Returns TRUE, if at least one of the currently authenticated accounts holds
a role with the given identifier, also recursively.
/**
* Returns TRUE, if at least one of the currently authenticated accounts holds
* a role with the given identifier, also recursively.
*
* @param string $roleIdentifier The string representation of the role to search for
* @return boolean TRUE, if a role with the given string representation was found
*/
public function hasRole($roleIdentifier)
{
if ($roleIdentifier === 'Neos.Flow:Everybody') {
return true;
}
if ($this->securityContext->canBeInitialized()) {
return $this->securityContext->hasRole($roleIdentifier);
}
return false;
}
/**
* Tells if this node may be accessed according to the current security context.
*
* @return boolean
*/
public function isAccessible()
{
if ($this->hasAccessRestrictions() === false) {
return true;
}
if ($this->securityContext->canBeInitialized() === false) {
return true;
}
foreach ($this->accessRoles as $roleName) {
if ($this->securityContext->hasRole($roleName)) {
return true;
}
}
return false;
}
/**
* Checks if the current user may publish to the given workspace according to one the roles of the user's accounts
*
* In future versions, this logic may be implemented in Neos in a more generic way (for example, by means of an
* ACL object), but for now, this method exists in order to at least centralize and encapsulate the required logic.
*
* @param Workspace $workspace The workspace
* @return boolean
*/
public function currentUserCanPublishToWorkspace(Workspace $workspace)
{
if ($workspace->getName() === 'live') {
return $this->securityContext->hasRole('Neos.Neos:LivePublisher');
}
if ($workspace->getOwner() === $this->getCurrentUser() || $workspace->getOwner() === null) {
return true;
}
return false;
}
