[FLOW3-general] limit access on entitities
Kerstin Huppenbauer
kerstin.huppenbauer at die-digiparden.de
Thu Feb 7 12:48:45 CET 2013
Hi Adrian,
a few months ago I've done a lot with content security and my only
problems were ManyToMany Relations.
In your example - if John's Car is visible to friends "or" family
and the user is only a friend of John.
Therefore I created my "own" filter, which is a kind of hacky,
but then it works too...
cheers
Kerstin
> Hi Falk, Andi, Christian and everyone,
>
> I have a maybe similar requirement, it's about that users may only see
> entities of other users, if they are contacts of each other, *if* that
> is set.
> It's exactly the kind of security we all know from curent social
> networks like also Xing etc., you might have an entity that will be,
> dependent on a user's setting, only visible if a watcher is added as
> contact.
>
> For example, user John has defined "my Car entites are only visible to
> my friends".
> Now a user attempts to see John's Cars, the security should now look
> * if john's cars are visible to Friends or Everyone (per setting)
> * if the spectating user is a Friend of John
>
> I assume this is not possible just via present configuration. Is there a
> way of custom Handlers that will do the additional security checks?
>
> All of the above is for Content security;
> additionally similar is interesting for method security, for example
> "only Friends may add a comment" etc...
>
>
> Thanks a lot and cheers,
>
> Adrian
More information about the FLOW3-general
mailing list