-
-
Notifications
You must be signed in to change notification settings - Fork 219
/
RemoveNodePrivilege.php
55 lines (50 loc) · 2.11 KB
/
RemoveNodePrivilege.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
<?php
namespace Neos\ContentRepository\Security\Authorization\Privilege\Node;
/*
* This file is part of the Neos.ContentRepository package.
*
* (c) Contributors of the Neos Project - www.neos.io
*
* This package is Open Source Software. For the full copyright and license
* information, please view the LICENSE file which was distributed with this
* source code.
*/
use Neos\Flow\Security\Authorization\Privilege\Method\MethodPrivilegeSubject;
use Neos\Flow\Security\Authorization\Privilege\PrivilegeSubjectInterface;
use Neos\Flow\Security\Exception\InvalidPrivilegeTypeException;
use Neos\ContentRepository\Domain\Model\NodeInterface;
/**
* A privilege to remove nodes
*/
class RemoveNodePrivilege extends AbstractNodePrivilege
{
/**
* @param PrivilegeSubjectInterface|NodePrivilegeSubject|MethodPrivilegeSubject $subject
* @return boolean
* @throws InvalidPrivilegeTypeException
*/
public function matchesSubject(PrivilegeSubjectInterface $subject)
{
if ($subject instanceof NodePrivilegeSubject === false && $subject instanceof MethodPrivilegeSubject === false) {
throw new InvalidPrivilegeTypeException(sprintf('Privileges of type "%s" only support subjects of type "%s" or "%s", but we got a subject of type: "%s".', RemoveNodePrivilege::class, NodePrivilegeSubject::class, MethodPrivilegeSubject::class, get_class($subject)), 1417017296);
}
if ($subject instanceof MethodPrivilegeSubject) {
$this->initializeMethodPrivilege();
if ($this->methodPrivilege->matchesSubject($subject) === false) {
return false;
}
/** @var NodeInterface $node */
$node = $subject->getJoinPoint()->getProxy();
$nodePrivilegeSubject = new NodePrivilegeSubject($node);
return parent::matchesSubject($nodePrivilegeSubject);
}
return parent::matchesSubject($subject);
}
/**
* @return string
*/
protected function buildMethodPrivilegeMatcher()
{
return 'within(' . NodeInterface::class . ') && method(.*->setRemoved(removed == true))';
}
}