Bug #32629

globalObjects are not available in the security (current.securityContext.party)

Added by Matthias Habegger almost 10 years ago. Updated almost 10 years ago.

Status:
Closed
Priority:
Should have
Category:
Security
Target version:
-
Start date:
2011-12-16
Due date:
% Done:

0%

Estimated time:
PHP Version:
Has patch:
No
Complexity:

Description

In the file Packages\Framework\TYPO3.FLOW3\Classes\Security\Aspect\PersistenceQueryRewritingAspect.php line 374 is

eval('$globalObject = ' . $this->globalObjects[$objectAccess[1]]);

but should be something like
$className = '\\' . $this->globalObjects[$objectAccess[1]];
$globalObject = new $className;

or in the policy.xml the securityContext is not available, for example
resources:
  entities:
    Habex_Library_Domain_Model_Book:
      Habex_Library_OwnBooks: this.owner == current.securityContext.party

Even then the current.securityContext seems not to be available.


Related issues

Is duplicate of TYPO3.Flow - Bug #31677: Using current.securityContext Policies.yaml entities section triggers Parser ErrorResolved2011-11-08

Actions
#1

Updated by Gerrit Code Review almost 10 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/7442

#2

Updated by Adrian Föder almost 10 years ago

Tests don't run through; tested modified and pushed it on behalf of Matthias Habegger

#3

Updated by Matthias Habegger almost 10 years ago

I think, that the test also need some update, I expects, that in Settings.yaml stands something like new SecurityContext();, what was maybe once like that.

#4

Updated by Gerrit Code Review almost 10 years ago

Patch set 2 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/7442

#5

Updated by Karsten Dambekalns almost 10 years ago

  • Status changed from Under Review to Closed
  • Assignee set to Karsten Dambekalns

Duplicate of issue #31677

Also available in: Atom PDF