[TYPO3-50-general] Problem with setting proper methods-based policies

François Suter fsu-lists at cobweb.ch
Wed Oct 10 16:31:29 CEST 2012


Hi all,

I have trouble setting a proper policy for the following scenario:

Consider a controller with a lot methods. All are reserved for users 
with the "Administrator" role and is may be accessed by users with a 
"Client" role.

I have tried the following policy:

resources:
   methods:
     Cobweb_Monitoring_EventManagement: 
'method(Cobweb\Monitoring\Controller\EventController->(.*)Action())'
     Cobweb_Monitoring_Timeline: 
'method(Cobweb\Monitoring\Controller\EventController->timelineAction())'
roles:
   Administrator: []
   Client: []
acls:
   Administrator:
     methods:
       Cobweb_Monitoring_EventManagement: GRANT
   Client:
     methods:
       Cobweb_Monitoring_Timeline: GRANT

My hope was that the more specific "timeline" action would be considered 
and allowed for "Client" roles, but that does not work. How should I 
handle this?

Cheers

-- 

Francois Suter
Cobweb Development Sarl - http://www.cobweb.ch


More information about the TYPO3-project-5_0-general mailing list