Feature #48419
Create a way to assign roles to a command controller
| Status: | Closed | Start date: | 2013-05-21 | |
|---|---|---|---|---|
| Priority: | Could have | Due date: | ||
| Assigned To: | Bastian Waidelich | % Done: | 0% |
|
| Category: | Security | |||
| Target version: | - | |||
| PHP Version: | Complexity: | |||
| Has patch: | No |
Description
Create a way to assign roles to a command controller, so access to some services or methods could be allowed for a command controller, and not anyone else.
History
#1 Updated by Bastian Waidelich over 1 year ago
- Status changed from New to Needs Feedback
- Assigned To set to Bastian Waidelich
Hi Henrik ;)
[...] access to some services or methods could be allowed for a command controller, and not anyone else
This should be possible already. If you protect a method via a resource in the Policy.yaml you should be able to protect specific roles from calling it.
Because there is no authentication in the CLI a command controller should always be able to call that method anyways.
If I got you wrong, could you elaborate what exactly you want to achieve?
#2 Updated by Bastian Waidelich over 1 year ago
Bastian Waidelich wrote:
Because there is no authentication in the CLI a command controller should always be able to call that method anyways.
..that's wrong of course. Contrariwise if you try to call a resource-protected method from within a CommandController, you get an exception:
The security Context cannot be initialized yet. Please check if it can be initialized with $securityContext->canBeInitialized() before trying to do so.
Still, your request is not completely clear to me. Do you want to use security in CLI?
#3 Updated by Bastian Waidelich 8 months ago
I'd suggest to disable authorization for CLI requests altogether. With the current version this should be very easy (using Security\Context::withoutAuthorizationChecks() in the dispatcher). @Henrik would that solve your issue?
#4 Updated by Bastian Waidelich 8 months ago
- Status changed from Needs Feedback to Closed
The ticket has been moved to https://jira.typo3.org/browse/FLOW-163