Returns all privileges of the given type
| public getAllPrivilegesByType ( string $type ) : array | ||
| $type | string | Full qualified class or interface name |
| Результат | array | |
/**
* @test
*/
public function getAllPrivilegesByTypeReturnsAllConfiguredPrivilegesOfThatType()
{
$mockPrivilegeClassName = get_class($this->mockPrivilege);
$this->mockPolicyConfiguration = ['privilegeTargets' => [$mockPrivilegeClassName => ['Some.PrivilegeTarget:Identifier' => ['matcher' => 'someMatcher()']]]];
$this->assertCount(1, $this->policyService->getAllPrivilegesByType($mockPrivilegeClassName));
$this->assertInstanceOf($mockPrivilegeClassName, $this->mockPrivilege, $this->policyService->getAllPrivilegesByType($mockPrivilegeClassName));
}
/**
* @param string $className
* @param string $methodName
* @return boolean
*/
protected function hasPolicyEntryForMethod($className, $methodName)
{
$methodPrivileges = $this->policyService->getAllPrivilegesByType(MethodPrivilegeInterface::class);
/** @var MethodPrivilegeInterface $privilege */
foreach ($methodPrivileges as $privilege) {
if ($privilege->matchesMethod($className, $methodName)) {
return true;
}
}
return false;
}
/**
* Shows a list of all defined privilege targets and the effective permissions
*
* @param string $privilegeType The privilege type ("entity", "method" or the FQN of a class implementing PrivilegeInterface)
* @param string $roles A comma separated list of role identifiers. Shows policy for an unauthenticated user when left empty.
*/
public function showEffectivePolicyCommand($privilegeType, $roles = '')
{
$systemRoleIdentifiers = ['Neos.Flow:Everybody', 'Neos.Flow:Anonymous', 'Neos.Flow:AuthenticatedUser'];
if (strpos($privilegeType, '\\') === false) {
$privilegeType = sprintf('\\Neos\\Flow\\Security\\Authorization\\Privilege\\%s\\%sPrivilegeInterface', ucfirst($privilegeType), ucfirst($privilegeType));
}
if (!class_exists($privilegeType) && !interface_exists($privilegeType)) {
$this->outputLine('The privilege type "%s" was not defined.', [$privilegeType]);
$this->quit(1);
}
if (!is_subclass_of($privilegeType, PrivilegeInterface::class)) {
$this->outputLine('"%s" does not refer to a valid Privilege', [$privilegeType]);
$this->quit(1);
}
$requestedRoles = [];
foreach (Arrays::trimExplode(',', $roles) as $roleIdentifier) {
try {
if (in_array($roleIdentifier, $systemRoleIdentifiers)) {
continue;
}
$currentRole = $this->policyService->getRole($roleIdentifier);
$requestedRoles[$roleIdentifier] = $currentRole;
foreach ($currentRole->getAllParentRoles() as $currentParentRole) {
if (!in_array($currentParentRole, $requestedRoles)) {
$requestedRoles[$currentParentRole->getIdentifier()] = $currentParentRole;
}
}
} catch (NoSuchRoleException $exception) {
$this->outputLine('The role %s was not defined.', [$roleIdentifier]);
$this->quit(1);
}
}
if (count($requestedRoles) > 0) {
$requestedRoles['Neos.Flow:AuthenticatedUser'] = $this->policyService->getRole('Neos.Flow:AuthenticatedUser');
} else {
$requestedRoles['Neos.Flow:Anonymous'] = $this->policyService->getRole('Neos.Flow:Anonymous');
}
$requestedRoles['Neos.Flow:Everybody'] = $this->policyService->getRole('Neos.Flow:Everybody');
$this->outputLine('Effective Permissions for the roles <b>%s</b> ', [implode(', ', $requestedRoles)]);
$this->outputLine(str_repeat('-', $this->output->getMaximumLineLength()));
$definedPrivileges = $this->policyService->getAllPrivilegesByType($privilegeType);
$permissions = [];
/** @var PrivilegeInterface $definedPrivilege */
foreach ($definedPrivileges as $definedPrivilege) {
$accessGrants = 0;
$accessDenies = 0;
$permission = 'ABSTAIN';
/** @var Role $requestedRole */
foreach ($requestedRoles as $requestedRole) {
$privilegeType = $requestedRole->getPrivilegeForTarget($definedPrivilege->getPrivilegeTarget()->getIdentifier());
if ($privilegeType === null) {
continue;
}
if ($privilegeType->isGranted()) {
$accessGrants++;
} elseif ($privilegeType->isDenied()) {
$accessDenies++;
}
}
if ($accessDenies > 0) {
$permission = '<error>DENY</error>';
}
if ($accessGrants > 0 && $accessDenies === 0) {
$permission = '<success>GRANT</success>';
}
$permissions[$definedPrivilege->getPrivilegeTarget()->getIdentifier()] = $permission;
}
ksort($permissions);
foreach ($permissions as $privilegeTargetIdentifier => $permission) {
$formattedPrivilegeTargetIdentifier = wordwrap($privilegeTargetIdentifier, $this->output->getMaximumLineLength() - 10, PHP_EOL . str_repeat(' ', 10), true);
$this->outputLine('%-70s %s', [$formattedPrivilegeTargetIdentifier, $permission]);
}
}
