[FLOW3-general] limit access on entitities

Falk vixe4all at freenet.de
Thu Feb 7 12:26:10 CET 2013 

Hi Andi,

I'm looking for an general method of resolution and have not yet 
implemented this. Is the only way to join the customer and the user 
model and write an own query like 'findByUserId' in the customer repo?

Greetz, Falk


Am 07.02.2013 11:46, schrieb Andreas Förthner:
> Hi Falk,
>
> do you already have a query, we could have a look at? There are still some missing parts in content security and if you'd have a query I could tell you if the automatic filtering would work for this specific usecase.
>
> Greets Andi
>
> Von: Falk <vixe4all at freenet.de<mailto:vixe4all at freenet.de>>
> Organisation: TYPO3 Association
> Antworten an: General discussion about FLOW3 <flow3-general at lists.typo3.org<mailto:flow3-general at lists.typo3.org>>
> Datum: Donnerstag, 7. Februar 2013 11:38
> An: "flow3-general at lists.typo3.org<mailto:flow3-general at lists.typo3.org>" <flow3-general at lists.typo3.org<mailto:flow3-general at lists.typo3.org>>
> Betreff: Re: [FLOW3-general] limit access on entitities
>
> Hi Christian,
>
> the customer<>user relation should based on "hand selected"
> informations. Did you know an good example or tutorial who describes an
> solution? At the part "content security" the documentation describes
> only the very basics and I'm just starting with Flow.
>
> Thanks, Falk
>
>
> Am 07.02.2013 08:51, schrieb Christian Müller:
> Hi Falk,
>
> On 06.02.13 17:58, Falk wrote:
> Hi everyone,
>
> I'm presently dealing with the security basics. What is the best
> proceeding to limit the access on defined entities (e.g. user has only
> access to defined customers)? Is this complete solvable via AOP? How
> should such an aspect looks like and which steps are necessary (e.g.
> constraints between user and customer model)?
> You might want to have a look at docs about content security [1] it
> should exactly do what you want. Question is if you can find a limiting
> factor that you can express in such a logical expression or if the
> customer<>user relation is based on some "hand selected" information.
>
> Cheers,
> Christian
>
> [1]
> http://docs.typo3.org/flow/TYPO3FlowDocumentation/TheDefinitiveGuide/PartIII/Security.html#content-security
>
>
> Dipl.-Inf. Andreas Förthner
> Leiter Web-Entwicklung
>
> Telefon: +49 (911) 539909 - 0
> E-Mail: andreas.foerthner at netlogix.de
> Website: media.netlogix.de<http://media.netlogix.de>
>
> --
> netlogix GmbH & Co. KG
> IT-Services | IT-Training | Media
> Andernacher Straße 53 | 90411 Nürnberg
> Telefon: +49 (911) 539909 - 0 | Fax: +49 (911) 539909 - 99
> E-Mail: info at netlogix.de<mailto:info at netlogix.de> | Internet: www.netlogix.de<http://www.netlogix.de/>
>
> netlogix GmbH & Co. KG ist eingetragen am Amtsgericht Nürnberg (HRA 13338)
> Persönlich haftende Gesellschafterin: netlogix Verwaltungs GmbH (HRB 20634)
> Umsatzsteuer-Identifikationsnummer: DE 233472254
> Geschäftsführer: Stefan Buchta, Matthias Schmidt
>
> _______________________________________________
> FLOW3-general mailing list
> FLOW3-general at lists.typo3.org<mailto:FLOW3-general at lists.typo3.org>
> http://lists.typo3.org/cgi-bin/mailman/listinfo/flow3-general
>

More information about the FLOW3-general mailing list