[Flow] Policy and Command Controller
Bastian Waidelich
bastian at typo3.org
Thu Dec 18 20:40:09 CET 2014
Beat Guggisberg wrote:
Hi Beat,
> This looks for me like a major flaw in the Policy design.
I agree that it's a bug, though I wouldn't call it a "major flaw"
because it's so easy to work around (see below).
The reason why we didn't come across this one yet is probably because
usually policies target other layers of the system (i.e. MVC
controllers) that are not touched by CLI.
But, sure, there is no reason not to protect lower-level subsystems
(like repositories or services) as well!
> To use your workaround for every function touched by Policy is realy no way to go for me.
> Seems like i will stash my backendsecurity and only work with frontendsecurity till this is solved.
You wouldn't have to touch the protected functions but "just" the
affected command controllers.
Even better: review https://review.typo3.org/35566/ and give a +1 if you
agree and we can merge this and backport it to the released branches!
HTH,
--
Bastian Waidelich
More information about the Flow
mailing list