/**
* This is the default Policy voter, it votes for the access privilege for the given resource
*
* @param \TYPO3\Flow\Security\Context $securityContext The current security context
* @param string $resource The resource to vote for
* @return integer One of: VOTE_GRANT, VOTE_ABSTAIN, VOTE_DENY
*/
public function voteForResource(\TYPO3\Flow\Security\Context $securityContext, $resource)
{
$accessGrants = 0;
$accessDenies = 0;
foreach ($securityContext->getRoles() as $role) {
try {
$privilege = $this->policyService->getPrivilegeForResource($role, $resource);
} catch (\TYPO3\Flow\Security\Exception\NoEntryInPolicyException $e) {
return self::VOTE_ABSTAIN;
}
if ($privilege === NULL) {
continue;
}
if ($privilege === \TYPO3\Flow\Security\Policy\PolicyService::PRIVILEGE_GRANT) {
$accessGrants++;
} elseif ($privilege === \TYPO3\Flow\Security\Policy\PolicyService::PRIVILEGE_DENY) {
$accessDenies++;
}
}
if ($accessDenies > 0) {
return self::VOTE_DENY;
}
if ($accessGrants > 0) {
return self::VOTE_GRANT;
}
return self::VOTE_ABSTAIN;
}
