[Flow] Policy and Command Controller
Beat Guggisberg
beat.guggisberg at eglionline.ch
Mon Dec 22 13:41:00 CET 2014
Hi Bastian
As i see its already merged.
I will try it as soon as i have time and php 5.5, as i just saw when trying to install a master version.
Thanks a lot.
Beat
Am Donnerstag, 18. Dezember 2014 20:40 CET, Bastian Waidelich <bastian at typo3.org> schrieb:
Beat Guggisberg wrote:
Hi Beat,
> This looks for me like a major flaw in the Policy design.
I agree that it's a bug, though I wouldn't call it a "major flaw"
because it's so easy to work around (see below).
The reason why we didn't come across this one yet is probably because
usually policies target other layers of the system (i.e. MVC
controllers) that are not touched by CLI.
But, sure, there is no reason not to protect lower-level subsystems
(like repositories or services) as well!
> To use your workaround for every function touched by Policy is realy no way to go for me.
> Seems like i will stash my backendsecurity and only work with frontendsecurity till this is solved.
You wouldn't have to touch the protected functions but "just" the
affected command controllers.
Even better: review https://review.typo3.org/35566/ and give a +1 if you
agree and we can merge this and backport it to the released branches!
HTH,
--
Bastian Waidelich
_______________________________________________
Flow mailing list
Flow at lists.typo3.org
http://lists.typo3.org/cgi-bin/mailman/listinfo/flow
--
Egli's frische Küchenkräuter AG
Beat Guggisberg
Informatik
Riedeggweg 70c
CH-3020 Riedbach
direkt: +41 31 926 66 47
Zentrale: +41 31 926 66 66
Fax: +41 31 926 66 77
beat.guggisberg at eglionline.ch
www.eglionline.ch
More information about the Flow
mailing list