[TYPO3-50-general] Generic solution for disabled/enabled records
Kerstin Huppenbauer
kerstin.huppenbauer at die-digiparden.de
Thu Nov 1 23:01:33 CET 2012
Have a look at this
http://lists.typo3.org/pipermail/flow3-general/2012-September/002710.html
Greets
Kerstin
> Its a bug with nested objects
>
> [TYPO3.Flow - Bug #42606] Content Security with nested objects
> http://forge.typo3.org/issues/42606
>
>
>
> Am 01.11.12 14:15, schrieb Julian Kleinhans:
>> Hi,
>>
>> hum.. it doesnt work, did i forget something ?
>> This is my current Policy.yaml
>>
>>
>> resources:
>> entities:
>> Kj187_Tutorials_Domain_Model_Tutorial:
>> Kj187_Tutorials_Domain_Model_Tutorial_Disabled: 'this.disabled ==
>> TRUE'
>>
>> roles:
>> Administrator: []
>>
>> acls:
>> Administrator:
>> entities:
>> Kj187_Tutorials_Domain_Model_Tutorial_Disabled: GRANT
>> Everybody:
>> entities:
>> Kj187_Tutorials_Domain_Model_Tutorial_Disabled: DENY
>> Anonymous:
>> entities:
>> Kj187_Tutorials_Domain_Model_Tutorial_Disabled: DENY
>>
>>
>>
>> Cheers
>> Julian
>>
>>
>>
>>
>> Am 01.11.12 08:29, schrieb Pankaj Lele:
>>> Hi Julian,
>>>
>>>> what is the best way to get a generic way for disabled/enabled records
>>>> (like a comment or a tutorial for example) ?
>>>>
>>>> For example, everyone can write a comment in a blog, but all new
>>>> comments must be approved by an admin. So all new comments are stored
>>>> with a disabled = 1 flag.
>>>>
>>>> I think the best way is to resolve this via AOP. Are there any ideas or
>>>> existing solutions ?
>>>
>>> I think the best way would be to do it with Security policies. So with
>>> proper content security definitions [1] you can define Normal users can
>>> only read disabled = 0 objects and Admins can read any objects.
>>>
>>> [1]
>>> http://flow.typo3.org/documentation/guide/partiii/security.html#content-security
>>>
>>>
>>
>
More information about the TYPO3-project-5_0-general
mailing list