[TYPO3-core] [Fwd: RFC: hook request in t3lib/t3lib_userauthgroup.php]
Martin Kutschker
Martin.Kutschker at n0spam-blackbox.net
Thu Mar 8 12:25:20 CET 2007
Dmitry Dulepov schrieb:
> Martin Kutschker wrote:
>
>> Because it's hard to check out everything and I don't want to wave
>> hooks through. Hooks may be dangerous or misplaced or wrong and are -
>> as everything else - hard to remove.
>
> How hooks can be dangerous? This hooks is used only to restrict access
> to record by extension. It cannot enable access if access is already
> restricted. How this can be dangerous?
I was speaking generally. What I mean is that I need to the time to check
IF your hook is potentially dangerous.
> Currently if extension wants to implement its own access control for
> records, it can do it only through TCEMain hooks. But this has
> disadvantage. User goes to edit record, spends half an hour doing it,
> clicks "Save" and... gets a message that he has no rights for it.
That sucks.
> The hook that I proposed, allows extension to show "no edit access"
> message to user before he starts editing record.
Better. Do you intend to add some TV specfic checks or do you want to add
only the standard checks missign right now (eg the WS has auto-versioning
disabled and the page is not versioned and yet you see the edit icon)?
> How this could be dangerous? It is only the advantage!
See above.
> We had much more significant and non-trivial things reviewed and applied.
>
> I start thinking that I should simply supply a list of core patches with
> templavoila if I cannot get even such simple things through. Our
> approval process definitely needs improvements or development will stop
> at some point completely...
Generally I'm a bit wary when folks want to add a hook somewhere. As for
the rest I'm with you for the same reasons. But hey, we both don't have the
time to review all of our patches - and we would still need a second review.
Masi
More information about the TYPO3-team-core
mailing list