public function invoke()
{
$reason = '';
$privilegeSubject = new MethodPrivilegeSubject($this->joinPoint);
try {
$this->authenticationManager->authenticate();
} catch (EntityNotFoundException $exception) {
throw new AuthenticationRequiredException('Could not authenticate. Looks like a broken session.', 1358971444, $exception);
} catch (NoTokensAuthenticatedException $noTokensAuthenticatedException) {
// We still need to check if the privilege is available to "Neos.Flow:Everybody".
if ($this->privilegeManager->isGranted(MethodPrivilegeInterface::class, $privilegeSubject, $reason) === false) {
throw new NoTokensAuthenticatedException($noTokensAuthenticatedException->getMessage() . chr(10) . $reason, $noTokensAuthenticatedException->getCode());
}
}
if ($this->privilegeManager->isGranted(MethodPrivilegeInterface::class, $privilegeSubject, $reason) === false) {
throw new AccessDeniedException($this->renderDecisionReasonMessage($reason), 1222268609);
}
} /**
* The policy enforcement advice. This advices applies the security enforcement interceptor to all methods configured in the policy.
* Note: If we have some kind of "run as" functionality in the future, we would have to manipulate the security context
* before calling the policy enforcement interceptor
*
* @Flow\Around("filter(Neos\Flow\Security\Authorization\Privilege\Method\MethodPrivilegePointcutFilter)")
* @param JoinPointInterface $joinPoint The current joinpoint
* @return mixed The result of the target method if it has not been intercepted
*/
public function enforcePolicy(JoinPointInterface $joinPoint)
{
if ($this->securityContext->areAuthorizationChecksDisabled() !== true) {
$this->policyEnforcementInterceptor->setJoinPoint($joinPoint);
$this->policyEnforcementInterceptor->invoke();
}
return $joinPoint->getAdviceChain()->proceed($joinPoint);
}