[FLOW3-general] How to secure a controller?
Steffen Wickham
steffen at gaming-inc.de
Sun Jan 13 14:05:34 CET 2013
No, John is right. Don't know what I've done while writing my last
response...
Of course LoginController don't have to be a resource as it would be
protected by the framework as John already mentioned.
Please give the following solution a try. The main change to my first
solution is, that it should protect all controller of your package
except LoginController. So you don't have to modify Policy.yaml when you
add a new controller to your package.
resources:
entities: []
methods:
SecuredArea: 'method(VENDOR\PACKAGE\Controller\(?!Login)Controller->.*Action())'
roles:
Administrator: []
acls:
Administrator:
methods:
SecuredArea: GRANT
The pointcut expression is based of the "method()" chapter of the AOP
documentation:
http://flow.typo3.org/documentation/guide/partiii/aspectorientedprogramming.html#method
Greetings
Steffen
Am 13.01.2013 13:04, schrieb Qbus | Axel Wüstemann:
> Am 13.01.2013 12:49, schrieb John Small:
>> Hello,
>>
>> don't put the Logincontroller in the resources because then you actually
>> need to be logged in to access it !
>> Everything mentioned in the resources is blocked by default.
>>
> Isn't the access to the LoginController GRANTed by
>
> Everybody:
> methods:
> Login: GRANT
>
> ?
>
> Axel
> _______________________________________________
> FLOW3-general mailing list
> FLOW3-general at lists.typo3.org
> http://lists.typo3.org/cgi-bin/mailman/listinfo/flow3-general
More information about the Flow
mailing list