[Typo3-dev] backend ACLs
Sebastian Kurfuerst
sebastian at garbage-group.de
Tue Mar 22 20:58:42 CET 2005
Hi Kasper,
I needed to give rights on a page to multiple groups and multiple users.
Currently, we just have the unix-access scheme, allowing just rights for
1 user, one group, and world. Of course it would be possible to solve
the problem via complicated nested backend-group structures, but I
didn't like that approach.
That's why I introduced a new ACL database table, storing the page id,
the type (this is just the field where it is stored if the ACL is a user
or a group ACL), the user/group-id and the rights. Additionally, there
is the possibility to mark an ACL as recursive, so the ACL will be
applied to these pages as well. I didn't do it via changing ACLs
recusrively, because in a large-scale scenario I think it would be bad
to have maybe 20 000 ACL records in the table for 1000 pages and 20 ACLs
per page. (And it would be difficult to "clean up" the ACL table, ...)
This is why ACLs can work recursively as well without creating a copy of
the ACL for every page.
Technically, I extended the web->access module and overwrote the
function t3lib_userAuthGroup::calcPerms and
t3lib_userAuthGroup::getPagePermsClause, at least that's the current
status of developement. Maybe I need to overwrite some other functions
as well. Of course, an API sounds very very interesting in this field,
but I think this will need some time. The ACL system will be available
in not too much long time.
Sebastian
More information about the TYPO3-dev
mailing list