[TYPO3-50-general] FLOW3 ACL/Policy syntax discussion
Nino Martincevic
don at zampano.com
Fri Jul 31 11:56:14 CEST 2009
Sorry for breakin' in, but many questions came up...
>> acls:
>> Administrator:
>> someResource: DENY(param.someObject.someProperty = 'foo')
>> someOtherResource: GRANT(context.someValue = TRUE)
>>
... and the other examples in this thread are looking to me like an
attempt to fully decorate business logic into some kind of configuration
files.
Do you really want to make such things available ouside the domain
model? Is this a kind of OOP ersatz decorated as ACL?
What are then domain objects for, they would be become almost full
anemic then, wouldn't they?
In my understanding ACL is for controlling access rights on resources,
not on behaviour or distinct properties of them. Where's the
encapsulation there?
I hope I totally missed the point...
Cheers!
More information about the TYPO3-project-5_0-general
mailing list