[FLOW3-general] Problem with setting proper methods-based policies
François Suter
fsu-lists at cobweb.ch
Wed Oct 17 08:54:39 CEST 2012
Hi again,
So can anyone help with this, please?
Thanks in advance.
François
> Hi all,
>
> (posting again, as I realized I sent it to the wrong list the first
> time. Sorry).
>
> I have trouble setting a proper policy for the following scenario:
>
> Consider a controller with a lot methods. All are reserved for users
> with the "Administrator" role and one may be accessed by users with a
> "Client" role.
>
> I have tried the following policy:
>
> resources:
> methods:
> Cobweb_Monitoring_EventManagement:
> 'method(Cobweb\Monitoring\Controller\EventController->(.*)Action())'
> Cobweb_Monitoring_Timeline:
> 'method(Cobweb\Monitoring\Controller\EventController->timelineAction())'
> roles:
> Administrator: []
> Client: []
> acls:
> Administrator:
> methods:
> Cobweb_Monitoring_EventManagement: GRANT
> Client:
> methods:
> Cobweb_Monitoring_Timeline: GRANT
>
> My hope was that the more specific "timeline" action would be considered
> and allowed for "Client" roles, but that does not work. How should I
> handle this?
>
More information about the FLOW3-general
mailing list