[FLOW3-general] Problem with setting proper methods-based policies
François Suter
fsu-lists at cobweb.ch
Mon Oct 15 09:00:41 CEST 2012
Hi all,
(posting again, as I realized I sent it to the wrong list the first
time. Sorry).
I have trouble setting a proper policy for the following scenario:
Consider a controller with a lot methods. All are reserved for users
with the "Administrator" role and one may be accessed by users with a
"Client" role.
I have tried the following policy:
resources:
methods:
Cobweb_Monitoring_EventManagement:
'method(Cobweb\Monitoring\Controller\EventController->(.*)Action())'
Cobweb_Monitoring_Timeline:
'method(Cobweb\Monitoring\Controller\EventController->timelineAction())'
roles:
Administrator: []
Client: []
acls:
Administrator:
methods:
Cobweb_Monitoring_EventManagement: GRANT
Client:
methods:
Cobweb_Monitoring_Timeline: GRANT
My hope was that the more specific "timeline" action would be considered
and allowed for "Client" roles, but that does not work. How should I
handle this?
--
Francois Suter
Cobweb Development Sarl - http://www.cobweb.ch
More information about the FLOW3-general
mailing list