[FLOW3-general] Making context related roles with the security framework

Wed Feb 15 10:56:07 CET 2012

Hi Christian,

just a small thing. The roles defined in yaml are used to determine which
acls a user should be treated with. So its perfectly right to have a room
administrator or sth. like that exactly once in the yaml file. If I see it
correctly the dynamic part is on the other side, will say an account
should have dynamically some of those roles depending on the context. If
that is correct, you simply could implement your own account model, that
will return context specific roles depending on the current request.

Maybe I am wrong, but if I see it right you don't want dynamic roles, but
roles dynamically active in your accounts, right?

Greets Andi

Am 14.02.12 16:30 schrieb "Christian Peters" unter
<chp at digitale-avantgarde.com>:

>Hi,
>
>of course I'd like to implement something like that, but I'm still new to
>flow3 / typo3 and I guess I'll need some more time to dive in.
>
>Here's what I'm thinking about (e.g. a Use Case).
>
>I was working with the Learning Management System *Moodle* some time ago
>and with some other learning management systems. Most of them suffer from
>common problems that mature systems have - they exist since PHP 4.x and
>carry much old and adjusted code with them (the architecture became
>antiquated and unelegant with the years) and they evolved some kind of
>featurities (too many stuff that most people don't need but that needs to
>be maintained on every release).
>
>I'm thinking about a very simple but modern learning management system
>that
>only ships with the core of  learning management: A course based system.
>
>During my first steps with flow3, I found out that it offers very elegant
>solutions to most use cases that where horrible to handle in moodle
>(namely
>through AOP and Signal-Slot Techniques).
>
>Learning Management Systems are about areas where learning material is
>provided. The learning materials themself (quiz, forum, scorm modules
>etc.)
>are not part of the core, they are extensions.
>
>A course based system would just consist of very basic stuff:
>
>- user administration
>- room administration
>- a gradebook (to which learning materials could report results)
>- a theme manager
>- an extension / plugin manager
>
>The bread and butter is the user and room administration. Rooms maybe
>added
>dynamically (that's why predefining them in the yaml's seems very
>unelegant
>to me) and Users maybe added dynamically to rooms where they can have
>dynamic roles. On top of that, roles should be definable by the
>administrator - without touching code.
>
>===
>
>Let me give an example.
>
>Imagine a school. There are roles like admin, manager, teacher, pupil.
>
>Admins can do anything.
>
>Managers  can add rooms like "7a Math", "English" or "Theater Group" and
>they can enter any room.
>
>A user has the role teacher in 7a Math, is just a pupil in the "Theater
>Group" and has no access to the English class.
>Another user is pupil in English and in "Theater Group" but Admin in the
>Forum (an extension) in the "Theater Group" Room (he can do anything in
>the
>forum).
>
>Now imagine a corporation, that wants to use the same system. They would
>have other rules with other rights - and thus the Roles and ACLs must be
>configurable from an adminstrator point of view - they must not ship with
>the system.
>
>===
>
>From my actual POV I guess, this would be best to implement by a specific
>package, that defines userRoles and associates them with a user from the
>security framework. If it would be a generic approach, maybe it would be a
>valuable extension for every system, that offers dynamic roles.
>
>I will think about it and would be happy to help if this get's
>implemented.
>As said, I have experience with lms and context related roles, but am new
>to flow3 and some concepts introduced here.
>
>Thanks.
>
>Chris
>
>
>
>
>2012/2/14 Andreas Förthner <andreas.foerthner at netlogix.de>
>
>> Hi,
>>
>> for now there are indeed only those global roles. But I already thought
>>a
>> bit about context based roles. There is even an issue for that on forge:
>> http://forge.typo3.org/issues/6601. However, that's currently on hold
>>as I
>> didn't find the time to implement it in a good and generic way. But if
>>you
>> have a good usecase and would like to propose some extension to the role
>> definitions, feel free to come up with some examples!
>>
>> Or even better, if you like to implement this feature ;-)
>>
>> Greets Andi
>>
>> Am 14.02.12 08:41 schrieb "Christian Müller (Kitsunet)" unter
>> <christian.mueller at typo3.org>:
>>
>> >Hey Christian,
>> >
>> >either you work with a self implemented solution or you work with
>>(many)
>> >global roles, you could create role names out of the room/role, so
>> >something like ("room1-admin" or "room2-user") but if that will work
>>out
>> >for you depends very much on how you want to use the roles...
>> >
>> >Cheers,
>> >Christian
>> >
>> >On 13/02/12 11:29, Christian Peters wrote:
>> >> Hey,
>> >>
>> >> I'm working on a little project, where you can have rights and
>> >>privileges
>> >> based on context. It's a room based system (like in most Learning
>> >> Management Systems): You can be admin in one room, manager in the
>>next,
>> >> user in a third and have no rights to enter a fourth.
>> >>
>> >> Without flows security framework I would have a many2many
>>relationship
>> >> between a user-model and a user-role and connect the user-role with
>>the
>> >> rooms.
>> >>
>> >>  From my understanding, the security framework only supports global
>> >>roles.
>> >> Is this true or did I misunderstood something? Can I realise
>>something
>> >>like
>> >> that with the security framework or do I have to implement my own
>> >>soltution
>> >> (aka bypassing the authorization part and only use the
>>authentication)?
>> >>
>> >> Thanks!
>> >
>> >
>> Andreas Förthner
>> Leiter Web-Entwicklung
>>
>> Telefon: +49 (911) 539909 - 0
>> E-Mail: andreas.foerthner at netlogix.de
>> Website: media.netlogix.de
>>
>>
>> --
>> netlogix GmbH & Co. KG
>> IT-Services | IT-Training | Media
>> Andernacher Straße 53 | 90411 Nürnberg
>> Telefon: +49 (911) 539909 - 0 | Fax: +49 (911) 539909 - 99
>> E-Mail: info at netlogix.de | Internet: http://www.netlogix.de
>>
>> netlogix GmbH & Co. KG ist eingetragen am Amtsgericht Nürnberg (HRA
>>13338)
>> Persönlich haftende Gesellschafterin: netlogix Verwaltungs GmbH (HRB
>>20634)
>> Umsatzsteuer-Identifikationsnummer: DE 233472254
>> Geschäftsführer: Stefan Buchta, Matthias Schmidt
>>
>>
>>
>>
Andreas Förthner
Leiter Web-Entwicklung

Telefon: +49 (911) 539909 - 0
E-Mail: andreas.foerthner at netlogix.de
Website: media.netlogix.de
_______________________________________________
>> >FLOW3-general mailing list
>> >FLOW3-general at lists.typo3.org
>> >http://lists.typo3.org/cgi-bin/mailman/listinfo/flow3-general
>>
>> _______________________________________________
>> FLOW3-general mailing list
>> FLOW3-general at lists.typo3.org
>> http://lists.typo3.org/cgi-bin/mailman/listinfo/flow3-general
>>
>>
>_______________________________________________
>FLOW3-general mailing list
>FLOW3-general at lists.typo3.org
>http://lists.typo3.org/cgi-bin/mailman/listinfo/flow3-general