/** * The policy enforcement advice. This advices applies the security enforcement interceptor to all methods configured in the policy. * Note: If we have some kind of "run as" functionality in the future, we would have to manipulate the security context * before calling the policy enforcement interceptor * * @Flow\Around("filter(Neos\Flow\Security\Authorization\Privilege\Method\MethodPrivilegePointcutFilter)") * @param JoinPointInterface $joinPoint The current joinpoint * @return mixed The result of the target method if it has not been intercepted */ public function enforcePolicy(JoinPointInterface $joinPoint) { if ($this->securityContext->areAuthorizationChecksDisabled() !== true) { $this->policyEnforcementInterceptor->setJoinPoint($joinPoint); $this->policyEnforcementInterceptor->invoke(); } return $joinPoint->getAdviceChain()->proceed($joinPoint); }
/** * @test */ public function invokeCallsThePrivilegeManagerToDecideOnTheCurrentJoinPoint() { $securityContext = $this->createMock(Security\Context::class); $authenticationManager = $this->createMock(Security\Authentication\AuthenticationManagerInterface::class); $privilegeManager = $this->createMock(Security\Authorization\PrivilegeManagerInterface::class); $joinPoint = $this->createMock(JoinPointInterface::class); $privilegeManager->expects($this->once())->method('isGranted')->with(Security\Authorization\Privilege\Method\MethodPrivilegeInterface::class); $interceptor = new Security\Authorization\Interceptor\PolicyEnforcement($securityContext, $authenticationManager, $privilegeManager); $interceptor->setJoinPoint($joinPoint); $interceptor->invoke(); }