[FLOW3-general] ContentSecurity with collections
Bernhard Fischer
bernhard at fischli.org
Sat Nov 12 20:05:49 CET 2011
Hi Ferdinand,
I think it isn't intended to differ between modify, delete or simple
queries with content security. It "only" manages access at all in a very
comfortable way. I'm still trying to resolve this problem with an
abstract repository class. Maybe AOP would be a better way, but I'm not
used in aspects.
Greetings
Bernhard
On 11/12/2011 04:09 PM, Ferdinand Kuhl wrote:
> Hi list,
> another problem with content security :(
>
> If you use rules like:
> this.collection.subProperty = current.securityContext.party
>
> everything works fine on the query level.
>
> But if you try to fetch (for modification or show) such an object the
> PersistenceQueryRewritingAspect does not allow those objects.
>
> Function checkSingleConstraintDefinitionOnResultObject fails to
> resolve the "this.collection.subProperty" and thus denies access to
> the object.
>
> I tracked the problem down to
> Reflection\ObjectAccess:getInternalProperty where such resolving fails
> in first place. But modifying it to return those requests as array
> does not help either, because the rule array != scalar later on can
> not work.
>
> Any Ideas or plans on this?
>
> Greetings,
> Ferdinand
More information about the FLOW3-general
mailing list