/** * This is the default Policy voter, it votes for the access privilege for the given join point * * @param \TYPO3\Flow\Security\Context $securityContext The current security context * @param \TYPO3\Flow\Aop\JoinPointInterface $joinPoint The joinpoint to vote for * @return integer One of: VOTE_GRANT, VOTE_ABSTAIN, VOTE_DENY */ public function voteForJoinPoint(\TYPO3\Flow\Security\Context $securityContext, \TYPO3\Flow\Aop\JoinPointInterface $joinPoint) { $accessGrants = 0; $accessDenies = 0; foreach ($securityContext->getRoles() as $role) { try { $privileges = $this->policyService->getPrivilegesForJoinPoint($role, $joinPoint); } catch (\TYPO3\Flow\Security\Exception\NoEntryInPolicyException $e) { return self::VOTE_ABSTAIN; } foreach ($privileges as $privilege) { if ($privilege === \TYPO3\Flow\Security\Policy\PolicyService::PRIVILEGE_GRANT) { $accessGrants++; } elseif ($privilege === \TYPO3\Flow\Security\Policy\PolicyService::PRIVILEGE_DENY) { $accessDenies++; } } } if ($accessDenies > 0) { return self::VOTE_DENY; } if ($accessGrants > 0) { return self::VOTE_GRANT; } return self::VOTE_ABSTAIN; }