Feature #3618

Extended ACL possibilities

Added by Andreas Förthner over 12 years ago. Updated almost 11 years ago.

Status:
Closed
Priority:
Should have
Category:
Security
Target version:
-
Start date:
2009-06-08
Due date:
% Done:

0%

Estimated time:
PHP Version:
Has patch:
Complexity:

Description

Currently ACLs only cover PHP methods as resources. In the future we will need some more functionality like:

  • read/write/add/delete persisted domain objects (covered by the JCR Security package)
  • add constraints to ACL entries, to authorize based on: object attributes, security context/user attributes, method parameters(?) (maybe this can also be integrated in the privilege definitions)
  • automatic query rewriting (a query should only return accessible objects: perhaps already covered by the JCR Security package)
  • ResourceManager integration (files)

Related issues

Related to TYPO3.Flow - Major Feature #5659: Implement content securityResolvedAndreas Förthner2009-12-07

Actions
#1

Updated by Andreas Förthner over 11 years ago

  • Status changed from New to Closed

This information is somehow outdated. I'll create individual ticket according to the current plans...

Also available in: Atom PDF