[Flow] Content Restriction for Accounts

Christian Essl essl at incert.at
Thu Aug 29 08:36:31 CEST 2013 

Hi,

Thanks for the answer. The bad formatting of my yaml-configuration is because I posted my question via forum.typo3.org. It looks like some of the linebreaks were stripped of when it was sent via email.

I now tried flushing the cache and using doctrine:update right after I changed the policies, but with no effect. The rule I am using is:

--------------------------------
  entities:
    'TYPO3\Flow\Security\Account':
      TYPO3_Flow_Account_Admin: 'ANY'
      TYPO3_Flow_Account_Me: 'current.securityContext.account == this && this != NULL'

# TYPO3_Flow_Account_Admin => used by Administrator
# TYPO3_Flow_Account_Me => used by Editor
--------------------------------

Because I am testing against the 'TYPO3\Flow\Security\Account' model, "this" should give me back an account object, right? So normally this rule should be correct? 

-----Ursprüngliche Nachricht-----
Von: flow-bounces at lists.typo3.org [mailto:flow-bounces at lists.typo3.org] Im Auftrag von Bjoern Haverland
Gesendet: Mittwoch, 28. August 2013 20:16
An: TYPO3 Flow mailing list
Betreff: Re: [Flow] Content Restriction for Accounts

And take care of the format of your yaml files.

This is wrong:

----------------------------------------------------------------------------------------------- 

resources:
  entities:
    TYPO3\Flow\Security\Account:
      TYPO3_Flow_Account_Admin: 'ANY'
      TYPO3_Flow_Account_Me: 'current.securityContext.account == this'
roles:
  SimpleUser: []  Editor: [SimpleUser]  Administrator: [Editor]   acls:  
  Editor:    entities:
      TYPO3_Flow_Account_Me: GRANT
  Administrator:
    entities:
      TYPO3_Flow_Account_Admin: GRANT
----------------------------------------------------------------------------------------------- 


It should look like this:

----------------------------------------------------------------------------------------------- 

roles:
   SimpleUser: []
   Editor: [SimpleUser]
   Administrator: [Editor]

resources:
   entities:
     '\TYPO3\Flow\Security\Account':
       TYPO3_Flow_Account_Admin: 'ANY'
       TYPO3_Flow_Account_Me: 'current.securityContext.account == this'

acls:
   Editor:
     entities:
      TYPO3_Flow_Account_Me: GRANT
   Administrator:
     entities:
       TYPO3_Flow_Account_Admin: GRANT
----------------------------------------------------------------------------------------------- 


__Quickstart Guide:

If you are not familiar with the YAML format yet, there are two things you should know at least:

  * Indentation has a meaning: by different levels of indentation, a
    structure is defined.
  * Spaces, not tabs: you must indent with exactly 2 spaces per level,
    don't use tabs.

__


Best regards

Björn

Am 28.08.2013 19:57, schrieb Bjoern Haverland:
> Hi Christian,
>
> for me it works as expected.
>
> Is this one rule:?
>
> 'this.title == "Foo"', 'this.hidden == TRUE', 'TRUE == TRUE"'
>
> Then I think you should use && or ||  and so on for the logic.
>
> Maybe you should clear your caches and do a doctrine:update.
> I also have had a problem with this because my changes haven´t been 
> used without clearing the cache. After this and a doctrine:update the 
> typo3_flow_security_policy_role table was filled with my roles => my 
> rules are working.
>
> Best regards
>
> Björn
>
>
>
> Am 28.08.2013 14:52, schrieb Christian Eßl:
>> I tested around with other models and it looks like in TYPO3 Flow 2.0 
>> content security doesn't work at all. At least not as it is described 
>> in the docs:
>> http://docs.typo3.org/flow/TYPO3FlowDocumentation/TheDefinitiveGuide/
>> PartIII/Security.html#content-security
>>
>>
>> As soon as I write a rule like 'this.title == "Foo"', 'this.hidden == 
>> TRUE', 'TRUE == TRUE"' and add it a role in my acl, I just get empty 
>> lists with this role, even though there are objects, that accomplish 
>> these rules. It doesn't even matter what I write in the rules.
>>
>> Can anyone confirm this? Then what is the suggested way to do content 
>> security in TYPO3 Flow 2.0?
>> _______________________________________________
>> Flow mailing list
>> Flow at lists.typo3.org
>> http://lists.typo3.org/cgi-bin/mailman/listinfo/flow
>>
>
> _______________________________________________
> Flow mailing list
> Flow at lists.typo3.org
> http://lists.typo3.org/cgi-bin/mailman/listinfo/flow
>

_______________________________________________
Flow mailing list
Flow at lists.typo3.org
http://lists.typo3.org/cgi-bin/mailman/listinfo/flow

More information about the Flow mailing list