[Neos] Create protected area in Neos Website

Christian Loock brainshack at gmail.com
Thu Feb 20 09:24:25 CET 2014


thanks for the reply. The Only Question left now is how to let The
Typo3.Neos:Editor Role inherit from one of my Packages roles without
editing the Policy of Neos directly. Is there a way to do it from my
package, since i dont want to edit the Core.



2014-02-20 8:56 GMT+01:00 Christian Müller <christian.mueller at typo3.org>:

> Hi Brainshack,
> the logic exists already. See the field "accessroles" in the
> "typo3_typo3cr_domain_model_nodedata" table. You can set them via
> Node::setAccessRoles() and it should be an array of
> TYPO3\Flow\Security\Policy\Role objects.
> Just be aware that this works for backend and frontend, so in order for
> your editors to edit those pages you need to grant them access or let the
> Editor role inherit from the frontend user role(s) that you need to define.
> This is not yet public API and we don't expose it anywhere in the user
> interface. I am not aware of any plans currently to change it, but it
> *could* still change in future versions until we declare it public.
> Cheers,
> Christian
> Brainshack wrote:
>> Anyone? I cant find anything about it in the docs. A little pointer in the
>> right direction would be great :)
>> 2014-02-18 9:17 GMT+01:00 Brainshack<brainshack at gmail.com>:
>>  Hello everyone,
>>> I wonder if there are any best practices or features regarding securing
>>> sites in the frontend.
>>> I basically want a part of the page tree to be only reachable with a
>>> valid
>>> frontend login.
>>> For the little I know about Neos, I would probably try something like
>>> this:
>>> 1. Create a new Document Node Type for protected sites.
>>> 2. For Login / Registration, I would use flows Account Management with
>>> special frontend roles, so the user cant login to the backend.
>>> The biggest question in that approach would be, how to handle the ACL for
>>> the page ressources. If I add a node type for pages in neos, can i simply
>>> use my Package's Policy.yaml to protect those sites from being visited ?
>>> Or am I maybe totally wrong and there is a much better approach?
>>> _______________________________________________
>>> Neos mailing list
>>> Neos at lists.typo3.org
>>> http://lists.typo3.org/cgi-bin/mailman/listinfo/neos
> --
> Christian Müller
> Flow / Neos Team Community Contact
> TYPO3 .... inspiring people to share!
> Get involved: http://typo3.org
> _______________________________________________
> Neos mailing list
> Neos at lists.typo3.org
> http://lists.typo3.org/cgi-bin/mailman/listinfo/neos

More information about the Neos mailing list