[Flow] Beginner Questions

Andreas Förthner andreas.foerthner at netlogix.de
Tue Jan 14 13:14:51 CET 2014 

Hi Jan,

please have a look at your resource definition. This regular expression
expresses not what you probalby intented. If you want to match any
character please add a .* not only a *.

Hope that helps.

Greets Andi

Am 14.01.14 12:30 schrieb "Jan Herzog" unter
<Jan-christoph-herzog at gmx.net>:

>Hello,
>
>Thanks you for your respone Steffen,
>
>i wont blame for any names used in programms.. i aint got arrays, i got
>pirates (because they make "arr(ay)"). [pirateUser["username"]]
>
>now Since i can use "getRole" i expected i might get Policy working. I
>wrote the Policy.yaml like explained.
>
>
>Policy.yaml (placed in "Company.Forum/Configuration")
>  roles:
>    Administrator: []
>    Visitor: []
>
>
>  resources:
>    methods:
>      allActions: 'method(Forum\Controller\*->*())'
>
>  acls:
>    Administrator:
>      methods:
>        allActions: DENY
>
>Settings.yaml (placed in "Company.Forum/Configuration")
>  TYPO3:
>    Flow:
>      security:
>        authentication:
>          providers:
>            DefaultProvider:
>              provider: PersistedUsernamePasswordProvider
>              entryPoint: 'WebRedirect'
>              entryPointOptions:
>                routeValues:
>                  '@package': 'Skriptura.EventPlaner'
>                  '@controller': 'Authenticate'
>                  '@action': 'login'
>
>Since those settings should deny me the Access to any Controller i
>expected an error, or anything like this. But it simply didnt do anything.
>
>
>Furthermore i thinking about the permissions some more.
>
>
>//copied from Security Section in definitiv guide
>resources:
>  entities:
>    'Acme\MyPackage\Domain\Model\Customer':
>      Acme_MyPackage_Customers_All: 'ANY'
>      Acme_MyPackage_Customers_Vip: 'this.vip == TRUE'
>      Acme_MyPackage_Customers_Me: 'current.securityContext.account ==
>this.account && this.account != NULL'
>
>I think "current.securityContext.account" is the session of the user.. so
>"this.account" might be the data passed to the package.
>I wonder if i can call methods, like
>"User.getUser("current.securityContext.account")->contains(this.thread)";
>to get access? I could make an list within this user, containing any
>threads im moderator in, and simply check if the requested thread is
>within the user?
>_______________________________________________
>Flow mailing list
>Flow at lists.typo3.org
>http://lists.typo3.org/cgi-bin/mailman/listinfo/flow

More information about the Flow mailing list