[Flow] [FLOW] RFC - Use functions on Policy
Adrian Föder
adrian at foeder.de
Mon Mar 3 16:05:12 CET 2014
Hi Andi,
it seems we in our project are going to need to build a possibility to
be able to set entity ACLs at runtime, i.e. ACLs set by users.
Like, "I am an Administrator and this (concrete) Entity may be readable
by User A and B, and be editable and deletable by User C."
I am currently collection information to achieve this, and the method
invocation is surely one facet of it. As far as I know, the aop is only
able to deliver something which then can be combined with the present
operators like ==, IN, etc.
Is it possible to somehow check for "TRUE", passing a variable in? Or
would that even be more a responsibility of an AccessDecisionVoter?
I intend something like
policy:
resources:
methods: (!)
'My_Package_ProductModifyActions': >
method(public
My\Package\Controller\ProductController->(edit|update)Action(current.entityAccessVoter.may('MODIFY',
product))
or so; not sure ATM, but you might get the idea.
On a side note, I saw some effort going on for Node Type constraints and
security at all; is there anything planned at the moment for this kind
of "runtime security"?
Thanks and best!
Adrian
Am 06.02.2014 11:47, schrieb Andreas Förthner:
> Hi Jan,
>
> you can easily achieve that already. Just register your service class
> (maybe not name it test ;-) ) as a global object in your AOP settings.
>
> E.g. in your Settings.yaml:
>
> TYPO3.Flow.aop.globalObjects.mySpecialAccountService =
> '\My\VendorNamespace\Services\MyAccountServiceŒ).
>
> After that you can use methods of this service in pointcut expressions of
> your Policy:
>
> policy:
> ressource:
> entities:
> 'your\package\test':
> you_package_example: 'inArray("stuff",this.var) ||
> current.mySpecialAccountService.account == current.securityContext.account'
>
>
>
> Hope that helps.
>
> Greets Andi
>
> Am 06.02.14 11:35 schrieb "Jan Herzog" unter
> <Jan-christoph-herzog at gmx.net>:
>
>> Hello,
>>
>> i dont know if this is the right place. I want to request an feature:
>> I would love to be able to use functions in Policy. This would make
>> policy much more flexible and dynamic.
>>
>> An example:
>> class test
>> {
>> $var = array("stuff","otherStuff");
>> private $account=\TYPO3\Flow\Securty\Account;
>>
>> public function gotAccount($account)
>> {
>> return $this->account==$account;
>> }
>> }
>>
>> policy:
>> ressource:
>> entities:
>> 'your\package\test':
>> you_package_example: 'inArray("stuff",this.var) ||
>> this.gotAccount(current.securityContext.account)'
>>
> Andreas Förthner
> Leiter Web-Entwicklung
>
> Telefon: +49 (911) 539909 - 0
> E-Mail: andreas.foerthner at netlogix.de
> Website: media.netlogix.de
>
>
>
> --------------------
> Geben Sie Cyber-Kriminellen keine Chance
> Lückenloser Schutz mit Security-Lösungen von Sophos: Erfahren Sie, wie Sie Ihr Unternehmen wirksam schützen und gewinnen Sie einen Boomball Pro Mini-Lautsprecher:
> https://www.cyber-gesindel-a.de/netlogix
> --------------------
>
>
>
> --
> netlogix GmbH & Co. KG
> IT-Services | IT-Training | Media
> Neuwieder Straße 10 | 90411 Nürnberg
> Telefon: +49 (911) 539909 - 0 | Fax: +49 (911) 539909 - 99
> E-Mail: info at netlogix.de | Internet: http://www.netlogix.de
>
> netlogix GmbH & Co. KG ist eingetragen am Amtsgericht Nürnberg (HRA 13338)
> Persönlich haftende Gesellschafterin: netlogix Verwaltungs GmbH (HRB 20634)
> Umsatzsteuer-Identifikationsnummer: DE 233472254
> Geschäftsführer: Stefan Buchta, Matthias Schmidt
>
>
>
> _______________________________________________
>> Flow mailing list
>> Flow at lists.typo3.org
>> http://lists.typo3.org/cgi-bin/mailman/listinfo/flow
>
More information about the Flow
mailing list