/
ReadNodePrivilege.php
63 lines (58 loc) · 2.18 KB
/
ReadNodePrivilege.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
<?php
namespace Neos\ContentRepository\Security\Authorization\Privilege\Node;
/*
* This file is part of the Neos.ContentRepository package.
*
* (c) Contributors of the Neos Project - www.neos.io
*
* This package is Open Source Software. For the full copyright and license
* information, please view the LICENSE file which was distributed with this
* source code.
*/
use Neos\Eel\CompilingEvaluator;
use Neos\Eel\Context;
use Neos\Flow\Security\Authorization\Privilege\Entity\Doctrine\EntityPrivilege;
use Neos\Flow\Security\Authorization\Privilege\PrivilegeSubjectInterface;
use Neos\Flow\Security\Exception\InvalidPrivilegeTypeException;
use Neos\ContentRepository\Domain\Model\NodeData;
use Neos\ContentRepository\Security\Authorization\Privilege\Node\Doctrine\ConditionGenerator;
/**
* A node privilege to restricting reading of nodes.
* Nodes not granted for reading will be filtered via SQL.
*
* Currently only doctrine persistence is supported as we use
* the doctrine filter api, to rewrite SQL queries.
*/
class ReadNodePrivilege extends EntityPrivilege
{
/**
* @param string $entityType
* @return boolean
*/
public function matchesEntityType($entityType)
{
return $entityType === NodeData::class;
}
/**
* @return ConditionGenerator
*/
protected function getConditionGenerator()
{
return new ConditionGenerator();
}
/**
* @param PrivilegeSubjectInterface $subject
* @return boolean
* @throws InvalidPrivilegeTypeException
*/
public function matchesSubject(PrivilegeSubjectInterface $subject)
{
if (!$subject instanceof NodePrivilegeSubject) {
throw new InvalidPrivilegeTypeException(sprintf('Privileges of type "%s" only support subjects of type "%s", but we got a subject of type: "%s".', static::class, NodePrivilegeSubject::class, get_class($subject)), 1465979693);
}
$nodeContext = new NodePrivilegeContext($subject->getNode());
$eelContext = new Context($nodeContext);
$eelCompilingEvaluator = $this->objectManager->get(CompilingEvaluator::class);
return $eelCompilingEvaluator->evaluate($this->getParsedMatcher(), $eelContext);
}
}