[FLOW3-general] limit access on entitities
Adrian Föder
adrian at foeder.de
Thu Feb 7 12:03:11 CET 2013
Hi Falk, Andi, Christian and everyone,
I have a maybe similar requirement, it's about that users may only see
entities of other users, if they are contacts of each other, *if* that
is set.
It's exactly the kind of security we all know from curent social
networks like also Xing etc., you might have an entity that will be,
dependent on a user's setting, only visible if a watcher is added as
contact.
For example, user John has defined "my Car entites are only visible to
my friends".
Now a user attempts to see John's Cars, the security should now look
* if john's cars are visible to Friends or Everyone (per setting)
* if the spectating user is a Friend of John
I assume this is not possible just via present configuration. Is there a
way of custom Handlers that will do the additional security checks?
All of the above is for Content security;
additionally similar is interesting for method security, for example
"only Friends may add a comment" etc...
Thanks a lot and cheers,
Adrian
More information about the FLOW3-general
mailing list