Project proposal: Asset Privileges

Add asset related privileges to TYPO3.Media package

Neos 2.0 comes with numerous new PrivilegeTypes that support new restrictions on TYPO3CR nodes.
This is a proposal to add new constraints for Assets and the Neos Media Module as suggested in https://jira.neos.io/browse/NEOS-32:

  • Add entity privileges to restrict reading of assets based on content-type, tag or asset collection
    A basic prototype is already done but it needs some tweaking in flow to make it nicer in order to be integrated to the TYPO3.Media package:

    • Extend Flows PropertyConditionGenerator to support M:M relations
  • Extend the Neos upload editor to allow for specifying the assetcollection (and tags?) when uploading files

    • alternatively/additionally send the context path of the current node when uploading assets so that one can hook into that and set tags/collections based on the website part the asset belongs to
3 Likes

Both are already supported in some sense.

When uploading in the list views the current tag and/or collection is used automatically and for the single upload they are selected automatically, but can be unselected.

When uploading an asset in the inspector the site’s asset collection is used if selected, see Multisite Support - Content Repository - Manual - Guide - Neos Docs

So introducing additional stuff might conflict or be redundant. Another option would be to ease restricting the asset collection to the one selected for the site e.g.

I checked the current implementation but it’s completely hard-coded and does not allow for what I meant with the project proposal, for example setting the collection based on the node path the asset was uploaded to.

I would at least suggest to send the current node along with the asset and introduce a signal that allows for adjust the behavior from 3rd party packages. And that signal could also be used to set the collection based on the current site in order to remove some of the hardcoding and make it more flexible

Not arguing against doing that, just pointing it out since there’s no mentioning of it and no description how the things would co-exist or replace the existing behavior. Anyway now you clarified it.

1 Like

At some point asset will move to the CR, we are currently discussing Meta Data handling, see:

This RFC is only about MetaData, but the next step should be to move all the entities from the Media package to the CR to support Security, Dimensions, … An other step is to move Tag to the CR, and we have a Neos fully based on CR

1 Like

Thanks for the pointer, Dominique, I wasn’t aware of those plans. Sounds exciting.
Creating Asset privileges shouldn’t be too much work (given there’s a prototype already) and sending the node along when uploading assets is a one-liner in JS.
So I think it still makes sense to go ahead with that, especially cause moving assets to the CR will probably take a while.

Yes it make sense (we don’t know the time we need to move the 100% CR), and if we can have some generic Entity privileges, it can be useful for others.