[Typo3-dev] backend ACLs

Wed Mar 23 14:19:31 CET 2005

Hi Sune and Sebastian.

I suggest you exchange ideas. Sebastian can complete his current work
for his needs and at least it will make for an experience-base.

I will think about implementing the permission-API I discussed with Sune
and if that is possible it will open the door for you to implement any
scheme on top of that as you like.

Fundamentally TYPO3 will not change (as usual) but a new methodology is
made possible through hooks.

- kasper

On Wed, 2005-03-23 at 07:57, Sebastian Kurfuerst wrote:
> Hi Sune,
> 
> Of course I am always interested in joining forces. An Access-API would 
> be great, but I need the acl system in a very short time and that's why 
> I developed it so far just as an extension to the current BE rights 
> system. So maybe the extension I am developing is the "short-term" 
> solution, and the API from Kasper the long-term solution. Of course, I 
> would be highly interested in helping with the API part as well... What 
> do you think of that? I don't know, do you already have a concept for 
> this or is it just an "idea"? The best thing might be that I show you my 
> (current) ACL system, and you share your thoughts on this, to make the 
> concept of the general ACL system even better.
> I will keep you updated on my progress, and if you are interested, I 
> could show you the acl system as soon as it's working (doesn't need too 
> much work anymore).
> 
> Greets,
> Sebastian
> 
> Sune Vestergaard (dk-marketing) wrote:
> > Hi Sebastian,
> > 
> > We currently work on extending the access-permission-system to handle rights
> > for severel groups. I sound very very much like your thoughts. If you are
> > interested in joining forces - and putting some actual work into the
> > project, I can have our developer on that project contact you.
> > The main idear is to have Kasper make an "access API" in the core - and then
> > we put "some" effort into programming the system that actually handles
> > permission-caculation, new backend module etc.
> > 
> > Sune Vestergaard
> > 
> > 
> > 
> > "Sebastian Kurfuerst" <sebastian at garbage-group.de> skrev i en meddelelse
> > news:mailman.1.1111521522.16826.typo3-dev at lists.netfielders.de...
> > 
> >>Hi Kasper,
> >>I needed to give rights on a page to multiple groups and multiple users.
> >>Currently, we just have the unix-access scheme, allowing just rights for
> >>1 user, one group, and world. Of course it would be possible to solve
> >>the problem via complicated nested backend-group structures, but I
> >>didn't like that approach.
> >>That's why I introduced a new ACL database table, storing the page id,
> >>the type (this is just the field where it is stored if the ACL is a user
> >>or a group ACL), the user/group-id and the rights. Additionally, there
> >>is the possibility to mark an ACL as recursive, so the ACL will be
> >>applied to these pages as well. I didn't do it via changing ACLs
> >>recusrively, because in a large-scale scenario I think it would be bad
> >>to have maybe 20 000 ACL records in the table for 1000 pages and 20 ACLs
> >>per page. (And it would be difficult to "clean up" the ACL table, ...)
> >>This is why ACLs can work recursively as well without creating a copy of
> >>the ACL for every page.
> >>Technically, I extended the web->access module and overwrote the
> >>function t3lib_userAuthGroup::calcPerms and
> >>t3lib_userAuthGroup::getPagePermsClause, at least that's the current
> >>status of developement. Maybe I need to overwrite some other functions
> >>as well. Of course, an API sounds very very interesting in this field,
> >>but I think this will need some time. The ACL system will be available
> >>in not too much long time.
> >>
> >>Sebastian
> > 
> > 
> > 
> _______________________________________________
> Typo3-dev mailing list
> Typo3-dev at lists.netfielders.de
> http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-dev
-- 
- kasper

*******************
Happy new year! - My email address is now: 

		kasper2005 at typo3.com 