/**
* Returns all roles defined in the Incvisio.LostFound package
*
* @return array<\TYPO3\Flow\Security\Policy\Role>
*/
public function getRoles()
{
$roles = array();
foreach ($this->policyService->getRoles() as $role) {
if ($role->getPackageKey() === self::CURRENT_PACKAGE_KEY) {
$roles[] = $role;
}
}
return $roles;
}
/**
* Lists all public controller actions not covered by the active security policy
*
* @return void
*/
public function showUnprotectedActionsCommand()
{
$methodPrivileges = array();
foreach ($this->policyService->getRoles(true) as $role) {
$methodPrivileges = array_merge($methodPrivileges, $role->getPrivilegesByType(\TYPO3\Flow\Security\Authorization\Privilege\Method\MethodPrivilegeInterface::class));
}
$controllerClassNames = $this->reflectionService->getAllSubClassNamesForClass(\TYPO3\Flow\Mvc\Controller\AbstractController::class);
$allActionsAreProtected = true;
foreach ($controllerClassNames as $controllerClassName) {
if ($this->reflectionService->isClassAbstract($controllerClassName)) {
continue;
}
$methodNames = get_class_methods($controllerClassName);
$foundUnprotectedAction = false;
foreach ($methodNames as $methodName) {
if (preg_match('/.*Action$/', $methodName) === 0 || $this->reflectionService->isMethodPublic($controllerClassName, $methodName) === false) {
continue;
}
/** @var MethodPrivilegeInterface $methodPrivilege */
foreach ($methodPrivileges as $methodPrivilege) {
if ($methodPrivilege->matchesMethod($controllerClassName, $methodName)) {
continue 2;
}
}
if ($foundUnprotectedAction === false) {
$this->outputLine(PHP_EOL . '<b>' . $controllerClassName . '</b>');
$foundUnprotectedAction = true;
$allActionsAreProtected = false;
}
$this->outputLine(' ' . $methodName);
}
}
if ($allActionsAreProtected === true) {
$this->outputLine('All public controller actions are covered by your security policy. Good job!');
}
}
/**
* @param NodeInterface $node
*/
public function showAction(NodeInterface $node)
{
$roles = $this->policyService->getRoles(true);
$this->view->assignMultiple(['acl' => $this->aclCheckService->checkNodeForRoles($node, $roles), 'targets' => $this->aclCheckService->checkPrivilegeTargetsForNodeAndRoles($node, $roles), 'node' => $node, 'breadcrumbNodes' => $this->breadcrumbNodesForNode($node), 'childNodes' => $this->aclCheckService->getContentNodes($node, $roles, 999)]);
}
/**
* Edit the given account
*
* @param Account $account
* @return void
*/
public function editAccountAction(Account $account)
{
$this->view->assignMultiple(array('account' => $account, 'user' => $this->userService->getUser($account->getAccountIdentifier(), $account->getAuthenticationProviderName()), 'availableRoles' => $this->policyService->getRoles()));
}
/**
* @test
*/
public function getRolesIncludesAbstractRolesIfRequested()
{
$this->mockPolicyConfiguration = ['roles' => ['Some.Package:SomeRole' => ['abstract' => true], 'Some.Package:SomeOtherRole' => ['parentRoles' => ['Some.Package:SomeRole']]]];
$roles = $this->policyService->getRoles(true);
$this->assertSame(['Some.Package:SomeRole', 'Some.Package:SomeOtherRole', 'TYPO3.Flow:Everybody'], array_keys($roles));
}
