/**
* The policy enforcement advice. This advices applies the security enforcement interceptor to all methods configured in the policy.
* Note: If we have some kind of "run as" functionality in the future, we would have to manipulate the security context
* before calling the policy enforcement interceptor
*
* @Flow\Around("filter(Neos\Flow\Security\Authorization\Privilege\Method\MethodPrivilegePointcutFilter)")
* @param JoinPointInterface $joinPoint The current joinpoint
* @return mixed The result of the target method if it has not been intercepted
*/
public function enforcePolicy(JoinPointInterface $joinPoint)
{
if ($this->securityContext->areAuthorizationChecksDisabled() !== true) {
$this->policyEnforcementInterceptor->setJoinPoint($joinPoint);
$this->policyEnforcementInterceptor->invoke();
}
return $joinPoint->getAdviceChain()->proceed($joinPoint);
}
/**
* @test
*/
public function invokeCallsThePrivilegeManagerToDecideOnTheCurrentJoinPoint()
{
$securityContext = $this->createMock(Security\Context::class);
$authenticationManager = $this->createMock(Security\Authentication\AuthenticationManagerInterface::class);
$privilegeManager = $this->createMock(Security\Authorization\PrivilegeManagerInterface::class);
$joinPoint = $this->createMock(JoinPointInterface::class);
$privilegeManager->expects($this->once())->method('isGranted')->with(Security\Authorization\Privilege\Method\MethodPrivilegeInterface::class);
$interceptor = new Security\Authorization\Interceptor\PolicyEnforcement($securityContext, $authenticationManager, $privilegeManager);
$interceptor->setJoinPoint($joinPoint);
$interceptor->invoke();
}
