Bug #43236

f:security.ifHasRole role ="..." does not recognize the right role

Added by Jan Greth almost 7 years ago. Updated almost 7 years ago.

Status:
Resolved
Priority:
Must have
Assignee:
-
Category:
-
Target version:
-
Start date:
2012-11-22
Due date:
% Done:

100%


Description

Hey everyone!

I think there is a difference between the <f:security.ifHasRole role="...">-ViewHelper in TYPO3 Flow v 1.0.6 and 1.1.0 .
'Cause my problem is this: I tried to do the Registration and Login Guide on layh.com
([[http://www.layh.com/work/typo3-flow-typo3-fluid/tutorials/flow-registration-and-login.html]])

Everything works fine - except one thing: Inside the Index Template, there should be a decision
between two possibilities: On the one hand beeing logged in (role = "Visitor"), then show logout link or you
are not logged in, then show log in form.
This should be done by using:

...
<f:security.ifHasRole role="Visitor">
  <f:then>
    <!-- Logout Link -->
  </f:then>
  <f:else>
    <!-- Log in form -->
  </f:else>
</f:security.ifHasRole>
...

But this does not work. The log in form is always showed.
OK, i cheked the Database. Everything fine. User was created and has the right role.
e.g.:

#    flow3_persistence_identifier    party    accountidentifier    authenticationprovidername credentialssource    creationdate    expirationdate    roles
1    '202b0f71-d36c-4900-b0b9-59569aff273d'    NULL    'jan'    'DefaultProvider' 'bcrypt=>$2a$14$gzVFpOIPsClcLqM4ZrJA1.cn1umi8JONXVZ2v41xLwsiUvzYEQfQK'    '2012-11-21 11:03:26'    NULL    'a:1:{i:0;s:7:"Visitor";}'

Then i tried replacing the f:security.ifHasRole by f:security.ifAuthenticated -> that works fine.

So i added the following:
LoginController - indexAction:

    $account = $this->securityContext->getAccount()->getRoles();
    if($this->securityContext->hasRole('Visitor')){
            $isset = 'Is set!';
    }else{
            $isset = 'Is not set!';
    }
    $this->view->assign('roles', $account);
    $this->view->assign('isset', $isset);

Index.html:

    <f:section name="Title">
        <ul>
            <f:for each="{roles}" as="role">
                <li>Role: {role}</li>
            </f:for>
        </ul>
        Is set? -> {isset}
    </f:section>

I got the following output:
Role: Visitor
Is set? -> Is not set!

But I know it is set in the DB and as I see using the f:security.ifAuthenticated ViewHelper,
Logging in works also. All this happens when running the code on Flow 1.1.0.
When I copy the exact somae code onto a Flow 1.0.6 - it works! Both!
The f:security.ifAuthenticated and the f:security.ifHasRole !

But I want to use 1.1.0 - so what can there be wrong?

Here my complete code:
Settings.yaml: [[http://pastebin.com/b1H073fX]]
LoginController.php: [[http://pastebin.com/2Avz9ib7]]
Index.html: [[http://pastebin.com/MXF65WF7]]

Greetings,
Jan

History

#1 Updated by Rafael Kähm almost 7 years ago

Please define your role in Policy.yaml

see http://flow.typo3.org/documentation/guide/partiii/security.html#policies-aka-access-control-lists-acls

roles:
  Administrator: []
  Customer: []
  PrivilegedCustomer: [Customer]
  Visitor: []

see TYPO3\Flow\SecurityContext on row 312

$roles = array_intersect($roles, $this->policyService->getRoles());

#2 Updated by Jan Greth almost 7 years ago

  • % Done changed from 0 to 100

Ok, solved it.
Had a really stupid misspelling in Policy.yaml...

Thanks for bringing me on track again. ;)

#3 Updated by Karsten Dambekalns almost 7 years ago

  • Status changed from New to Resolved
  • Target version deleted (1.1.1)

Also available in: Atom PDF