Story #55920
Epic #55813: Access Control Lists
TYPO3CR ACL
| Status: | Closed | Start date: | 2014-02-12 | |
|---|---|---|---|---|
| Priority: | Should have | Due date: | ||
| Assigned To: | - | % Done: | 0% |
|
| Category: | - | Spent time: | - | |
| Target version: | - | |||
| Story points | - | |||
| Velocity based estimate | - |
Description
It's currently not possible to restrict access on the Neos node tree.
TYPO3 CMS
In TYPO3 CMS there are two ways to control access over pages and content:
With the so called "DB Mounts" it's possible to grant users/groups general access to a page (and all its subpages):
Furthermore it's possible to fine-tune permissions via the "Access module":
+ Great control over permission levels
+ Nice AJAX interface
- Hard to get it right from the beginning (mostly due to the "distance" between DB Mounts and ACL settings)
(to be continued)
Related issues
History
#1 Updated by Rens Admiraal over 1 year ago
In CMS backend the database mountpoints limit the visible content. In Neos we only have that concept in the tree, but by browsing the site all other content could still be opened. This means the 'mount points' should also restrict modify permissions outside that part of the tree.
To have flexibel control over the permissions we need to be able to add multiple roles to a resource / part of the node tree. That's a BIG downside of the current implementation in CMS (which can be fixed by using be acls which comes with the price of performance penalties). As fine grained acls could be a bad performing thing: maybe we should by default only allow simple permissions (1 group for a tree) and only enable the more advanced (and heavier) features if configured by the integrator.
#2 Updated by Rens Admiraal over 1 year ago
- Tracker changed from Task to Story
#3 Updated by Bastian Waidelich over 1 year ago
- Status changed from New to Closed