[TYPO3-50-general] FLOW3 ACL/Policy syntax discussion
Andreas Förthner
Andreas.Foerthner at netlogix.de
Wed Jul 29 21:36:12 CEST 2009
Hi all,
last week I've been in Lübeck and we made really good progress in the concept and functionality of the security
framework. Now I'd like to give you a short update on the ACL concept as we worked it out for now.
The main thing we decided for now is, not to handle model security over the yaml policy. It seemed not to be a really
good idea to split the stored objects from their access rules. So all model security will be handled by the content
repository and we won't have to handle it in the ACLs/policy.
The next thing we kicked out of the concept for now, are custom privileges. We simply couldn't find any use case for
them. So we will only have the ACCESS privilege. In consequence it is sufficient to write DENY or GRANT in the acl
definitions.
As a cool new feature, I've implemented the ifAccess view helper as already described.
The next step will be conditions for the access privilege. That means you will be able to write something like that:
acls:
Administrator:
someResource: DENY(param.someObject.someProperty = 'foo')
someOtherResource: GRANT(context.someValue = TRUE)
I think we were not sure, if we should write DENY(...) or DENYIF(...) for privileges with conditions. What do you think
is better?
So, this is the current status, if something is not clear or I've forgotten something, please let me know.
As always: I'm really looking forward to your feedback.
Greets Andi
More information about the TYPO3-project-5_0-general
mailing list