[FLOW3-general] limit access on entitities

Andreas Förthner andreas.foerthner at netlogix.de
Thu Feb 7 13:01:27 CET 2013 

Hi Falk,

if you retrieve your customers directly by such a find-method everything should work. Problems may arise as soon as you retrieve them by walking through you object hierarchy, will say you retrieve another model which has a getter to get associated customers. In that case doctrine will use lazy-loading an these queries are not yet covered by content security, so be careful here..

Greets Andi

Von: Falk <vixe4all at freenet.de<mailto:vixe4all at freenet.de>>
Organisation: TYPO3 Association
Antworten an: General discussion about FLOW3 <flow3-general at lists.typo3.org<mailto:flow3-general at lists.typo3.org>>
Datum: Donnerstag, 7. Februar 2013 12:26
An: "flow3-general at lists.typo3.org<mailto:flow3-general at lists.typo3.org>" <flow3-general at lists.typo3.org<mailto:flow3-general at lists.typo3.org>>
Betreff: Re: [FLOW3-general] limit access on entitities

Hi Andi,

I'm looking for an general method of resolution and have not yet
implemented this. Is the only way to join the customer and the user
model and write an own query like 'findByUserId' in the customer repo?

Greetz, Falk


Am 07.02.2013 11:46, schrieb Andreas Förthner:
Hi Falk,

do you already have a query, we could have a look at? There are still some missing parts in content security and if you'd have a query I could tell you if the automatic filtering would work for this specific usecase.

Greets Andi

Von: Falk <vixe4all at freenet.de<mailto:vixe4all at freenet.de><mailto:vixe4all at freenet.de>>
Organisation: TYPO3 Association
Antworten an: General discussion about FLOW3 <flow3-general at lists.typo3.org<mailto:flow3-general at lists.typo3.org><mailto:flow3-general at lists.typo3.org>>
Datum: Donnerstag, 7. Februar 2013 11:38
An: "flow3-general at lists.typo3.org<mailto:flow3-general at lists.typo3.org><mailto:flow3-general at lists.typo3.org>" <flow3-general at lists.typo3.org<mailto:flow3-general at lists.typo3.org><mailto:flow3-general at lists.typo3.org>>
Betreff: Re: [FLOW3-general] limit access on entitities

Hi Christian,

the customer<>user relation should based on "hand selected"
informations. Did you know an good example or tutorial who describes an
solution? At the part "content security" the documentation describes
only the very basics and I'm just starting with Flow.

Thanks, Falk


Am 07.02.2013 08:51, schrieb Christian Müller:
Hi Falk,

On 06.02.13 17:58, Falk wrote:
Hi everyone,

I'm presently dealing with the security basics. What is the best
proceeding to limit the access on defined entities (e.g. user has only
access to defined customers)? Is this complete solvable via AOP? How
should such an aspect looks like and which steps are necessary (e.g.
constraints between user and customer model)?
You might want to have a look at docs about content security [1] it
should exactly do what you want. Question is if you can find a limiting
factor that you can express in such a logical expression or if the
customer<>user relation is based on some "hand selected" information.

Cheers,
Christian

[1]
http://docs.typo3.org/flow/TYPO3FlowDocumentation/TheDefinitiveGuide/PartIII/Security.html#content-security


Dipl.-Inf. Andreas Förthner
Leiter Web-Entwicklung

Telefon: +49 (911) 539909 - 0
E-Mail: andreas.foerthner at netlogix.de<mailto:andreas.foerthner at netlogix.de>
Website: media.netlogix.de<http://media.netlogix.de>

--
netlogix GmbH & Co. KG
IT-Services | IT-Training | Media
Andernacher Straße 53 | 90411 Nürnberg
Telefon: +49 (911) 539909 - 0 | Fax: +49 (911) 539909 - 99
E-Mail: info at netlogix.de<mailto:info at netlogix.de><mailto:info at netlogix.de> | Internet: www.netlogix.de<http://www.netlogix.de/>

netlogix GmbH & Co. KG ist eingetragen am Amtsgericht Nürnberg (HRA 13338)
Persönlich haftende Gesellschafterin: netlogix Verwaltungs GmbH (HRB 20634)
Umsatzsteuer-Identifikationsnummer: DE 233472254
Geschäftsführer: Stefan Buchta, Matthias Schmidt


Dipl.-Inf. Andreas Förthner
Leiter Web-Entwicklung

Telefon: +49 (911) 539909 - 0
E-Mail: andreas.foerthner at netlogix.de
Website: media.netlogix.de<http://media.netlogix.de>
_______________________________________________
FLOW3-general mailing list
FLOW3-general at lists.typo3.org<mailto:FLOW3-general at lists.typo3.org><mailto:FLOW3-general at lists.typo3.org>
http://lists.typo3.org/cgi-bin/mailman/listinfo/flow3-general

_______________________________________________
FLOW3-general mailing list
FLOW3-general at lists.typo3.org<mailto:FLOW3-general at lists.typo3.org>
http://lists.typo3.org/cgi-bin/mailman/listinfo/flow3-general

More information about the FLOW3-general mailing list