[Typo3-dev] backend ACLs

Sebastian Kurfuerst sebastian at garbage-group.de
Wed Mar 23 07:57:33 CET 2005 

Hi Sune,

Of course I am always interested in joining forces. An Access-API would 
be great, but I need the acl system in a very short time and that's why 
I developed it so far just as an extension to the current BE rights 
system. So maybe the extension I am developing is the "short-term" 
solution, and the API from Kasper the long-term solution. Of course, I 
would be highly interested in helping with the API part as well... What 
do you think of that? I don't know, do you already have a concept for 
this or is it just an "idea"? The best thing might be that I show you my 
(current) ACL system, and you share your thoughts on this, to make the 
concept of the general ACL system even better.
I will keep you updated on my progress, and if you are interested, I 
could show you the acl system as soon as it's working (doesn't need too 
much work anymore).

Greets,
Sebastian

Sune Vestergaard (dk-marketing) wrote:
> Hi Sebastian,
> 
> We currently work on extending the access-permission-system to handle rights
> for severel groups. I sound very very much like your thoughts. If you are
> interested in joining forces - and putting some actual work into the
> project, I can have our developer on that project contact you.
> The main idear is to have Kasper make an "access API" in the core - and then
> we put "some" effort into programming the system that actually handles
> permission-caculation, new backend module etc.
> 
> Sune Vestergaard
> 
> 
> 
> "Sebastian Kurfuerst" <sebastian at garbage-group.de> skrev i en meddelelse
> news:mailman.1.1111521522.16826.typo3-dev at lists.netfielders.de...
> 
>>Hi Kasper,
>>I needed to give rights on a page to multiple groups and multiple users.
>>Currently, we just have the unix-access scheme, allowing just rights for
>>1 user, one group, and world. Of course it would be possible to solve
>>the problem via complicated nested backend-group structures, but I
>>didn't like that approach.
>>That's why I introduced a new ACL database table, storing the page id,
>>the type (this is just the field where it is stored if the ACL is a user
>>or a group ACL), the user/group-id and the rights. Additionally, there
>>is the possibility to mark an ACL as recursive, so the ACL will be
>>applied to these pages as well. I didn't do it via changing ACLs
>>recusrively, because in a large-scale scenario I think it would be bad
>>to have maybe 20 000 ACL records in the table for 1000 pages and 20 ACLs
>>per page. (And it would be difficult to "clean up" the ACL table, ...)
>>This is why ACLs can work recursively as well without creating a copy of
>>the ACL for every page.
>>Technically, I extended the web->access module and overwrote the
>>function t3lib_userAuthGroup::calcPerms and
>>t3lib_userAuthGroup::getPagePermsClause, at least that's the current
>>status of developement. Maybe I need to overwrite some other functions
>>as well. Of course, an API sounds very very interesting in this field,
>>but I think this will need some time. The ACL system will be available
>>in not too much long time.
>>
>>Sebastian
> 
> 
>

More information about the TYPO3-dev mailing list