[TYPO3-mvc] access control & localization: are they killing the idea of extbase by now?

Jochen Rau jochen.rau at typoplanet.de
Thu Jan 7 11:09:46 CET 2010


Hi.

On 06.01.10 15:58, Martin Kutschker wrote:
> Sebastian Kurfürst schrieb:
>>> It partly works, see http://forge.typo3.org/issues/show/4639
>>> quote: "Localization works read-only by now. We need to implement a
>>> reverse overlay."
>> Thanks1
>>
>>> For me the key question is, does it make sense to use "extbase" the
>>> other way too. By creating very basic v4 compatible localization and
>>> access control features in extbase now, most of the extbase-based
>>> extension would use the same api. If v5 comes in we would find a way to
>>> develop the same api there with an v5-"extbase" package. What do you and
>>> especially Jochen think about this?
>>
>> I think while it is generally possible, to me it sounds like very much
>> work for the last 5% - so for only a marginal gain. I guess I wouldn't
>> work on that, but if somebody wants to try, why not? :)
>
> Given the complex possibilities for localization by overlaying "writing back" an object is probably
> not easy. As long as I can localize the records via standard BE and display them correctly in the FE
> I'm content. Actually tslib offers IMHO also no support for editing of localized records for FE
> users. So here's the same situation as with ACLs, it would be nice to have the feature, but there's
> not a lack in comparison to the "classic" features.

That's my opinion for the localization topic, too. We should try to 
replicate the already built in features of TYPO3 and add new Features 
later on. The localization (and workspaces) should work already in the 
FE direction (please file an isue if not). I have tried to implement 
"reverse" mapping but struggled due to the lack of time before the 
release of Extbase v1.0.2. So, I'll be glad if anybody can provide an 
implementation for this.

The access topic is more in focus to be imlemented in Extbase 2.0. I 
would like to have a solution that enables us to define ACLs the FLOW3 
way and "connect" them with the acces rights implementation of TYPO 4.x. 
That could be another top-level configuration "security" and offer the 
same options as described in

http://flow3.typo3.org/documentation/manuals/flow3/flow3.securityframework/#AccessControllLists

As we probably never backport AOP to 4.x (lets keep some things to FLOW3 
;-)), we will have to implement access control half-transparently and 
not ressouces aware, which is no handicap imo. The point to hook in is 
imo the AccessController::processRequest() method as we have to check 
access rights to arguments. But we can also hook into the RequestBuilder.

Any other Ideas?

Regards
Jochen


More information about the TYPO3-project-typo3v4mvc mailing list