[FLOW3-general] Permissions

Andreas Förthner andreas.foerthner at netlogix.de
Thu Mar 29 09:47:18 CEST 2012 

Hi Felix,

I'm not completely sure, if I got you right, but probably content security
is what you are looking for. There you can define policy rules for objects
based on their properties. Here is an example from the functional content
security test, which is currently under review and will be within FLOW3
1.1:

resources:
  <skipped method resources>
  entities:
    TYPO3_FLOW3_Tests_Functional_Security_Fixtures_RestrictableEntity:
      TYPO3_FLOW3_allEntities: "ANY"
      TYPO3_FLOW3_hiddenEntities: "this.hidden == TRUE"
      TYPO3_FLOW3_othersEntities: "current.securityContext.account !=
this.ownerAccount && this.ownerAccount != NULL"


acls:
  Customer:
    entities:
      TYPO3_FLOW3_allEntities: GRANT

  Administrator:
    entities:
      TYPO3_FLOW3_allEntities: GRANT
      TYPO3_FLOW3_hiddenEntities: GRANT
      TYPO3_FLOW3_othersEntities: GRANT


I hope this helps to get the idea. But beware you'll have to work with
changes currently under review for this to work. We have some content
security features in 1.0, too, but 1.1 will turn the acl logic upside down
and streamline it with the acls for methods. So I recommend to learn the
correct/new way right from the start. To have this feature you might want
to checkout this change and ist dependecies:
https://review.typo3.org/#/c/9679/

Another hint: Currently this feature will only work for queries written
with the FLOW3 QOM. Ich you use DQL in your repositories these policy
rules be completely ignored for now. But I heard someone saying it will
work pretty soon ;-)

If you have any questions feel free to ask :-)

Greets Andi

Am 29.03.12 09:24 schrieb "Daniel Felix" unter <d.felix at codeworkz.net>:

>Hey there,
>
>Has no one a best practice?
>
>Best regards,
>Daniel
>
>Am 27.03.2012 um 17:39 schrieb "Daniel Felix" <d.felix at codeworkz.net>:
>
>> Hi,
>>
>>
>>
>> is there some way to grant a single user access to different models?
>>
>>
>>
>> Here is a simple example:
>>
>>
>>
>> A user access a page which displays a single group (from model: groups).
>>
>> He just have access to post some news to this group.
>>
>>
>>
>> The same user access the same page but gets a display of another group
>>(same
>> model).
>>
>> But in this group, he should get acces to post some news and
>>configurate the
>> group itself (rename, grant access, etc.).
>>
>>
>>
>> Which ist he best way to get this realized? Any hints?
>>
>>
>> Best regards,
>>
>> Daniel
>>
>>
Andreas Förthner
Leiter Web-Entwicklung

Telefon: +49 (911) 539909 - 0
E-Mail: andreas.foerthner at netlogix.de
Website: media.netlogix.de


--
netlogix GmbH & Co. KG
IT-Services | IT-Training | Media
Andernacher Straße 53 | 90411 Nürnberg
Telefon: +49 (911) 539909 - 0 | Fax: +49 (911) 539909 - 99
E-Mail: info at netlogix.de | Internet: http://www.netlogix.de

netlogix GmbH & Co. KG ist eingetragen am Amtsgericht Nürnberg (HRA 13338)
Persönlich haftende Gesellschafterin: netlogix Verwaltungs GmbH (HRB 20634)
Umsatzsteuer-Identifikationsnummer: DE 233472254
Geschäftsführer: Stefan Buchta, Matthias Schmidt



_______________________________________________
>> FLOW3-general mailing list
>> FLOW3-general at lists.typo3.org
>> http://lists.typo3.org/cgi-bin/mailman/listinfo/flow3-general
>_______________________________________________
>FLOW3-general mailing list
>FLOW3-general at lists.typo3.org
>http://lists.typo3.org/cgi-bin/mailman/listinfo/flow3-general

More information about the FLOW3-general mailing list