[TYPO3-mvc] Access control (very simple) example

[Franz Koch]

Hi Nathan,

> I tried the previously suggested way of creating a new page, restricting
> it's access to my "specialgroup" and then creating<f:link.action
> pageUid="{securepageid}">edit</f:/link>

I never said anything about splitting it up to several pages as this 
leads to your mentioned problems ;)

> I suppose I could create an "administrativePanel" domain object and then
> each controller could assign it to a template IF the user has access.
>
> if ($userHasAccess == true) {
> 	$this->view->assign('administrativePanel',$administrativePanel);
> }
>
> Then the template could just say:
>
> <f:if condition="{administrativePanel}">
> 	{administrativePanel.name}
> 	<f:for each="{administrativePanel.links}" as="link">
> 		<f:link.action controller="{link.controller}" action="{link.action}"
> arguments="{link.arguments}">{link.name}</f:link.action>
> 	</f:for>
> </f:/if>

That's a possibility I already mentioned in my proposal from yesterday 
and the way I'd go in your case. Your administrativePanel could have the 
following properties.

- hasAccess
- isAllowedToEdit
- isAllowedToDelete
- isAllowedToCreate

If you don't need a object, a simple array with these properties might 
also do the trick for now.
If you need more complex and object specific access control, you might 
consider writing your own viewHelper to which you can also pass a object 
and the viewHelper is then doing some background checks about complex 
access rules of fe_users/groups for the object type.

-- 
kind regards,
Franz Koch