[TYPO3-50-general] Problem with setting proper methods-based policies
Rens Admiraal
rens.admiraal at typo3.org
Mon Oct 22 21:06:28 CEST 2012
Hi Francois,
IIRC this should work. By having those separate resources defined. The
security framework will search for all resources defined for the method
call, and if one of them is allowed it will allow access.
Can you maybe post the error you got when access is denied?
Greetz,
Rens
Op 10-10-12 16:31, François Suter schreef:
> Hi all,
>
> I have trouble setting a proper policy for the following scenario:
>
> Consider a controller with a lot methods. All are reserved for users
> with the "Administrator" role and is may be accessed by users with a
> "Client" role.
>
> I have tried the following policy:
>
> resources:
> methods:
> Cobweb_Monitoring_EventManagement:
> 'method(Cobweb\Monitoring\Controller\EventController->(.*)Action())'
> Cobweb_Monitoring_Timeline:
> 'method(Cobweb\Monitoring\Controller\EventController->timelineAction())'
> roles:
> Administrator: []
> Client: []
> acls:
> Administrator:
> methods:
> Cobweb_Monitoring_EventManagement: GRANT
> Client:
> methods:
> Cobweb_Monitoring_Timeline: GRANT
>
> My hope was that the more specific "timeline" action would be considered
> and allowed for "Client" roles, but that does not work. How should I
> handle this?
>
> Cheers
>
More information about the TYPO3-project-5_0-general
mailing list