[Flow] Beginner Questions

Tue Jan 14 12:30:47 CET 2014

Hello,

Thanks you for your respone Steffen,

i wont blame for any names used in programms.. i aint got arrays, i got pirates (because they make "arr(ay)"). [pirateUser["username"]]

now Since i can use "getRole" i expected i might get Policy working. I wrote the Policy.yaml like explained.

Policy.yaml (placed in "Company.Forum/Configuration")
  roles:
    Administrator: []
    Visitor: []

  resources:
    methods:
      allActions: 'method(Forum\Controller\*->*())'

  acls:
    Administrator:
      methods:
        allActions: DENY

Settings.yaml (placed in "Company.Forum/Configuration")
  TYPO3:
    Flow:
      security:
        authentication:
          providers:
            DefaultProvider:
              provider: PersistedUsernamePasswordProvider
              entryPoint: 'WebRedirect'
              entryPointOptions:
                routeValues:
                  '@package': 'Skriptura.EventPlaner'
                  '@controller': 'Authenticate'
                  '@action': 'login'

Since those settings should deny me the Access to any Controller i expected an error, or anything like this. But it simply didnt do anything.

Furthermore i thinking about the permissions some more.

//copied from Security Section in definitiv guide
resources:
  entities:
    'Acme\MyPackage\Domain\Model\Customer':
      Acme_MyPackage_Customers_All: 'ANY'
      Acme_MyPackage_Customers_Vip: 'this.vip == TRUE'
      Acme_MyPackage_Customers_Me: 'current.securityContext.account == this.account && this.account != NULL'

I think "current.securityContext.account" is the session of the user.. so "this.account" might be the data passed to the package.
I wonder if i can call methods, like 
"User.getUser("current.securityContext.account")->contains(this.thread)";
to get access? I could make an list within this user, containing any threads im moderator in, and simply check if the requested thread is within the user?