[TYPO3-mvc] Access control and enableFields
Nicolas de Haen
typo3 at ndh-websolutions.de
Wed Jan 16 12:23:58 CET 2013
Hi,
I would like to bring up the enableFields topic again, which was already
discussed here long ago [1]
It would be very helpful to make the enableFields extendable. Currently
we only have some "hard-coded" enableFields which can be activated or
disabled via QuerySettings.
I see these possibilities to extend them:
1. the "old school" hook approach[2]
2. a configuration where you can configure which field needs which
value, which you pass via QuerySettings
like:
QuerySettings->addEnableField($tablename, $fieldName, $value)
or
QuerySettings->addEnableField($tablename, $additionalWhereClause)
There is already a patch for approach 1. [3] but I think it makes more
sense to implement that in the TYPO3DbBackend for extbase.
Approach 2. would enable stuff like:
Only give access to "own" records, by setting
QuerySettings->addEnableField($tablename, 'cruser_id', $currentUserId)
or
QuerySettings->addEnableField($tablename, 'status', $activeInThisContext)
This would make sure, that no whatever operation can be executed on
these tables and we could use the common findAll, findByProperty methods
without having to reflect the context and the current user status.
Are there already plans to implement something like that?
Any feedback or suggestions for other approaches are welcome!
regards,
Nico
[1]
http://lists.typo3.org/pipermail/typo3-project-typo3v4mvc/2010-January/002365.html
[2]
There is already a hook which has a comment "this is used by
ingmar_accessctrl" (which is from 2005!)
[3]
http://forge.typo3.org/issues/20261
--
Nico de Haen
ndh websolutions
Webprogrammierung, OpenSource, Typo3
http://www.ndh-websolutions.de
More information about the TYPO3-project-typo3v4mvc
mailing list