/** * This is the default Acl voter, it votes for the ACCESS privilege for the given resource * * @param F3\FLOW3\Security\Context $securityContext The current securit context * @param string $resource The resource to vote for * @return integer One of: VOTE_GRANT, VOTE_ABSTAIN, VOTE_DENY */ public function voteForResource(\F3\FLOW3\Security\Context $securityContext, $resource) { $accessGrants = 0; $accessDenies = 0; foreach ($securityContext->getRoles() as $role) { $privileges = $this->policyService->getPrivilegesForResource($role, $resource); if (!isset($privileges[0])) { continue; } if ($privileges[0]->isGrant()) { $accessGrants++; } else { $accessDenies++; } } if ($accessDenies > 0) { return self::VOTE_DENY; } if ($accessGrants > 0) { return self::VOTE_GRANT; } return self::VOTE_ABSTAIN; }