/**
* The policy enforcement advice. This advices applies the security enforcement interceptor to all methods configured in the policy.
* Note: If we have some kind of "run as" functionality in the future, we would have to manipulate the security context
* before calling the policy enforcement interceptor
*
* @Flow\Around("filter(TYPO3\Flow\Security\Authorization\Privilege\Method\MethodPrivilegePointcutFilter)")
* @param JoinPointInterface $joinPoint The current joinpoint
* @return mixed The result of the target method if it has not been intercepted
*/
public function enforcePolicy(JoinPointInterface $joinPoint)
{
if ($this->securityContext->areAuthorizationChecksDisabled() !== true) {
$this->policyEnforcementInterceptor->setJoinPoint($joinPoint);
$this->policyEnforcementInterceptor->invoke();
}
return $joinPoint->getAdviceChain()->proceed($joinPoint);
}
/**
* The policy enforcement advice. This advices applies the security enforcement interceptor to all methods configured in the policy.
* Note: If we have some kind of "run as" functionality in the future, we would have to manipulate the security context
* before calling the policy enforcement interceptor
*
* @Flow\Around("setting(TYPO3.Flow.security.enable) && filter(TYPO3\Flow\Security\Policy\PolicyService)")
* @param \TYPO3\Flow\Aop\JoinPointInterface $joinPoint The current joinpoint
* @return mixed The result of the target method if it has not been intercepted
*/
public function enforcePolicy(\TYPO3\Flow\Aop\JoinPointInterface $joinPoint)
{
if ($this->securityContext->areAuthorizationChecksDisabled() !== TRUE) {
$this->policyEnforcementInterceptor->setJoinPoint($joinPoint);
$this->policyEnforcementInterceptor->invoke();
}
$result = $joinPoint->getAdviceChain()->proceed($joinPoint);
// @TODO Once we use the AfterInvocation again, it needs to be invoked here and its result returned instead.
return $result;
}
/**
* @test
* @todo adjust when AfterInvocationInterceptor is used again
*/
public function enforcePolicyDoesNotInvokeInterceptorIfAuthorizationChecksAreDisabled()
{
$this->mockAdviceChain->expects($this->once())->method('proceed')->with($this->mockJoinPoint);
$this->mockJoinPoint->expects($this->once())->method('getAdviceChain')->will($this->returnValue($this->mockAdviceChain));
$this->mockSecurityContext->expects($this->atLeastOnce())->method('areAuthorizationChecksDisabled')->will($this->returnValue(true));
$this->mockPolicyEnforcementInterceptor->expects($this->never())->method('invoke');
$this->policyEnforcementAspect->enforcePolicy($this->mockJoinPoint);
}
