Policy "property("Persistence_Object_Identifier").in("someContext") not working when returning empty array. #2477
Open
Description
Description
When using the in() condition for a policy, the array returned by the context getter can not return an empty array.
Steps to Reproduce
- write a context with a getter named
getFacilityIdsTree, returning an empty array like this:<?php declare(strict_types=1); namespace Foo\Bar\Security\Context; /** * @Flow\Scope("singleton") */ class FacilityContext implements CacheAwareInterface { /** * Find all facilities * @return array<string> */ public function getFacilityIdsTree(): array { return [] } } - and configure it as global object for aop like this:
Neos: Flow: aop: globalObjects: facilityContext: Foo\Bar\Security\Context\FacilityContext - create a Policy with a matcher like this:
isType("Foo\Bar\Domain\Model\Facility") && !(property("Persistence_Object_Identifier").in("context.facilityContext.facilityIdsTree")) - GRANT this policy for users, even 'Neos.Flow:Everybody' should work.
Expected behavior
Users with the Role should be able to fetch all Foo\Bar\Domain\Model\Facility objects since it is granted for them.
Actual behavior
Foo\Bar\Domain\Model\Facility are still not fetched just like its not acutally Granted in the Policy
Affected Versions
Flow: Version 6.1.16
Possible Workaround:
I was able to get it to work when i returned not only an empty array like this [] But actually an array with a single empty string, like this. ['']