[TYPO3-mvc] Access control (very simple) example

Martin Kutschker masi-no at spam-typo3.org
Fri Jan 8 11:56:27 CET 2010


Franz Koch schrieb:
> Hi Masi,
> 
>> Better: pass only those content to the view the client has access to.
>>
>>    public function index() {
>>      if ($this->hasAccess()) {
>>       
>> $this->view->assign('yourObject',$this->yourObjectRepository->findAll());
>>      }
>>    }
> 
> yes, that's of course also possible. But in some cases you might need to
> only display limited data of your objects (maybe only logged in users
> can see email addresses or the real name of a user, or only logged in
> users can edit/create/delete things) and thus you might also need ways
> inside the template to decide what's allowed to be displayed.

Sure. But I thought it to be a cleaner approach to encapsulate access control in one place. A broken
template may disclose data and you have to checker the controller and all your templates for the leak.

Masi


More information about the TYPO3-project-typo3v4mvc mailing list