/** * This is the default Policy voter, it votes for the access privilege for the given resource * * @param \TYPO3\Flow\Security\Context $securityContext The current security context * @param string $resource The resource to vote for * @return integer One of: VOTE_GRANT, VOTE_ABSTAIN, VOTE_DENY */ public function voteForResource(\TYPO3\Flow\Security\Context $securityContext, $resource) { $accessGrants = 0; $accessDenies = 0; foreach ($securityContext->getRoles() as $role) { try { $privilege = $this->policyService->getPrivilegeForResource($role, $resource); } catch (\TYPO3\Flow\Security\Exception\NoEntryInPolicyException $e) { return self::VOTE_ABSTAIN; } if ($privilege === NULL) { continue; } if ($privilege === \TYPO3\Flow\Security\Policy\PolicyService::PRIVILEGE_GRANT) { $accessGrants++; } elseif ($privilege === \TYPO3\Flow\Security\Policy\PolicyService::PRIVILEGE_DENY) { $accessDenies++; } } if ($accessDenies > 0) { return self::VOTE_DENY; } if ($accessGrants > 0) { return self::VOTE_GRANT; } return self::VOTE_ABSTAIN; }