[Neos] Create protected area in Neos Website

Christian Loock brainshack at gmail.com
Thu Feb 20 10:03:15 CET 2014 

Wait, cant i just create a role, and set this role and the editor role in
Node::setAccessRoles().

This should work.


2014-02-20 9:42 GMT+01:00 Christian Loock <brainshack at gmail.com>:

> No its the other way arround, you would need to Make the Editor role
> inherit from your own role.
>
> This way, editors can edit the nodes, but people who have the role to see
> the role, would not be editors.
>
> And that is the big Questionmark over my head. How would i make the
> Typo3.Neos:Editor role inherit from my custom role?
>
>
> 2014-02-20 9:33 GMT+01:00 Søren Malling <soren.malling at gmail.com>:
>
> > On the other hand, that would be plain wrong!
> >
> > If a user, who inherit the TYPO3.Neos:Editor role logs in (and is not a
> > "Editor" who should edit content, but just see some protected content)
> > he/she will be able to edit content if I'm right?
> >
> > So this should not "the way to do it", right?
> >
> > Cheers
> >
> > Søren
> >
> >
> > On Thu, Feb 20, 2014 at 9:24 AM, Christian Loock <brainshack at gmail.com
> > >wrote:
> >
> > > Hi,
> > >
> > > thanks for the reply. The Only Question left now is how to let The
> > > Typo3.Neos:Editor Role inherit from one of my Packages roles without
> > > editing the Policy of Neos directly. Is there a way to do it from my
> > > package, since i dont want to edit the Core.
> > >
> > > Greetings,
> > >
> > > Christian
> > >
> > >
> > > 2014-02-20 8:56 GMT+01:00 Christian Müller <
> christian.mueller at typo3.org
> > >:
> > >
> > > > Hi Brainshack,
> > > >
> > > > the logic exists already. See the field "accessroles" in the
> > > > "typo3_typo3cr_domain_model_nodedata" table. You can set them via
> > > > Node::setAccessRoles() and it should be an array of
> > > > TYPO3\Flow\Security\Policy\Role objects.
> > > >
> > > > Just be aware that this works for backend and frontend, so in order
> for
> > > > your editors to edit those pages you need to grant them access or let
> > the
> > > > Editor role inherit from the frontend user role(s) that you need to
> > > define.
> > > >
> > > > This is not yet public API and we don't expose it anywhere in the
> user
> > > > interface. I am not aware of any plans currently to change it, but it
> > > > *could* still change in future versions until we declare it public.
> > > >
> > > > Cheers,
> > > > Christian
> > > >
> > > > Brainshack wrote:
> > > >
> > > >> Anyone? I cant find anything about it in the docs. A little pointer
> in
> > > the
> > > >> right direction would be great :)
> > > >>
> > > >>
> > > >> 2014-02-18 9:17 GMT+01:00 Brainshack<brainshack at gmail.com>:
> > > >>
> > > >>  Hello everyone,
> > > >>>
> > > >>> I wonder if there are any best practices or features regarding
> > securing
> > > >>> sites in the frontend.
> > > >>>
> > > >>> I basically want a part of the page tree to be only reachable with
> a
> > > >>> valid
> > > >>> frontend login.
> > > >>>
> > > >>> For the little I know about Neos, I would probably try something
> like
> > > >>> this:
> > > >>>
> > > >>> 1. Create a new Document Node Type for protected sites.
> > > >>>
> > > >>> 2. For Login / Registration, I would use flows Account Management
> > with
> > > >>> special frontend roles, so the user cant login to the backend.
> > > >>>
> > > >>> The biggest question in that approach would be, how to handle the
> ACL
> > > for
> > > >>> the page ressources. If I add a node type for pages in neos, can i
> > > simply
> > > >>> use my Package's Policy.yaml to protect those sites from being
> > visited
> > > ?
> > > >>>
> > > >>> Or am I maybe totally wrong and there is a much better approach?
> > > >>> _______________________________________________
> > > >>> Neos mailing list
> > > >>> Neos at lists.typo3.org
> > > >>> http://lists.typo3.org/cgi-bin/mailman/listinfo/neos
> > > >>>
> > > >>>
> > > > --
> > > > Christian Müller
> > > > Flow / Neos Team Community Contact
> > > >
> > > > TYPO3 .... inspiring people to share!
> > > > Get involved: http://typo3.org
> > > >
> > > >
> > > > _______________________________________________
> > > > Neos mailing list
> > > > Neos at lists.typo3.org
> > > > http://lists.typo3.org/cgi-bin/mailman/listinfo/neos
> > > >
> > > _______________________________________________
> > > Neos mailing list
> > > Neos at lists.typo3.org
> > > http://lists.typo3.org/cgi-bin/mailman/listinfo/neos
> > >
> > _______________________________________________
> > Neos mailing list
> > Neos at lists.typo3.org
> > http://lists.typo3.org/cgi-bin/mailman/listinfo/neos
> >
> _______________________________________________
> Neos mailing list
> Neos at lists.typo3.org
> http://lists.typo3.org/cgi-bin/mailman/listinfo/neos
>

More information about the Neos mailing list