[Neos] Create protected area in Neos Website
Søren Malling
soren.malling at gmail.com
Thu Feb 20 09:33:55 CET 2014
On the other hand, that would be plain wrong!
If a user, who inherit the TYPO3.Neos:Editor role logs in (and is not a
"Editor" who should edit content, but just see some protected content)
he/she will be able to edit content if I'm right?
So this should not "the way to do it", right?
Cheers
Søren
On Thu, Feb 20, 2014 at 9:24 AM, Christian Loock <brainshack at gmail.com>wrote:
> Hi,
>
> thanks for the reply. The Only Question left now is how to let The
> Typo3.Neos:Editor Role inherit from one of my Packages roles without
> editing the Policy of Neos directly. Is there a way to do it from my
> package, since i dont want to edit the Core.
>
> Greetings,
>
> Christian
>
>
> 2014-02-20 8:56 GMT+01:00 Christian Müller <christian.mueller at typo3.org>:
>
> > Hi Brainshack,
> >
> > the logic exists already. See the field "accessroles" in the
> > "typo3_typo3cr_domain_model_nodedata" table. You can set them via
> > Node::setAccessRoles() and it should be an array of
> > TYPO3\Flow\Security\Policy\Role objects.
> >
> > Just be aware that this works for backend and frontend, so in order for
> > your editors to edit those pages you need to grant them access or let the
> > Editor role inherit from the frontend user role(s) that you need to
> define.
> >
> > This is not yet public API and we don't expose it anywhere in the user
> > interface. I am not aware of any plans currently to change it, but it
> > *could* still change in future versions until we declare it public.
> >
> > Cheers,
> > Christian
> >
> > Brainshack wrote:
> >
> >> Anyone? I cant find anything about it in the docs. A little pointer in
> the
> >> right direction would be great :)
> >>
> >>
> >> 2014-02-18 9:17 GMT+01:00 Brainshack<brainshack at gmail.com>:
> >>
> >> Hello everyone,
> >>>
> >>> I wonder if there are any best practices or features regarding securing
> >>> sites in the frontend.
> >>>
> >>> I basically want a part of the page tree to be only reachable with a
> >>> valid
> >>> frontend login.
> >>>
> >>> For the little I know about Neos, I would probably try something like
> >>> this:
> >>>
> >>> 1. Create a new Document Node Type for protected sites.
> >>>
> >>> 2. For Login / Registration, I would use flows Account Management with
> >>> special frontend roles, so the user cant login to the backend.
> >>>
> >>> The biggest question in that approach would be, how to handle the ACL
> for
> >>> the page ressources. If I add a node type for pages in neos, can i
> simply
> >>> use my Package's Policy.yaml to protect those sites from being visited
> ?
> >>>
> >>> Or am I maybe totally wrong and there is a much better approach?
> >>> _______________________________________________
> >>> Neos mailing list
> >>> Neos at lists.typo3.org
> >>> http://lists.typo3.org/cgi-bin/mailman/listinfo/neos
> >>>
> >>>
> > --
> > Christian Müller
> > Flow / Neos Team Community Contact
> >
> > TYPO3 .... inspiring people to share!
> > Get involved: http://typo3.org
> >
> >
> > _______________________________________________
> > Neos mailing list
> > Neos at lists.typo3.org
> > http://lists.typo3.org/cgi-bin/mailman/listinfo/neos
> >
> _______________________________________________
> Neos mailing list
> Neos at lists.typo3.org
> http://lists.typo3.org/cgi-bin/mailman/listinfo/neos
>
More information about the Neos
mailing list