/** * Returns TRUE, if at least one of the currently authenticated accounts holds * a role with the given identifier, also recursively. * * @param string $roleIdentifier The string representation of the role to search for * @return boolean TRUE, if a role with the given string representation was found */ public function hasRole($roleIdentifier) { if ($roleIdentifier === 'Neos.Flow:Everybody') { return true; } if ($this->securityContext->canBeInitialized()) { return $this->securityContext->hasRole($roleIdentifier); } return false; }
/** * Tells if this node may be accessed according to the current security context. * * @return boolean */ public function isAccessible() { if ($this->hasAccessRestrictions() === false) { return true; } if ($this->securityContext->canBeInitialized() === false) { return true; } foreach ($this->accessRoles as $roleName) { if ($this->securityContext->hasRole($roleName)) { return true; } } return false; }
/** * Checks if the current user may publish to the given workspace according to one the roles of the user's accounts * * In future versions, this logic may be implemented in Neos in a more generic way (for example, by means of an * ACL object), but for now, this method exists in order to at least centralize and encapsulate the required logic. * * @param Workspace $workspace The workspace * @return boolean */ public function currentUserCanPublishToWorkspace(Workspace $workspace) { if ($workspace->getName() === 'live') { return $this->securityContext->hasRole('Neos.Neos:LivePublisher'); } if ($workspace->getOwner() === $this->getCurrentUser() || $workspace->getOwner() === null) { return true; } return false; }