/**
* Checks, if the current policy allows the retrieval of the object fetched by getObjectDataByIdentifier()
*
* @Flow\Around("within(TYPO3\Flow\Persistence\PersistenceManagerInterface) && method(.*->getObjectByIdentifier()) && setting(TYPO3.Flow.security.enable)")
* @param \TYPO3\Flow\Aop\JoinPointInterface $joinPoint The current joinpoint
* @return array The object data of the original object, or NULL if access is not permitted
*/
public function checkAccessAfterFetchingAnObjectByIdentifier(JoinPointInterface $joinPoint)
{
$result = $joinPoint->getAdviceChain()->proceed($joinPoint);
if ($this->securityContext->areAuthorizationChecksDisabled() === TRUE || $this->policyService->hasPolicyEntriesForEntities() === FALSE) {
return $result;
}
if ($this->securityContext->isInitialized() === FALSE) {
if ($this->securityContext->canBeInitialized() === TRUE) {
$this->securityContext->initialize();
} else {
return $result;
}
}
$authenticatedRoles = $this->securityContext->getRoles();
$entityType = $this->reflectionService->getClassNameByObject($result);
if ($this->policyService->hasPolicyEntryForEntityType($entityType, $authenticatedRoles)) {
if ($this->policyService->isGeneralAccessForEntityTypeGranted($entityType, $authenticatedRoles) === FALSE) {
return NULL;
}
$policyConstraintsDefinition = $this->policyService->getResourcesConstraintsForEntityTypeAndRoles($entityType, $authenticatedRoles);
if ($this->checkConstraintDefinitionsOnResultObject($policyConstraintsDefinition, $result) === FALSE) {
return NULL;
}
}
return $result;
}
