Skip to content

Commit

Permalink
Tweak Role constructor to accept RoleId
Browse files Browse the repository at this point in the history
  • Loading branch information
@bwaidelich
bwaidelich committed Nov 13, 2024
1 parent 52f5e63 commit 32bbd2d
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 12 deletions.
19 changes: 10 additions & 9 deletions Neos.Flow/Classes/Security/Policy/PolicyService.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,42 +108,43 @@ protected function initialize(): void
$privilegeTargetsForEverybody = $this->privilegeTargets;

$this->roles = [];
$everybodyRole = new Role('Neos.Flow:Everybody', [], (string)($this->policyConfiguration['roles']['Neos.Flow:Everybody']['label'] ?? ''), (string)($this->policyConfiguration['roles']['Neos.Flow:Everybody']['description'] ?? ''));
$everybodyRole = new Role(RoleId::everybody(), [], (string)($this->policyConfiguration['roles']['Neos.Flow:Everybody']['label'] ?? ''), (string)($this->policyConfiguration['roles']['Neos.Flow:Everybody']['description'] ?? ''));
$everybodyRole->setAbstract(true);
if (isset($this->policyConfiguration['roles'])) {
foreach ($this->policyConfiguration['roles'] as $roleIdentifier => $roleConfiguration) {
if ($roleIdentifier === 'Neos.Flow:Everybody') {
foreach ($this->policyConfiguration['roles'] as $roleIdString => $roleConfiguration) {
$roleId = RoleId::fromString($roleIdString);
if ($roleId->equals(RoleId::everybody())) {
$role = $everybodyRole;
} else {
$role = new Role($roleIdentifier, [], (string)($roleConfiguration['label'] ?? ''), (string)($roleConfiguration['description'] ?? ''));
$role = new Role($roleId, [], (string)($roleConfiguration['label'] ?? ''), (string)($roleConfiguration['description'] ?? ''));
$role->setAbstract((bool)($roleConfiguration['abstract'] ?? false));
}

if (isset($roleConfiguration['privileges'])) {
foreach ($roleConfiguration['privileges'] as $privilegeConfiguration) {
$privilegeTargetIdentifier = $privilegeConfiguration['privilegeTarget'];
if (!isset($this->privilegeTargets[$privilegeTargetIdentifier])) {
throw new SecurityException(sprintf('privilege target "%s", referenced in role configuration "%s" is not defined!', $privilegeTargetIdentifier, $roleIdentifier), 1395869320);
throw new SecurityException(sprintf('privilege target "%s", referenced in role configuration "%s" is not defined!', $privilegeTargetIdentifier, $roleId->value), 1395869320);
}
$privilegeTarget = $this->privilegeTargets[$privilegeTargetIdentifier];
if (!isset($privilegeConfiguration['permission'])) {
throw new SecurityException(sprintf('No permission set for privilegeTarget "%s" in Role "%s"', $privilegeTargetIdentifier, $roleIdentifier), 1395869331);
throw new SecurityException(sprintf('No permission set for privilegeTarget "%s" in Role "%s"', $privilegeTargetIdentifier, $roleId->value), 1395869331);
}
$privilegeParameters = $privilegeConfiguration['parameters'] ?? [];
try {
$privilege = $privilegeTarget->createPrivilege($privilegeConfiguration['permission'], $privilegeParameters);
} catch (\Exception $exception) {
throw new SecurityException(sprintf('Error for privilegeTarget "%s" in Role "%s": %s', $privilegeTargetIdentifier, $roleIdentifier, $exception->getMessage()), 1401886654, $exception);
throw new SecurityException(sprintf('Error for privilegeTarget "%s" in Role "%s": %s', $privilegeTargetIdentifier, $roleId->value, $exception->getMessage()), 1401886654, $exception);
}
$role->addPrivilege($privilege);

if ($roleIdentifier === 'Neos.Flow:Everybody') {
if ($roleId->equals(RoleId::everybody())) {
unset($privilegeTargetsForEverybody[$privilegeTargetIdentifier]);
}
}
}

$this->roles[$roleIdentifier] = $role;
$this->roles[$roleId->value] = $role;
}
}

Expand Down
9 changes: 6 additions & 3 deletions Neos.Flow/Classes/Security/Policy/Role.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,14 +59,17 @@ class Role
protected $privileges = [];

/**
* @param string $identifier The fully qualified identifier of this role (Vendor.Package:Role)
* @param RoleId|string $id The fully qualified identifier of this role (Vendor.Package:Role)
* @param Role[] $parentRoles
* @param string $label A label for this role
* @param string $description A description on this role
*/
public function __construct(string $identifier, array $parentRoles = [], string $label = '', string $description = '')
public function __construct(RoleId|string $id, array $parentRoles = [], string $label = '', string $description = '')
{
$this->id = RoleId::fromString($identifier);
if (is_string($id)) {
$id = RoleId::fromString($id);
}
$this->id = $id;
$this->label = $label ?: $this->id->getName();
$this->description = $description;
$this->parentRoles = $parentRoles;
Expand Down

0 comments on commit 32bbd2d

Please sign in to comment.