TYPO3 - No inheritance of access rights possible via fluid

Question

Via BE it's possible to give a fe_user access to content if the fe_group she/he belongs to has as a subgroup the fe_group which is defined as the group having access to the content.

So e.g. if I define 'Product Group 02' (uid=2) should have access to specific content via BE, a fe_user that belongs to 'User Group 03' (uid=6), which has as a subgroup 'Product Group 02' (uid=2), the fe_user can access the content.

fe_groups setup:

uid|title|subgroup
1|Product Group 01|
2|Product Group 02|
3|Product Group 03|
4|User Group 01|1
5|User Group 02|
6|User Group 03|2,3

But if I define directly in my fluidtemplate that {f:cObject(typoscriptObjectPath: 'lib.usergroup')} == '2' should have access to the content and subsequently 'User Group 03', the mentioned fe_user can't access it:

typoscript:

lib.usergroup = TEXT
lib.usergroup.data = TSFE:fe_user|user|usergroup

partial.html

<f:if condition="{f:cObject(typoscriptObjectPath: 'lib.usergroup')} == '2'">
...
</f:if>

// ... of course, if the fe_user belongs to 'Product Group 02' he can access it.

But is it possible to stick to the above fe_groups structure and still give the mentioned fe_user access to the content via fluid?

Answer 1

TSFE:fe_user|user|usergroup fetches what is exactly stored in user's usergroup. In your case there is a 6 stored and you compare it with 2, which returns false.

Moreover such a solution can bring more troubles, if you set more, than one usergroup for your user. In such a case the TSFE:fe_user|user|usergroup will return a comma-separated list of usergroups uid, like 6,2,3 and your condition will result in false again.

Correct way is in using f:security.ifHasRole ViewHelper. So, something like this should help you:

<f:security.ifHasRole role="2">
  Your stuff here
</f:security.ifHasRole>