[FLOW3-general] Policy runtime evaluation
Adrian Föder
adrian at foeder.de
Mon Feb 4 17:46:05 CET 2013
Hi List,
my use case is the following; regarding the TYPO3.Comments package. I
want to have the CommentRepository->remove($comment) method be observed
by Security and only allow $comment.author be allowed to delete the
comment, hence invoking the action.
I figured out the following Policy.yaml setting:
resources:
methods:
TYPO3_Comments_RepositoryDeleteComment:
'method(TYPO3\Comments\Domain\Repository\CommentRepository->fooTest(comment.author
=== current.securityContext.party))'
(Link:
https://github.com/afoeder/TYPO3.Comments/blob/5263cb3008529ebaf311e19ee735fd860ce75f40/Configuration/Policy.yaml)
However, this doesn't work, as
https://github.com/afoeder/TYPO3.Comments' HEAD^1 shows (run the (only)
Functional Test in there).
WHAT works is an additional dummy method expecting the same argument; in
this case the Functional Test correctly shows an Abstain (check
https://github.com/afoeder/TYPO3.Comments/commits/master as-is (HEAD)).
Also explicitly overwriting TYPO3\Flow\Persistence\Repository's remove()
method into the CommentRepository does not work...
Any ideas on that?
Thanks and best regards!
-adrian
More information about the FLOW3-general
mailing list