the thread [1] which was discussed last week already
about this matters.
[1] http://lists.typo3.org/pipermail/flow3-general/2011-November/001450.html
> Hi everybody,
>
> I'm not sure how to implement ACL's on an object level. I do have
> structured data (like a tree) and I want to restrict access only to
> objects with matching owner properties. At the moment I'm using user
> constrained queries to the repositories. Working this way I don't have
> to care about the rendering process inside the view, because the user
> will only get data he is allowed to see.
>
> So far, so good. But that's kind of security by obscurity.
>
> Anyone out there with another approach?
>
> BTW: I have to do a
> $this->authenticationManager->getSecurityContext()->clearContext()
> to completely logout the current user
> $this->authenticationManager->logout()
> is not enough because otherwise
> $this->authenticationManager->getSecurityContext()->getAccount()->getAccountIdentifier()
>
> still returns the last useridentifier which I'm using for my queries?!?
> Maybe I should implement it in a different way?
>
> I'm grateful for any hint
> Bernhard
>
--
With best regards,
Pankaj Lele
---------------------------
CTO & Executive Director
Lelesys Infotech Pvt. Ltd.
Pune/Goa, India
Web: http://www.lelesys.com
[Certified TYPO3 Integrator]
More information about the FLOW3-general
mailing list