Bug #32629
globalObjects are not available in the security (current.securityContext.party)
| Status: | Closed | Start date: | 2011-12-16 | |
|---|---|---|---|---|
| Priority: | Should have | Due date: | ||
| Assigned To: | Karsten Dambekalns | % Done: | 0% |
|
| Category: | Security | |||
| Target version: | - | |||
| PHP Version: | Complexity: | |||
| Has patch: | No | Affected Flow version: | Git master |
Description
In the file Packages\Framework\TYPO3.FLOW3\Classes\Security\Aspect\PersistenceQueryRewritingAspect.php line 374 is
eval('$globalObject = ' . $this->globalObjects[$objectAccess[1]]);
but should be something like
$className = '\\' . $this->globalObjects[$objectAccess[1]]; $globalObject = new $className;
or in the policy.xml the securityContext is not available, for example
resources:
entities:
Habex_Library_Domain_Model_Book:
Habex_Library_OwnBooks: this.owner == current.securityContext.party
Even then the current.securityContext seems not to be available.
Related issues
History
#1 Updated by Gerrit Code Review over 3 years ago
- Status changed from New to Under Review
Patch set 1 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/7442
#2 Updated by Adrian Föder over 3 years ago
Tests don't run through; tested modified and pushed it on behalf of Matthias Habegger
#3 Updated by Matthias Habegger over 3 years ago
I think, that the test also need some update, I expects, that in Settings.yaml stands something like new SecurityContext();, what was maybe once like that.
#4 Updated by Gerrit Code Review over 3 years ago
Patch set 2 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/7442
#5 Updated by Karsten Dambekalns over 3 years ago
- Status changed from Under Review to Closed
- Assigned To set to Karsten Dambekalns
Duplicate of issue #31677