[Neos] Make your own privilege: Why is MethodPrivilegeInterface hard-coded in class PolicyEnforcement
Bastian Waidelich
bastian at typo3.org
Mon Apr 20 16:33:07 CEST 2015
On 20.04.15, at 15:48, Olle Haerstedt wrote:
Hi Olle,
> I'm trying to make my own privilege to use in the policy settings.
Just to get everyone on track: you're talking about the (not yet
final-released) ACL features of Flow 3.0.
> The thing is, in function invoke() in class PolicyEnforcement, the
> interface
> MethodPrivilegeInterface is hard-coded instead of PrivilegeInterface [...]
So, there are two main types of privileges: Entity and Method.
The *EntityPrivileges* intercept SQL queries to protect data on the
database level (we use it for the ReadNodePrivilege in order to prevent
inaccessible nodes to be loaded from the TYPO3CR).
The *MethodPrivilege* is much more common and it is used to intercept
arbitrary method calls.
You can also combine the two types (creating a composite privilege). But
if you want to protect method calls you'll have to implement the
*MethodPrivilegeInterface*.
Because the *PolicyEnforcement* is only about method calls, it only
cares about privileges implementing the *MethodPrivilegeInterface*.
HTH
--
Bastian Waidelich
More information about the Neos
mailing list