最后我决定去项目3.当前应用程序的逻辑是这样的,任何控制器,它具有为MyObject在争论应该执行访问检查。
我ext_localconf.php
$signalSlotDispatcher->connect(
\TYPO3\CMS\Extbase\Mvc\Controller\ActionController::class,
'beforeCallActionMethod',
\MyVendor\MyExt\Slot\MyObjectAccessor::class,
'actionAuthorized'
);
\的Myvendor \ MyExt \这个解决方案的槽\ MyObjectAccessor
class MyObjectAccessor{
use LoggedInUserAccessor;
/**
* @var \TYPO3\CMS\Extbase\Object\ObjectManagerInterface
* @inject
*/
protected $objectManager;
/**
* Checks whether current user is allowed to access MyObject, from provided arguments
* @param string $controller
* @param string $action
* @param array $arguments
* @throws AccessViolationException
*/
public function actionAuthorized($controller, $action, array $arguments) {
foreach($arguments as $argument) {
// if MyObject is accessed and it was persisted before
if(($argument instanceof MyObject) && $argument->getUid()) {
$loggedInUser = $this->getLoggedInUser();
if($argument->getUser() !== $loggedInUser) {
throw new AccessViolationException(
'Access violation by "' . $loggedInUser->getUsername() . '" with MyObject "' . $argument->getTitle() . '"',
1441808407
);
}
}
}
}
}
缺点:插槽任何操作运行,它可以吃一些资源。
好处:没有控制器应该知道关于MyObject访问规则的细节。
将所有操作放入自己的前端插件中,并使用前端的普通用户限制来限制这些操作的范围(如果需要,也可以制作两个控制器)。 – pgampe