BUGFIX: site list in "content" of left drawer is policy checked

[tdausner]

Using policies for NodeTreePrivilege (in Policy.yaml) did not reflect in the list of sites in left drawer "content" site list. The bugfix restricts user to only sees sites with NodeTreePrivilege access GRANTED.

Function buildSiteList is enriched by $context and $privilegeManager. For each site the node of path /sites/{root-node-name-of-site} is checked by $privilegeManager->isGranted() and put into site list on GRANTED.

Use case / Review instructions

• start with a fresh NEOS development installtion (see https://github.com/neos/neos-development-collection#contributing)

• kickstart multi site setup (First.Site, Second.Site, Third.Site) by command
  $ for s in First Second Third; do ./flow kickstart:site $s.Site $s ; done

• Import sites just created
  $ for s in First Second Third; do ./flow site:import --package-key $s.Site ; done

• domain setup for sites in backed Administration/Sites Management
  First.Site -> https://first.tds (tds is my development domain)
  Second.Site -> https://second.tds
  Third.Site -> https://third.tds
  

• Setup Policy.yaml (see Policy.yaml.txt ) and check resulting roles by command

$ ./flow security:listroles
+-----------------------------------------------+-----------------------+
| Id                                            | Label                 |
+-----------------------------------------------+-----------------------+
| Neos.Neos:LivePublisher                       | Live publisher        |
| Neos.Neos:Administrator                       | Neos Administrator    |
| Neos.Neos:RestrictedEditor                    | Restricted Editor     |
| Neos.Neos:Editor                              | Editor                |
| Neos.Neos:UserManager                         | Neos User Manager     |
| Neos.RedirectHandler.Ui:RedirectAdministrator | RedirectAdministrator |
| Neos.Setup:SetupUser                          | SetupUser             |
| First.Site:FirstEditor                        | First site Editor     |
| Second.Site:SecondEditor                      | Second site Editor    |
| Third.Site:ThirdEditor                        | Third site Editor     |
+-----------------------------------------------+-----------------------+

NodeTreePrivilege matcher in Policy.yaml is 'isDescendantNodeOf("/sites/first-site")' for First.Site and so on. Retrieve the node names by command:

$ ./flow site:list

 Name                 Node name                 Resources package               Status
----------------------------------------------------------------------------------------
 First                first-site                First.Site                      online
 Second               second-site               Second.Site                     online
 Third                third-site                Third.Site                      online

• Add test user:
  $ ./flow user:create --roles Second.Site:SecondEditor TestUser testuser-password Test User

• Log into NEOS as administrator
  

• Log into NEOS as TestUser
  

Checked releases 5.0 and 7.0 source code. Also in theese releases regards to policies are missing. Looks like the bug is inherited.

Checklist

• Code follows the PSR-2 coding style
• Tests have been created, run and adjusted as needed
• The PR is created against the lowest maintained branch
• Reviewer - PR Title is brief but complete and starts with FEATURE|TASK|BUGFIX
• Reviewer - The first section explains the change briefly for change-logs
• Reviewer - Breaking Changes are marked with !!! and have upgrade-instructions

[tdausner]

@markusguenther lost my repo so the original pr got closed.

[grebaldi]

Hi @tdausner,

thanks to your excellent review instructions I was able to reproduce the problem and to verify manually that your change solves it :)

Code looks good to me 👍

[bwaidelich]

Looking good, by reading.
Just two tiny issues/questions

[tdausner]

• '/sites' replaced by SiteService::SITES_ROOT_PATH
• use ...\SiteService; added
• missing property type declarations added / PhpDoc @throws updated

[kdambekalns]

Thanks! I was wondering… should this be fixed in 7.3, as it's a bugfix? I think yes…

If so, the type declarations won't work with injection. 😬

[tdausner]

Oooops... I'm so happy with Neos 8... didn't think about backwards compatibility.
Removed type declarations on @flow\Inject.
Tested on

• Neos 7.3.10
• Neos 8.2 development collection

[kdambekalns]

Fine (by reading!)

[kdambekalns]

@tdausner Could you open this against 7.3 then?

[tdausner]

Obsolete by #4025