[Flow] policy.yaml: acl's are not correct configured?

Andre Hohmann mail at andre-hohmann.net
Mon Apr 27 15:08:28 CEST 2015 

 

Hallo Steffen, 

with allMitgliedMethods:
'method(ITOOPAtcControllerMitgliedController->.*Action.*())' for example
it works for me. 

Thank you! 

PS.: Yes, it´s because email-formatting; in my file it´s correct. 

---

Mit freundlichen Grüssen 

Andre Hohmann 

Am 2015-04-27 14:09, schrieb Steffen Wickham: 

> Hello again, ;)
> 
> you have to add the full namespace, otherwise the pointcut expression will fail. This is one of my Policy.yaml declarations:
> AFSVN_Schaf_API: 'method(AFSVNSchafControllerAPI.*Controller->.*Action())'
> 
> Just a hint (but I think it is just related to the email formatting), but keep an eye on the indents of the settings. In your example it looks like "indexMethods" is on the same level as "methods" but have to be indent one level.
> 
> All the best,
> Steffen
> 
> Am 27.04.15 um 13:59 schrieb Andre Hohmann:
> 
>> Hallo, my Policy.yaml looks like that: resources: methods: indexMethods: 'method(ITOOPAtc.*->index.*())' updateMethods: 'method(ITOOPAtc.*->update.*())' deleteMethods: 'method(ITOOPAtc.*->delete.*(force == TRUE))' roles: Administrator: [] User: [] acls: Administrator: methods: listMethods: GRANT updateMethods: GRANT deleteMethods: GRANT User: methods: listMethods: DENY updateMethods: DENY If I log in as User I'm able to index and update a "Mitglied" although I defined updateMethods: DENY in the policy. In the MitgliedController the action is defined as update-Action: ... public function updateAction(Mitglied $mitglied) { ... Does anybody know, why access to the actions is not denied? Thank you.
> 
> _______________________________________________
> Flow mailing list
> Flow at lists.typo3.org
> http://lists.typo3.org/cgi-bin/mailman/listinfo/flow [1]
 

Links:
------
[1] http://lists.typo3.org/cgi-bin/mailman/listinfo/flow



---------------------------------------------------------------------------------------------

http://www.andre-hohmann.net


Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese E-Mail. Das unerlaubte Kopieren und die unbefugte Weitergabe dieser E-Mail sind nicht gestattet.

More information about the Flow mailing list