[Typo3-dev] backend ACLs
Sune Vestergaard (dk-marketing)
sune at dk-marketing.dk
Tue Mar 22 23:42:56 CET 2005
Hi Sebastian,
We currently work on extending the access-permission-system to handle rights
for severel groups. I sound very very much like your thoughts. If you are
interested in joining forces - and putting some actual work into the
project, I can have our developer on that project contact you.
The main idear is to have Kasper make an "access API" in the core - and then
we put "some" effort into programming the system that actually handles
permission-caculation, new backend module etc.
Sune Vestergaard
"Sebastian Kurfuerst" <sebastian at garbage-group.de> skrev i en meddelelse
news:mailman.1.1111521522.16826.typo3-dev at lists.netfielders.de...
> Hi Kasper,
> I needed to give rights on a page to multiple groups and multiple users.
> Currently, we just have the unix-access scheme, allowing just rights for
> 1 user, one group, and world. Of course it would be possible to solve
> the problem via complicated nested backend-group structures, but I
> didn't like that approach.
> That's why I introduced a new ACL database table, storing the page id,
> the type (this is just the field where it is stored if the ACL is a user
> or a group ACL), the user/group-id and the rights. Additionally, there
> is the possibility to mark an ACL as recursive, so the ACL will be
> applied to these pages as well. I didn't do it via changing ACLs
> recusrively, because in a large-scale scenario I think it would be bad
> to have maybe 20 000 ACL records in the table for 1000 pages and 20 ACLs
> per page. (And it would be difficult to "clean up" the ACL table, ...)
> This is why ACLs can work recursively as well without creating a copy of
> the ACL for every page.
> Technically, I extended the web->access module and overwrote the
> function t3lib_userAuthGroup::calcPerms and
> t3lib_userAuthGroup::getPagePermsClause, at least that's the current
> status of developement. Maybe I need to overwrite some other functions
> as well. Of course, an API sounds very very interesting in this field,
> but I think this will need some time. The ACL system will be available
> in not too much long time.
>
> Sebastian
More information about the TYPO3-dev
mailing list