[Flow] Content security
Andreas Förthner
andreas.foerthner at netlogix.de
Thu Aug 15 15:46:47 CEST 2013
Hi Peter,
sure, no problem. As I said I hope to be able to work on it end of september. If you want to look at my current work in progress, you can see it here: https://review.typo3.org/#/c/17845/
This change is a pretty old one, so it will probably not apply to current master, but it should give you an idea how content security and doctrine should work together. The way to go is the doctrine filter api.
Greets Andi
Von: Peter Beernink <p.beernink at drecomm.nl<mailto:p.beernink at drecomm.nl>>
Antworten an: TYPO3 Flow mailing list <flow at lists.typo3.org<mailto:flow at lists.typo3.org>>
Datum: Donnerstag, 15. August 2013 14:25
An: TYPO3 Flow mailing list <flow at lists.typo3.org<mailto:flow at lists.typo3.org>>
Betreff: Re: [Flow] Content security
Hi Andy,
Thanks for your response.
Unfortunately this is just a personal hobby project to keep up with the
changes in TYPO3 Flow, so I cannot offer you any money for it.
I'll just work on some other parts first and maybe I'll try and dive
into this part and see if there is something I can do for supporting
this when I'm more familiar with the aspects rewriting stuff.
Peter
On 15-08-13 13:41, Andreas Förthner wrote:
Hi Peter,
unfortunately content security is not working yet in all use-cases. I've already worked a bit on it to fully support doctrine, however the topic is really complex and not finished yet. My plan is to work on it again on our next flow/neos code sprint in september, but I cannot promise to fully finish it there even though I hope so, of course. If you need this feature really urgent I can only offer you to work on it on a paid basis, as I won't have the time to do it for free before the code sprint.
Greets Andi
Von: Peter Beernink <p.beernink at drecomm.nl<mailto:p.beernink at drecomm.nl><mailto:p.beernink at drecomm.nl>>
Organisation: TYPO3 Association
Antworten an: TYPO3 Flow mailing list <flow at lists.typo3.org<mailto:flow at lists.typo3.org><mailto:flow at lists.typo3.org>>
Datum: Donnerstag, 15. August 2013 08:31
An: "flow at lists.typo3.org<mailto:flow at lists.typo3.org><mailto:flow at lists.typo3.org>" <flow at lists.typo3.org<mailto:flow at lists.typo3.org><mailto:flow at lists.typo3.org>>
Betreff: [Flow] Content security
Hi,
I'm currently working on a project which requires users to have access
to certain persisted items.
This entity can be public, meaning all users can access the item, or it
can be private.
When such an item is private, whether or not the user has access to it
depends on whether or not is has an involvement on the item.
For this I've setup an model Involvement which has a manyToOne relation
to the item in question and a manyToOne relation to the account object.
Now I'm struggling with how to setup the security configuration for this.
Checking for the private / public option is not a problem, that I can
resolve with 'this.private = TRUE' and add a GRANT or DENY for it.
However I'm not sure on how to extend it to use the relationships.
I was hoping for something like 'this = involvement.object &&
current.securityContext.account = involvement.account' but that doesn't
seem to work.
I've also tried the fully qualified class name, but when looking in the
compiled constraint this only keeps in the first part of the namespace.
Does anyone have an idea on how to make such a setup work?
Peter
Andreas Förthner
Leiter Web-Entwicklung
Telefon: +49 (911) 539909 - 0
E-Mail: andreas.foerthner at netlogix.de<mailto:andreas.foerthner at netlogix.de>
Website: media.netlogix.de<http://media.netlogix.de>
--
netlogix GmbH & Co. KG
IT-Services | IT-Training | Media
Neuwieder Straße 10 | 90411 Nürnberg
Telefon: +49 (911) 539909 - 0 | Fax: +49 (911) 539909 - 99
E-Mail: info at netlogix.de<mailto:info at netlogix.de><mailto:info at netlogix.de> | Internet: www.netlogix.de<http://www.netlogix.de/>
netlogix GmbH & Co. KG ist eingetragen am Amtsgericht Nürnberg (HRA 13338)
Persönlich haftende Gesellschafterin: netlogix Verwaltungs GmbH (HRB 20634)
Umsatzsteuer-Identifikationsnummer: DE 233472254
Geschäftsführer: Stefan Buchta, Matthias Schmidt
Andreas Förthner
Leiter Web-Entwicklung
Telefon: +49 (911) 539909 - 0
E-Mail: andreas.foerthner at netlogix.de
Website: media.netlogix.de<http://media.netlogix.de>
_______________________________________________
Flow mailing list
Flow at lists.typo3.org<mailto:Flow at lists.typo3.org><mailto:Flow at lists.typo3.org>
http://lists.typo3.org/cgi-bin/mailman/listinfo/flow
_______________________________________________
Flow mailing list
Flow at lists.typo3.org<mailto:Flow at lists.typo3.org>
http://lists.typo3.org/cgi-bin/mailman/listinfo/flow
More information about the Flow
mailing list