[Flow] Re: I get an access error when logged in but not when logged out

Calgacus map Brude calgach at gmail.com
Thu Feb 5 19:04:46 CET 2015 

Is there a way to exempt the  given URL on my site from security?  I wonder if the system expects some session data on the redirect, not finding it  then complains.  

My Policy.yaml looks like so:

#
# Policy implementation for aaa.Shop Package
#
#

roles:
  ShopAdministrator: [bbb.SuperUser:SuperUser]
  ShopCustomer: []

resources:
  methods:
    aaa_Shop_AdminLoginMethods: 'method(aaa\Shop\Controller\AdminLoginController->(adminLogin|logout)Action())'
    aaa_Shop_BrandMethods: 'method(aaa\Shop\Controller\BrandController->(list|show|new|create|edit|update|deleteBrand|brandVerify|ajax)Action())'
    aaa_Shop_ConditionMethods: 'method(aaa\Shop\Controller\ConditionController->(index|show|new|create|edit|update|delete|filter|conditionVerify|ajax)Action())'
    aaa_Shop_ConfigurationMethods: 'method(aaa\Shop\Controller\ConfigurationController->(index|show|new|create|edit|update|delete|configurationGridAjax)Action())'
    aaa_Shop_CurrencyMethods: 'method(aaa\Shop\Controller\CurrencyController->(list|show|new|create|edit|update|currencyVerify|ajaxCurrency)Action())'
    aaa_Shop_CustomerManagementMethods: 'method(aaa\Shop\Controller\CustomerManagementController->.*Action())'
    aaa_Shop_DiscountOfferMethods: 'method(aaa\Shop\Controller\DiscountOfferController->(listDiscountOffer|showDiscountOffer|addDiscountOffer|createDiscountOffer|editDiscountOffer|updateDiscountOffer|deleteDiscountOffer|initializeCreateDiscountOffer|discountOfferVerify|initializeUpdateDiscountOffer|addDiscountRule|editDiscountRule|createDiscountRule|updateDiscountRule|listDiscountRule|showDiscountRule|deleteDiscountRule|discountRuleTitleVerify|ajaxDiscountRule|jaxDiscountOffer|ajaxDiscountOffer)Action())'
    aaa_Shop_OrderManagementMethods: 'method(aaa\Shop\Controller\OrderManagementController->(listOrder|showOrder|editOrder|updateOrder|deleteOrder|editOrderStatusHistory|abandonedShoppingCart|showAbandonedOrder|abandonedOrderNotify|ajaxOrderAdmin|ajaxArchivedOrderAdmin|ajaxAbandonedShoppingCart|printPackingSlip|estimateWebService|shipmentWebService|editOrderAddressForAdmin|updateOrderAddressForAdmin|editOrderStatusForAdmin|orderShippingDetailForAdmin|ajaxOrderItems|viewOrderItemDetailsForAdmin|editOrderItemsForAdmin|productArticleForEditOrderItems|productArticleForEditOrderItemsWithQuantity|updateOrderItemsForAdmin|newPickup|schedulePickup|printShippingLabels|printOrderInvoice)Action())'
    aaa_Shop_PaymentMethods: 'method(aaa\Shop\Controller\PaymentMethodController->(list|show|add|create|edit|update|delete|paymentMethodVerify|ajax)Action())'
    aaa_Shop_ProductCatalogMethods: 'method(aaa\Shop\Controller\ProductCatalogController->(index|show|newProduct|createProduct|editProduct|updateProduct|deleteProduct|newProductArticle|createProductArticle|updateProductArticle|deleteProductArticle|listProductAttribute|editProductArticle|newProductAttribute|showProductArticle|createProductAttribute|updateProductAttribute|showProductAttribute|editProductAttribute|deleteProductAttribute|showMostViewedProducts|outOfStock|productArticleVerify|productSkUidVerify|productAttributeVerify|saveToken|getToken|ajaxProductGrid|propertyGridAjax|ajaxMostViewedProduct|ajaxOutOfStockProduct|ajaxArticle|import|columnMapping|submitImport)Action())'
    aaa_Shop_ProductCategoryMethods: 'method(aaa\Shop\Controller\ProductCategoryController->(list|show|new|create|edit|update|delete|productCategoryVerify|ajaxProductCategoryGrid)Action())'
    aaa_Shop_ShippingMethods: 'method(aaa\Shop\Controller\ShippingMethodController->(list|show|add|create|edit|update|delete|shippingMethodVerify|ajax)Action())'
    aaa_Shop_TaxZoneMethods: 'method(aaa\Shop\Controller\TaxZoneController->.*Action())'
    aaa_Shop_CustomerMethods: 'method(aaa\Shop\Controller\CustomerController->.*Action())'
    aaa_Shop_MenuMethods: 'method(aaa\Shop\Controller\MenuController->(brandMenu|conditionMenu|productCategoryMenu|productDispensaryMenu)Action())'
    aaa_Shop_MetaDataMethods: 'method(aaa\Shop\Controller\MetaDataController->(index)Action())'
    aaa_Shop_MobileDetection: 'method(aaa\Shop\Controller\MobileDetectionController->(mobileDetect)Action())'
    aaa_Shop_OrderMethods: 'method(aaa\Shop\Controller\OrderController->(shippingAddress|billingAddress|orderReview|selectShippingMethod|purolatorQuickEstimate|displayOrderNotification|previouslyPurchased|paymentResult|contentTemplate|orderSummary|saveUserNotes|getOrdersBySkus|ordersReport)Action())'
    aaa_Shop_ProductMethods: 'method(aaa\Shop\Controller\ProductController->(showProductArticle|listCustomerByProductByOrder|getProductsByCategory|getSkusByProduct|getOrdersBySkus|searchProduct|searchResult|listProductArticle|listCookingClasses|listGiftCards|listResource|newlyAddedProduct|productDescription|recentlyViewedProducts|suggestProduct|bestSellingProduct|shareProduct|storeCurrency|checkProductStock|listAllSpecials|listAllPromotions|showAllSpecialDiscounts|showRelatedPages|listFeaturedProduct|showFeaturedProduct|showAllProduct|ordersReport|filteredSelect|filteredSKUSelect)Action())'
    aaa_Shop_ShopLoginMethods: 'method(aaa\Shop\Controller\ShopLoginController->(changePassword|updatePassword|login|authenticate|logout|forgotPassword|sendPasswordToken|resetPassword|)Action())'
    aaa_Shop_ShopingCartMethods: 'method(aaa\Shop\Controller\ShoppingCartController->(addToCart|viewMiniShoppingCart|viewDetailShoppingCart|removeOrderItem|abandon)Action())'
    TYPO3_FormBuilder_FormManagerMethods: 'method(TYPO3\FormBuilder\Controller\FormManagerController->.*Action())'
    TYPO3_FormBuilder_EditorMethods: 'method(TYPO3\FormBuilder\Controller\EditorController->.*Action())'
    TYPO3_FormBuilder_StandardMethods: 'method(TYPO3\FormBuilder\Controller\StandardController->.*Action())'


