Feature #48419

Create a way to assign roles to a command controller

Added by Henrik Møller Rasmussen about 8 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Could have
Category:
Security
Target version:
-
Start date:
2013-05-21
Due date:
% Done:

0%

Estimated time:
PHP Version:
Has patch:
No
Complexity:

Description

Create a way to assign roles to a command controller, so access to some services or methods could be allowed for a command controller, and not anyone else.

#1

Updated by Bastian Waidelich about 7 years ago

  • Status changed from New to Needs Feedback
  • Assignee set to Bastian Waidelich

Hi Henrik ;)

[...] access to some services or methods could be allowed for a command controller, and not anyone else

This should be possible already. If you protect a method via a resource in the Policy.yaml you should be able to protect specific roles from calling it.
Because there is no authentication in the CLI a command controller should always be able to call that method anyways.

If I got you wrong, could you elaborate what exactly you want to achieve?

#2

Updated by Bastian Waidelich about 7 years ago

Bastian Waidelich wrote:

Because there is no authentication in the CLI a command controller should always be able to call that method anyways.

..that's wrong of course. Contrariwise if you try to call a resource-protected method from within a CommandController, you get an exception:

The security Context cannot be initialized yet. Please check if it can be initialized with $securityContext->canBeInitialized() before trying to do so.

Still, your request is not completely clear to me. Do you want to use security in CLI?

#3

Updated by Bastian Waidelich over 6 years ago

I'd suggest to disable authorization for CLI requests altogether. With the current version this should be very easy (using Security\Context::withoutAuthorizationChecks() in the dispatcher). @Henrik would that solve your issue?

#4

Updated by Bastian Waidelich over 6 years ago

  • Status changed from Needs Feedback to Closed

The ticket has been moved to https://jira.typo3.org/browse/FLOW-163

Also available in: Atom PDF