[Typo3-dev] backend ACLs, Sticky-bit

Martin Poelstra martin at beryllium.net
Wed Mar 23 16:46:16 CET 2005 

Hi folks,

As we're discussing a new way of defining backend-rights on pages, I thought 
I'd share my ideas as well:

For the website of a University, we created a new version of the 
Access-module. This was needed because in the current version when you use 
the feature to apply the changes to multiple levels (subpages), ALL settings 
are updated: owner, group and access-bits are set to the ones you have 
selected.
However, suppose you only want to turn off all bits of 'Everyone', but not 
for the Owner and Group, recursively. That's not possible.

With our new version it is! By default, all values are set to "Don't 
change", and you only set the values you want to change to the desired 
value.

We also added a new bit to the list of permission-bits: the Sticky-bit. 
Suppose you have the following situation:

- Rootpage
  - Department 1 [Group: dept1]
    - Subpage 1.1 [Group: dept1]
  - Department 2 [Group: dept2]
    - Subpage 2.1 [Group: dept2]

Now, suppose that there is a user (say, Henk) responsible for maintaining 
content in department 1 & 2. But there are also other users, who manage 
content of just department 1, or just department 2.
If Henk now creates a page in department 1 (Subpage 1.2), it will have his 
main group. If this is dept1, then everything is fine. But then he creates 
another page in department 2. This page ALSO gets group dept1, which renders 
it uneditable by the users of department 2!

So, we would get to the following situation:
- Rootpage
  - Department 1 [Group: dept1]
    - Subpage 1.1 [Group: dept1]
    - Subpage 1.2 [Group: dept1]
  - Department 2 [Group: dept2]
    - Subpage 2.1 [Group: dept2]
    - Subpage 2.2 [Group: dept1]  <---- Wrong group!

The solution we came up with is the Sticky-bit. Assume the Sticky-bit is set 
in the Group-permissions and Everyone-permissions, but unset in the 
Owner-permissions of all pages in the original tree.
Now, if Henk creates the subpage Subpage 2.2, the properties of the Group 
(i.e. GroupID and GroupBits) and that of Everyone (EveryoneBits) are copied 
from the parent-page (Department 2), because the Sticky-bit of the page 
Department 2 are set for Group and Everyone.

So, now the subpage will have the correct groups attached!

The code to realise this is astonishing simple and works great. You just set 
the sticky-bit for Group and Everyone (probably not Owner) of the very first 
page of a site and the bit is automatically propagated to newly created 
subpages.

The only changes needed to the core were to include the bit in the 
Access-module and three very small changes to class.t3lib_tcemain.php. It is 
completely backwards-compatible, because the behaviour is exactly the same 
as before when the sticky-bit is off.

I'd really like to see this functionality added to the core as I think it 
will be a very usefull feature for large sites and I'll gladly provide the 
needed patches we did!

Grtz,
Martin

P.S. Sorry for the long mail ;)

More information about the TYPO3-dev mailing list