[Flow] Prevent access to a disabled account

[Bastian Waidelich]

Mark Kuiphuis wrote:

Hi Mark,

> I'm trying to understand how the whole authorization and authentication
> module works in TYPO3 Flow. What I fail to see is how I can deny access
> to the application when the person's account is suspended, similar to
> the current TYPO3 Backend functionality?


$account->setExpirationDate(new \DateTime());
$this->accountRepository->update($account);

Does that help already?

If you want to allow the expired user to login still you can instead add 
a property "expirationDate" to your custom User model (extending 
AbstractParty) and check that on authentication (in order to inform the 
user about the expired account and/or to add an "Expired" role which you 
can refer to in you policies.


-- 
Bastian Waidelich
--
Core Developer Team

TYPO3 .... inspiring people to share!
Get involved: typo3.org