[Flow] Content security
Peter Beernink
p.beernink at drecomm.nl
Thu Aug 15 14:25:20 CEST 2013
Hi Andy,
Thanks for your response.
Unfortunately this is just a personal hobby project to keep up with the
changes in TYPO3 Flow, so I cannot offer you any money for it.
I'll just work on some other parts first and maybe I'll try and dive
into this part and see if there is something I can do for supporting
this when I'm more familiar with the aspects rewriting stuff.
Peter
On 15-08-13 13:41, Andreas Förthner wrote:
> Hi Peter,
>
> unfortunately content security is not working yet in all use-cases. I've already worked a bit on it to fully support doctrine, however the topic is really complex and not finished yet. My plan is to work on it again on our next flow/neos code sprint in september, but I cannot promise to fully finish it there even though I hope so, of course. If you need this feature really urgent I can only offer you to work on it on a paid basis, as I won't have the time to do it for free before the code sprint.
>
> Greets Andi
>
> Von: Peter Beernink <p.beernink at drecomm.nl<mailto:p.beernink at drecomm.nl>>
> Organisation: TYPO3 Association
> Antworten an: TYPO3 Flow mailing list <flow at lists.typo3.org<mailto:flow at lists.typo3.org>>
> Datum: Donnerstag, 15. August 2013 08:31
> An: "flow at lists.typo3.org<mailto:flow at lists.typo3.org>" <flow at lists.typo3.org<mailto:flow at lists.typo3.org>>
> Betreff: [Flow] Content security
>
> Hi,
>
> I'm currently working on a project which requires users to have access
> to certain persisted items.
> This entity can be public, meaning all users can access the item, or it
> can be private.
> When such an item is private, whether or not the user has access to it
> depends on whether or not is has an involvement on the item.
> For this I've setup an model Involvement which has a manyToOne relation
> to the item in question and a manyToOne relation to the account object.
>
> Now I'm struggling with how to setup the security configuration for this.
> Checking for the private / public option is not a problem, that I can
> resolve with 'this.private = TRUE' and add a GRANT or DENY for it.
> However I'm not sure on how to extend it to use the relationships.
> I was hoping for something like 'this = involvement.object &&
> current.securityContext.account = involvement.account' but that doesn't
> seem to work.
> I've also tried the fully qualified class name, but when looking in the
> compiled constraint this only keeps in the first part of the namespace.
>
> Does anyone have an idea on how to make such a setup work?
>
> Peter
>
> Andreas Förthner
> Leiter Web-Entwicklung
>
> Telefon: +49 (911) 539909 - 0
> E-Mail: andreas.foerthner at netlogix.de
> Website: media.netlogix.de<http://media.netlogix.de>
>
> --
> netlogix GmbH & Co. KG
> IT-Services | IT-Training | Media
> Neuwieder Straße 10 | 90411 Nürnberg
> Telefon: +49 (911) 539909 - 0 | Fax: +49 (911) 539909 - 99
> E-Mail: info at netlogix.de<mailto:info at netlogix.de> | Internet: www.netlogix.de<http://www.netlogix.de/>
>
> netlogix GmbH & Co. KG ist eingetragen am Amtsgericht Nürnberg (HRA 13338)
> Persönlich haftende Gesellschafterin: netlogix Verwaltungs GmbH (HRB 20634)
> Umsatzsteuer-Identifikationsnummer: DE 233472254
> Geschäftsführer: Stefan Buchta, Matthias Schmidt
>
> _______________________________________________
> Flow mailing list
> Flow at lists.typo3.org<mailto:Flow at lists.typo3.org>
> http://lists.typo3.org/cgi-bin/mailman/listinfo/flow
>
More information about the Flow
mailing list