[FLOW3-general] [SOLVED] Problem with setting proper methods-based policies
Bastian Waidelich
bastian at typo3.org
Thu Oct 25 18:46:28 CEST 2012
François Suter wrote:
Hi François,
> The log told me that the security
> framework was unhappy about giving access to the "initialize" action.
Doh. I read your post but I didn't think of this issue (which happened
to me and others before).
In the meantime I changed all my policies as follows:
Some_Resource:
'method(My\Package\Controller\SomeController->(?<!initialize).*Action())'
in order to explicitly exclude initializeAction() and
initialize<actionName>Action() methods from the resources.
But this is not satisfiying because it is really hard to get (especially
given the misleading exceptions). Also, this would obviously include all
actions that might start with "initialize".
As policy resources are mostly about controllers & actions, I'd suggest
suggest to add a third "keyword" in the resource configuration in
addition to "class" and "method", maybe something like:
Some_Resource: 'action(My\Package\Controller\SomeController:*)'
(not happy with the exact syntax, but you get the point)
In any case the exception should be improved here.
> Thanks anyway for the help and sorry for the trouble.
No way, thanks for reporting!
--
Bastian Waidelich
TYPO3 Core Team Member
TYPO3 .... inspiring people to share!
Get involved: typo3.org
More information about the FLOW3-general
mailing list