[Neos] Create protected area in Neos Website

Thu Feb 20 09:42:32 CET 2014

No its the other way arround, you would need to Make the Editor role
inherit from your own role.

This way, editors can edit the nodes, but people who have the role to see
the role, would not be editors.

And that is the big Questionmark over my head. How would i make the
Typo3.Neos:Editor role inherit from my custom role?

2014-02-20 9:33 GMT+01:00 Søren Malling <soren.malling at gmail.com>:

> On the other hand, that would be plain wrong!
>
> If a user, who inherit the TYPO3.Neos:Editor role logs in (and is not a
> "Editor" who should edit content, but just see some protected content)
> he/she will be able to edit content if I'm right?
>
> So this should not "the way to do it", right?
>
> Cheers
>
> Søren
>
>
> On Thu, Feb 20, 2014 at 9:24 AM, Christian Loock <brainshack at gmail.com
> >wrote:
>
> > Hi,
> >
> > thanks for the reply. The Only Question left now is how to let The
> > Typo3.Neos:Editor Role inherit from one of my Packages roles without
> > editing the Policy of Neos directly. Is there a way to do it from my
> > package, since i dont want to edit the Core.
> >
> > Greetings,
> >
> > Christian
> >
> >
> > 2014-02-20 8:56 GMT+01:00 Christian Müller <christian.mueller at typo3.org
> >:
> >
> > > Hi Brainshack,
> > >
> > > the logic exists already. See the field "accessroles" in the
> > > "typo3_typo3cr_domain_model_nodedata" table. You can set them via
> > > Node::setAccessRoles() and it should be an array of
> > > TYPO3\Flow\Security\Policy\Role objects.
> > >
> > > Just be aware that this works for backend and frontend, so in order for
> > > your editors to edit those pages you need to grant them access or let
> the
> > > Editor role inherit from the frontend user role(s) that you need to
> > define.
> > >
> > > This is not yet public API and we don't expose it anywhere in the user
> > > interface. I am not aware of any plans currently to change it, but it
> > > *could* still change in future versions until we declare it public.
> > >
> > > Cheers,
> > > Christian
> > >
> > > Brainshack wrote:
> > >
> > >> Anyone? I cant find anything about it in the docs. A little pointer in
> > the
> > >> right direction would be great :)
> > >>
> > >>
> > >> 2014-02-18 9:17 GMT+01:00 Brainshack<brainshack at gmail.com>:
> > >>
> > >>  Hello everyone,
> > >>>
> > >>> I wonder if there are any best practices or features regarding
> securing
> > >>> sites in the frontend.
> > >>>
> > >>> I basically want a part of the page tree to be only reachable with a
> > >>> valid
> > >>> frontend login.
> > >>>
> > >>> For the little I know about Neos, I would probably try something like
> > >>> this:
> > >>>
> > >>> 1. Create a new Document Node Type for protected sites.
> > >>>
> > >>> 2. For Login / Registration, I would use flows Account Management
> with
> > >>> special frontend roles, so the user cant login to the backend.
> > >>>
> > >>> The biggest question in that approach would be, how to handle the ACL
> > for
> > >>> the page ressources. If I add a node type for pages in neos, can i
> > simply
> > >>> use my Package's Policy.yaml to protect those sites from being
> visited
> > ?
> > >>>
> > >>> Or am I maybe totally wrong and there is a much better approach?
> > >>> _______________________________________________
> > >>> Neos mailing list
> > >>> Neos at lists.typo3.org
> > >>> http://lists.typo3.org/cgi-bin/mailman/listinfo/neos
> > >>>
> > >>>
> > > --
> > > Christian Müller
> > > Flow / Neos Team Community Contact
> > >
> > > TYPO3 .... inspiring people to share!
> > > Get involved: http://typo3.org
> > >
> > >
> > > _______________________________________________
> > > Neos mailing list
> > > Neos at lists.typo3.org
> > > http://lists.typo3.org/cgi-bin/mailman/listinfo/neos
> > >
> > _______________________________________________
> > Neos mailing list
> > Neos at lists.typo3.org
> > http://lists.typo3.org/cgi-bin/mailman/listinfo/neos
> >
> _______________________________________________
> Neos mailing list
> Neos at lists.typo3.org
> http://lists.typo3.org/cgi-bin/mailman/listinfo/neos
>