[TYPO3-mvc] Feature: automatic target page determination
Bastian Waidelich
bastian at typo3.org
Thu Aug 5 10:50:20 CEST 2010
Ernesto Baschny [cron IT] wrote:
Hi Ernesto,
> Not really. If the user put the access restrictions on the "detail view
> plugin", there must be a valid reason to do so. Don't link to a content
> which the user doesn't have access to.
An example - I love examples as you might have realized ;)
I put the BlogAdmin plugin on an access restricted page. Now the link
<f:link.action action="edit" ...>edit this post</f:link.action> would
point to this restricted page.
If no user is logged in, this link will instead point to the homepage
(TYPO3 default behavior).
At this point you have a misconfiguration because you should either
configure linkAccessRestrictedPages to redirect to a login form for
example or you have to hide the link if no user is logged in*
This is completely independent from the target page detection.
Now if you add another BlogAdmin plugin on a non-restricted page (and
that's what I would call a special scenario) you should immediately be
warned about this ambiguity IMO.
Otherwise it is quite error-prone as you'd have to log in to reproduce
the behavior.
Mh.. not sure about this one. But in general I tend to make the
auto-detection as dump as possible = as easy to comprehend as possible.
Best,
Bastian
* I'll backport <f:security.ifAuthenticated> and <f:security.ifHasRole>
view helpers asap (see http://forge.typo3.org/issues/9143)
More information about the TYPO3-project-typo3v4mvc
mailing list