Bug #32629

globalObjects are not available in the security (current.securityContext.party)

Added by Matthias Habegger almost 10 years ago. Updated almost 10 years ago.

Status:
Closed
Priority:
Should have
Category:
Security
Target version:
-
Start date:
2011-12-16
Due date:
% Done:

0%

Estimated time:
PHP Version:
Has patch:
No
Complexity:

Description

In the file Packages\Framework\TYPO3.FLOW3\Classes\Security\Aspect\PersistenceQueryRewritingAspect.php line 374 is

eval('$globalObject = ' . $this->globalObjects[$objectAccess[1]]);

but should be something like
$className = '\\' . $this->globalObjects[$objectAccess[1]];
$globalObject = new $className;

or in the policy.xml the securityContext is not available, for example
resources:
  entities:
    Habex_Library_Domain_Model_Book:
      Habex_Library_OwnBooks: this.owner == current.securityContext.party

Even then the current.securityContext seems not to be available.


Related issues

Is duplicate of TYPO3.Flow - Bug #31677: Using current.securityContext Policies.yaml entities section triggers Parser ErrorResolved2011-11-08

Actions

Also available in: Atom PDF