private function initRoles()
 {
     if (!$this->policyService->hasRole('DLigo.Animaltool:Admin')) {
         $this->policyService->createRole('DLigo.Animaltool:Admin');
     }
     if (!$this->policyService->hasRole('DLigo.Animaltool:Catcher')) {
         $this->policyService->createRole('DLigo.Animaltool:Catcher');
     }
     if (!$this->policyService->hasRole('DLigo.Animaltool:Doctor')) {
         $this->policyService->createRole('DLigo.Animaltool:Doctor');
     }
 }
 /**
  * Initializes the roles field by fetching the role objects referenced by the roleIdentifiers
  *
  * @return void
  */
 protected function initializeRoles()
 {
     if ($this->roles !== null) {
         return;
     }
     $this->roles = [];
     foreach ($this->roleIdentifiers as $key => $roleIdentifier) {
         // check for and clean up roles no longer available
         if ($this->policyService->hasRole($roleIdentifier)) {
             $this->roles[$roleIdentifier] = $this->policyService->getRole($roleIdentifier);
         } else {
             unset($this->roleIdentifiers[$key]);
         }
     }
 }
 /**
  * @test
  */
 public function hasRoleReturnsTrueIfTheSpecifiedRoleIsConfigured()
 {
     $this->mockPolicyConfiguration = ['roles' => ['Some.Package:SomeRole' => []]];
     $this->assertTrue($this->policyService->hasRole('Some.Package:SomeRole'));
 }
 /**
  * Replaces a role identifier not containing a "." into fully qualified role identifier from the TYPO3.Neos namespace.
  *
  * @param string $roleIdentifier
  * @return string
  * @throws NoSuchRoleException
  */
 protected function normalizeRoleIdentifier($roleIdentifier)
 {
     if (strpos($roleIdentifier, ':') === false) {
         $roleIdentifier = 'TYPO3.Neos:' . $roleIdentifier;
     }
     if (!$this->policyService->hasRole($roleIdentifier)) {
         throw new NoSuchRoleException(sprintf('The role %s does not exist.', $roleIdentifier), 1422540184);
     }
     return $roleIdentifier;
 }
 /**
  * Shows the effective policy rules currently active in the system
  *
  * @param boolean $grantsOnly Only list methods effectively granted to the given roles
  * @return void
  */
 public function showEffectivePolicyCommand($grantsOnly = FALSE)
 {
     $roles = array();
     $roleIdentifiers = $this->request->getExceedingArguments();
     if (empty($roleIdentifiers) === TRUE) {
         $this->outputLine('Please specify at leas one role, to calculate the effective privileges for!');
         $this->quit(1);
     }
     foreach ($roleIdentifiers as $roleIdentifier) {
         if ($this->policyService->hasRole($roleIdentifier)) {
             $currentRole = $this->policyService->getRole($roleIdentifier);
             $roles[$roleIdentifier] = $currentRole;
             foreach ($this->policyService->getAllParentRoles($currentRole) as $parentRoleIdentifier => $parentRole) {
                 if (!isset($roles[$parentRoleIdentifier])) {
                     $roles[$parentRoleIdentifier] = $parentRole;
                 }
             }
         }
     }
     if (count($roles) === 0) {
         $this->outputLine('The specified role(s) do not exist.');
         $this->quit(1);
     }
     $this->outputLine(PHP_EOL . 'The following roles will be used for calculating the effective privileges (retrieved from the configured roles hierarchy):' . PHP_EOL);
     foreach ($roles as $roleIdentifier => $role) {
         $this->outputLine($roleIdentifier);
     }
     $dummySecurityContext = new DummyContext();
     $dummySecurityContext->setRoles($roles);
     $accessDecisionManager = new AccessDecisionVoterManager($this->objectManager, $dummySecurityContext);
     if ($this->policyCache->has('acls')) {
         $classes = array();
         $acls = $this->policyCache->get('acls');
         foreach ($acls as $classAndMethodName => $aclEntry) {
             if (strpos($classAndMethodName, '->') === FALSE) {
                 continue;
             }
             list($className, $methodName) = explode('->', $classAndMethodName);
             $className = $this->objectManager->getCaseSensitiveObjectName($className);
             $reflectionClass = new \ReflectionClass($className);
             foreach ($reflectionClass->getMethods() as $casSensitiveMethodName) {
                 if ($methodName === strtolower($casSensitiveMethodName->getName())) {
                     $methodName = $casSensitiveMethodName->getName();
                     break;
                 }
             }
             $runtimeEvaluationsInPlace = FALSE;
             foreach ($aclEntry as $role => $resources) {
                 if (in_array($role, $roles) === FALSE) {
                     continue;
                 }
                 if (!isset($classes[$className])) {
                     $classes[$className] = array();
                 }
                 if (!isset($classes[$className][$methodName])) {
                     $classes[$className][$methodName] = array();
                     $classes[$className][$methodName]['resources'] = array();
                 }
                 foreach ($resources as $resourceName => $privilege) {
                     $classes[$className][$methodName]['resources'][$resourceName] = $privilege;
                     if ($privilege['runtimeEvaluationsClosureCode'] !== FALSE) {
                         $runtimeEvaluationsInPlace = TRUE;
                     }
                 }
             }
             if ($runtimeEvaluationsInPlace === FALSE) {
                 try {
                     $accessDecisionManager->decideOnJoinPoint(new JoinPoint(NULL, $className, $methodName, array()));
                 } catch (AccessDeniedException $e) {
                     $classes[$className][$methodName]['effectivePrivilege'] = $e->getMessage();
                 }
                 if (!isset($classes[$className][$methodName]['effectivePrivilege'])) {
                     $classes[$className][$methodName]['effectivePrivilege'] = 'Access granted';
                 }
             } else {
                 $classes[$className][$methodName]['effectivePrivilege'] = 'Could not be calculated. Runtime evaluations in place!';
             }
         }
         foreach ($classes as $className => $methods) {
             $classNamePrinted = FALSE;
             foreach ($methods as $methodName => $resources) {
                 if ($grantsOnly === TRUE && $resources['effectivePrivilege'] !== 'Access granted') {
                     continue;
                 }
                 if ($classNamePrinted === FALSE) {
                     $this->outputLine(PHP_EOL . PHP_EOL . ' <b>' . $className . '</b>');
                     $classNamePrinted = TRUE;
                 }
                 $this->outputLine(PHP_EOL . '  ' . $methodName);
                 if (isset($resources['resources']) === TRUE && is_array($resources['resources']) === TRUE) {
                     foreach ($resources['resources'] as $resourceName => $privilege) {
                         switch ($privilege['privilege']) {
                             case PolicyService::PRIVILEGE_GRANT:
                                 $this->outputLine('   Resource "<i>' . $resourceName . '</i>": Access granted');
                                 break;
                             case PolicyService::PRIVILEGE_DENY:
                                 $this->outputLine('   Resource "<i>' . $resourceName . '</i>": Access denied');
                                 break;
                             case PolicyService::PRIVILEGE_ABSTAIN:
                                 $this->outputLine('   Resource "<i>' . $resourceName . '</i>": Vote abstained (no acl entry for given roles)');
                                 break;
                         }
                     }
                 }
                 $this->outputLine('   <b>Effective privilege for given roles: ' . $resources['effectivePrivilege'] . '</b>');
             }
         }
     } else {
         $this->outputLine('Could not find any policy entries, please warmup caches...');
     }
 }