[TYPO3-mvc] Discussion: findAll() and findByUid() should not respect storage pid
Bastian Waidelich
bastian at typo3.org
Thu Aug 27 10:55:47 CEST 2009
Jochen Rau wrote:
Hi Jochen,
> 1. We want to findAll() or findByFoo(): If there is a storage page [...]
> this has to be respected.
> If not: default must be the root page of the site
Why?
I would expect that findAll really finds all records globally unless I
configure it differently. Sometimes you'd probably even want to select
records from another page of the same site (e.g. global fe_users in a
multi language setup)
> 2. We want to findByUid(): In this case we are pretty sure about what to
> find. FALSE could be the default.
I disagree. I think findAll() and findByUid() should work exactly the
same (storage-PID wise).
Otherwise some attacker could fetch the records of another tree by
tweaking the URI parameters.
> 3. We want to fetch related Objects of the Aggregate: see 2.
Yes, but again the same restrictions should be in effect IMO..
> In any case, we could provide a fast switch. Any suggestions?
I thought about an extra parameter for the find* methods.. But that's
ugly, isn't it?
So - convention over configuration - I'd propose a special TS option
here.. And obviously this could be overwritten by the FlexForm of the
plugin..
Bastian
More information about the TYPO3-project-typo3v4mvc
mailing list