We're making a forum where access is supposed to be denied by unregistered users. I want to show a proper error message - not an exception - for users that are not allowed there. How do I achieve this in Neos 2.0?
Both read and write access should be denied. Maybe it's easier to deny access to the node where the forum is? But wouldn't that need hard-coding of node path?
Current Policy.yaml
:
privilegeTargets:
'TYPO3\Flow\Security\Authorization\Privilege\Method\MethodPrivilege':
'My.Package:PostControllerLoggedInActions':
matcher: 'method(My\Package\PostController->(index|new|create)Action(.*))'
roles:
'TYPO3.Flow:Everybody':
privileges:
-
privilegeTarget: 'My.Package:PostControllerLoggedInActions'
permission: DENY
'My.Package:User':
privileges:
-
privilegeTarget: 'My.Package:PostControllerLoggedInActions'
permission: GRANT
Edit: Here are some slides about (among other things) how to create a custom 404 page: https://speakerdeck.com/aertmann/tasty-recipes-for-every-day-neos
Edit 2: Use Flow exception handler?
You can try to set it in your root Configuration/Settings.yaml
. You can do it by status code (like in example) or exception class:
TYPO3:
Flow:
# you have already persistence
# and maybe other stuff under flow
# just add it below them but still under TYPO3.Flow
error:
exceptionHandler:
renderingGroups:
accessRestricted:
matchingStatusCodes: [ 401, 403]
options:
templatePathAndFilename: 'resource://TYPO3.Neos/Private/Templates/Error/Index.html'
layoutRootPath: 'resource://TYPO3.Neos/Private/Layouts/'
format: 'html'
variables:
errorTitle: 'Restricted Area'
errorDescription: 'Go home boy.'