[TYPO3-dev] access control

Rico Moorman rico.moorman at gmail.com
Thu Feb 16 22:45:27 CET 2006 

Well I was digging my way through some of the corefiles and ...as for 
access restriction ... I only found the beuserauth class which can 
calculate permissions on page level. Maybe I missed something there 
though (some classes are really huge :-))
So due to this, one can restrict access to certain pages/branches of the 
tree so that either records may be placed and edited on the pages or 
not. This affects the possibilites for users in the different web 
modules and the clickmenus for pages.
But when it comes to records on pages ... access permissions are 
obviously (please correct me if i am wrong) not being calculated on
recordlevel so either you may edit all records on a page or none. 
Further the clickmenu possibilities for the records in the main modules 
are thus only being controllable via the page access rights.

With a calculation on recordlevel, one could use this to code maybe a 
more extended, workflow like extension with making it possible to create 
versions of single records in a sysfolder (article records maybe) and 
implement some locking mechanism for versions being online.

It could also be used to define groups which may add/edit certain 
records on pages (someone who is in charge of the records posted with 
some commenting extension) while keeping them away from the main content 
of the page (created by some other user/group).

I am curious about your thoughts about it folks : )

gr Rico

tapio schreef:
> Rico Moorman wrote:
> 
>> Hi Ben,
>>
>> (eg tt_content) while he isnt able to edit others (records of some 
>> extension) Or to make it possible that one may only edit content 
>> elements he made himself but leaving others alone.
> 
> 
> I made in 'tm_contentaccess' rough content access restriction with a 
> very simple trick so that certain content elements is possible to edit 
> just by admin users. But that is far from what you want to achieve.
> 
> This is worth of bigger conversation if this should be in core.
> The page level access control should have possibility to extend the 
> content access into content element level. Because access control is a 
> base module, this issue should be handled properly.

More information about the TYPO3-dev mailing list