acls:
  ShopAdministrator:
    methods:
      aaa_Shop_BrandMethods: GRANT
      aaa_Shop_ConditionMethods: GRANT
      aaa_Shop_ConfigurationMethods: GRANT
      aaa_Shop_CurrencyMethods: GRANT
      aaa_Shop_CustomerManagementMethods: GRANT
      aaa_Shop_DiscountOfferMethods: GRANT
      aaa_Shop_OrderManagementMethods: GRANT
      aaa_Shop_PaymentMethods: GRANT
      aaa_Shop_ProductCatalogMethods: GRANT
      aaa_Shop_ProductCategoryMethods: GRANT
      aaa_Shop_ShippingMethods: GRANT
      aaa_Shop_TaxZoneMethods: GRANT
      aaa_Shop_CustomerMethods: GRANT

  ShopCustomer:
    methods:
      aaa_Shop_AdminLoginMethods: GRANT
      aaa_Shop_CustomerMethods: GRANT
      aaa_Shop_OrderMethods: GRANT
      aaa_Shop_ProductMethods: GRANT
      aaa_Shop_ShopLoginMethods: GRANT
      aaa_Shop_ShopingCartMethods: GRANT
      aaa_Shop_MenuMethods: GRANT
      aaa_Shop_MetaDataMethods: GRANT
      aaa_Shop_MobileDetection: GRANT
      aaa_Shop_CustomerManagementMethods: GRANT
      aaa_Shop_TaxZoneMethods: GRANT
      aaa_Shop_ConditionMethods: GRANT
      bbb_SuperUser_Logout: GRANT
      

  TYPO3.Neos:Editor:
    methods:
      TYPO3_FormBuilder_FormManagerMethods: GRANT
      TYPO3_FormBuilder_EditorMethods: GRANT
      TYPO3_FormBuilder_StandardMethods: GRANT

  Everybody:
    methods:
      aaa_Shop_AdminLoginMethods: GRANT
      aaa_Shop_CustomerMethods: GRANT
      aaa_Shop_OrderMethods: GRANT
      aaa_Shop_ProductMethods: GRANT
      aaa_Shop_ShopLoginMethods: GRANT
      aaa_Shop_ShopingCartMethods: GRANT
      aaa_Shop_MenuMethods: GRANT
      aaa_Shop_MetaDataMethods: GRANT
      aaa_Shop_MobileDetection: GRANT
      aaa_Shop_CustomerManagementMethods: GRANT
      aaa_Shop_TaxZoneMethods: GRANT
      aaa_Shop_ConditionMethods: GRANT

More information about the Flow mailing list