New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
BUGFIX: site list in "content" of left drawer is policy checked #3979
Conversation
… in the list of sites in left drawer "content" site list. Now a restricted user only sees sites with NodeTreePrivilege access GRANTED. Function buildSiteList is enriched by $context and $privilegeManager. On each site the node of path `/sites/{root-node-name-of-site}` is checked by `$privilegeManager->isGranted()` and put into site list on GRANTED.
@markusguenther lost my repo so the original pr got closed. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @tdausner,
thanks to your excellent review instructions I was able to reproduce the problem and to verify manually that your change solves it :)
Code looks good to me 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking good, by reading.
Just two tiny issues/questions
…ce; added / missing property type declarations added / PhpDoc @throws updated
|
Thanks! I was wondering… should this be fixed in 7.3, as it's a bugfix? I think yes… If so, the type declarations won't work with injection. 😬 |
Oooops... I'm so happy with Neos 8... didn't think about backwards compatibility.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fine (by reading!)
@tdausner Could you open this against 7.3 then? |
Obsolete by #4025 |
We need to re-activate this, see #3979
This is a backward bugfix from 8.2 branch. Details see neos/neos-development-collection#3979
Using policies for
NodeTreePrivilege
(inPolicy.yaml
) did not reflect in the list of sites in left drawer "content" site list. The bugfix restricts user to only sees sites withNodeTreePrivilege
access GRANTED.Function
buildSiteList
is enriched by$context
and$privilegeManager
. For each site the node of path/sites/{root-node-name-of-site}
is checked by$privilegeManager->isGranted()
and put into site list on GRANTED.Use case / Review instructions
start with a fresh NEOS development installtion (see https://github.com/neos/neos-development-collection#contributing)
kickstart multi site setup (First.Site, Second.Site, Third.Site) by command
$ for s in First Second Third; do ./flow kickstart:site $s.Site $s ; done
Import sites just created
$ for s in First Second Third; do ./flow site:import --package-key $s.Site ; done
domain setup for sites in backed Administration/Sites Management
First.Site -> https://first.tds (tds is my development domain)
Second.Site -> https://second.tds
Third.Site -> https://third.tds
Setup
Policy.yaml
(see Policy.yaml.txt ) and check resulting roles by commandNodeTreePrivilege
matcher inPolicy.yaml
is'isDescendantNodeOf("/sites/first-site")'
for First.Site and so on. Retrieve the node names by command:Add test user:
$ ./flow user:create --roles Second.Site:SecondEditor TestUser testuser-password Test User
Log into NEOS as administrator
Log into NEOS as TestUser
Checked releases 5.0 and 7.0 source code. Also in theese releases regards to policies are missing. Looks like the bug is inherited.
Checklist
FEATURE|TASK|BUGFIX
!!!
and have upgrade-instructions