[Flow] Deny access by policy not working
Christian Müller
christian.mueller at typo3.org
Sat Jun 22 20:00:54 CEST 2013
Hey both of you,
I can at least say it should work with master...
>
> Someone any hints how to debug this?
>> Here is again my policy:
>> ----------------------------------------------------
>> resources:
>> methods:
>> RestrictedArea:
>> 'method(My\Package\Controller\CalculateController->*())'
This at least is wrong, you should understand it similar to a regular
expression not a filesystem glob, so:
'method(My\Package\Controller\CalculateController->.*())'
Would target all methods in the CalculateController (notice the . before
*), what you really want to do for controllers is target only Actions ->
'method(My\Package\Controller\CalculateController->.*Action())'
Try that and lets see if it helps.
The Security log in Data/Logs should also give you some insights...
And one additional remark, you rarely should have to DENY a resource,
because any defined resource that is not explicitly GRANTed will result
in an implicit deny anyway. You only need to DENY if you want to
overrule a GRANT and you should try to avoid DENY as much as possible as
a DENY cannot be overruled anymore.
Cheers,
Christian
More information about the Flow
mailing list