[Flow] Content security does'nt work
Andreas Förthner
andreas.foerthner at netlogix.de
Mon May 19 18:04:02 CEST 2014
Hi,
sure, I¹ll simply paste the relevant part of our current concept here.
Things might still change, but the general concept is pretty stable I
would say. If you are interested in the current code status you can have a
look at our work in progress changes in gerrit:
https://review.typo3.org/#/q/topic:acl,n,z
Restructured Policy.yaml
‹‹‹‹‹‹‹‹‹‹‹‹‹
* Rename ³resource² to "privilege target"
* we have a code migration for this
* reintroduce global Policy.yaml
* roles have to be specified with their fully qualified name
(TYPO3.TYPOCR:Administrator)
* no need to persist roles
* NOTE: the ³privilegeTargets² are ALWAYS in YAML.
* Naming convention for privilege targets:
** old: TYPO3_Neos_Backend_Module_Administration
** new: TYPO3.Neos:Backend.Modules.Administration
* one named privilege target can hold definitions for exactly one
privilege target type, like methods, entities, nodes, assets, etc.
* Remove ³acl², privileges are bound to roles
Example:
roles:
'TYPO3.Foo:Marketing':
parentRoles: ['TYPO3.Foo:Editor', 'TYPO3.Foo:Manager']
privileges:
-
privilegeTarget: 'My.Package:Some.Privilege.Target.Name'
permission: GRANT
-
privilegeTarget: 'My.Package:Some.Other.Privilege.Target'
permission: GRANT
Generic Doctrine content security support
‹‹‹‹‹‹‹‹
* migrate syntax to EEL
* allow registration of custom (first level) matchers
* will be used for node in Neos, eg. isSite(), isParent(), etc.
* Each matcher has to return a SQL where clause as a result
* Entity privilege targets that are ³abstained² mean:
* you cannot see (load from persistence) these entities
* this is a breaking change!
Example:
privilegeTargets:
'My.Package:Some.Privilege.Target.Name':
type: 'TYPO3.Flow:Entity'
matcher: 'isType("TYPO3\TYPO3CR\Domain\Model\Node³) &&
property("workspace").equals("live³) &&
property("some.relation.property").contains(context.currentUser)Œ
Greets Andi
Am 19.05.14 17:50 schrieb "Aimo Kuenkel" unter <mail at aimo.cc>:
>Hi Andi,
>
>Can we have any insight about the current discussion about the solution
>or how it will be implemented and usable?
>
>And for Falk, maybe this is a silly solution but could you add a boolean
>property "foo" to your entity that defaults to true and write
>'this.foo == true &&! (this.users contains current.securityContext.party)'
>Until a solution is provided?
>
>Wait, Even better: provide a dummy object, make it available as global
>object, give it a TRUE property 'foo' and say 'current.dummy.foo == true
>&&! (...)'
>
>Greetings,
>
>Aimo
>
>-----Ursprüngliche Nachricht-----
>Von: flow-bounces at lists.typo3.org [mailto:flow-bounces at lists.typo3.org]
>Im Auftrag von Andreas Förthner
>Gesendet: Montag, 19. Mai 2014 17:39
>An: TYPO3 Flow mailing list
>Betreff: Re: [Flow] Content security does'nt work
>
>Hi Falk,
>
>sorry, that ist not possible right now, but the solution we are currently
>working on will cover this. It will be included in one of the next two
>flow versions. The task is unfortunately really complex to solve within
>doctrine.
>
>All the best
>
>Andi
>
>Am 19.05.14 16:58 schrieb "Falk" unter <vixe4all at freenet.de>:
>
>>Hi Andi ... sounds not good. This is a must have for my application.
>>Isn't this essentially for a lot of use cases?
>>
>>How can an solution looks like in Flow?
>>
>Andreas Förthner
>Leiter Web-Entwicklung
>
>Telefon: +49 (911) 539909 - 0
>E-Mail: andreas.foerthner at netlogix.de
>Website: media.netlogix.de
>
>
>
>-----------------------------
>PRTG Network Monitor
>Lernen Sie, wie Sie Ihr Netz einfach und effektiv überwachen können.
>Jetzt anmelden zum netlogix-Event am 27.05.2014:
>Jetzt anmelden:
>http://it-training.netlogix.de/angebote/events/prtg-network-monitor
>
>Citrix XenApp & Desktop 7.5 Das Wichtigste in einem Tag Lernen Sie die
>neue Version kennen. Jetzt anmelden zum netlogix 79er Seminar am
>18.06.2014 für nur 79.- EUR:
>Jetzt anmelden:
>http://it-training.netlogix.de/angebote/79ers/citrix-xendesktop-75
>------------------------------------
>
>
>
>--
>netlogix GmbH & Co. KG
>IT-Services | IT-Training | Media
>Neuwieder Straße 10 | 90411 Nürnberg
>Telefon: +49 (911) 539909 - 0 | Fax: +49 (911) 539909 - 99
>E-Mail: info at netlogix.de | Internet: http://www.netlogix.de
>
>netlogix GmbH & Co. KG ist eingetragen am Amtsgericht Nürnberg (HRA
>13338) Persönlich haftende Gesellschafterin: netlogix Verwaltungs GmbH
>(HRB 20634)
>Umsatzsteuer-Identifikationsnummer: DE 233472254
>Geschäftsführer: Stefan Buchta, Matthias Schmidt
>
>
>
>_______________________________________________
>>Flow mailing list
>>Flow at lists.typo3.org
>>http://lists.typo3.org/cgi-bin/mailman/listinfo/flow
>
>_______________________________________________
>Flow mailing list
>Flow at lists.typo3.org
>http://lists.typo3.org/cgi-bin/mailman/listinfo/flow
>_______________________________________________
>Flow mailing list
>Flow at lists.typo3.org
>http://lists.typo3.org/cgi-bin/mailman/listinfo/flow
More information about the Flow
mailing list