[TYPO3-50-general] FLOW3 ACL/Policy syntax discussion

[Bastian Waidelich]

Andreas Förthner wrote:

Hi Andi,

> in the last two days I thought a lot about the future ACL possibilities 
> FLOW3 must provide.

I've read your message twice because I didn't really get it the first time.
This is impressive, and I don't think the syntax is too complex - 
compared to its power.
What concerns me a bit is that a lot of "special" syntax is in quotes 
which makes configuration error-prone as it's difficult to provide 
support in future versions (like autocompletion or  meaningful error 
messages) when the syntax gets more complex.

Just a very naive idea:
Instead of

deleteMethods: "method(F3\FooPackage\BasicClassValidator->delete.*())"

what about

deleteMethods
   methods: ["F3\FooPackage\BasicClassValidator->delete.*()"]

or combined

theIntegrativeResource:
   methods: ["F3\FooPackage\BasicClassValidator->delete.*()"]
   entities: ["F3\TYPO3\Domain\Page", "F3\TYPO3\Domain\Site"]
   resources: ["xyz"]

..or mabye turn it around:

methods:
   deleteMethods: "method(F3\FooPackage\BasicClassValidator->delete.*())"
   ...

entities:
   pageModel: "F3\TYPO3\Domain\Page"
   siteModel: ""F3\TYPO3\Domain\Site"

well.. as I said just an idea. I don't know the implications really.


> //Files/ResourceManager. Any syntax proposals so far?

I guess a problem will be to differentiate between relative and absolute 
paths, right? and there might be URI-resources I guess..
What about using the standard protocol prefixes file:///, http:// etc?


> deleteMethods:  ACCESS_DENY($param.check > 10)

that's neat! and it would work with objects too, right:

deleteMethods: ACCESS_DENY($param.article.category == foo && 
$param.article.availability == TRUE)

?

All in all, it looks very good to me. And I don't think, it's too 
complicated - at least as soon as we'll have a fancy gui for it ;)
But I'd try to make the syntax as explicit as possible!

keep up!
Bastian