public getDeniedNodePropertiesForEditing ( Neos\ContentRepository\Domain\Model\NodeInterface $node ) : string[] | ||
$node | Neos\ContentRepository\Domain\Model\NodeInterface | |
return | string[] | Array of granted node property names |
public function getDeniedNodePropertiesForEditing(NodeInterface $node)
{
$privilegeSubject = new PropertyAwareNodePrivilegeSubject($node);
$deniedNodePropertyNames = array();
$grantedNodePropertyNames = array();
$abstainedNodePropertyNames = array();
foreach ($this->securityContext->getRoles() as $role) {
/** @var EditNodePropertyPrivilege $editNodePropertyPrivilege */
foreach ($role->getPrivilegesByType(EditNodePropertyPrivilege::class) as $editNodePropertyPrivilege) {
if (!$editNodePropertyPrivilege->matchesSubject($privilegeSubject)) {
continue;
}
if ($editNodePropertyPrivilege->isGranted()) {
$grantedNodePropertyNames = array_merge($grantedNodePropertyNames, $editNodePropertyPrivilege->getNodePropertyNames());
} elseif ($editNodePropertyPrivilege->isDenied()) {
$deniedNodePropertyNames = array_merge($deniedNodePropertyNames, $editNodePropertyPrivilege->getNodePropertyNames());
} else {
$abstainedNodePropertyNames = array_merge($abstainedNodePropertyNames, $editNodePropertyPrivilege->getNodePropertyNames());
}
}
}
$implicitlyDeniedNodePropertyNames = array_diff($abstainedNodePropertyNames, $grantedNodePropertyNames);
return array_merge($implicitlyDeniedNodePropertyNames, $deniedNodePropertyNames);
}
/** * @param TableNode $table * @Then /^I should get the following list of denied node properties from the node authorization service:$/ */ public function iShouldGetTheFollowingListOfDeniedNodePropertiesFromTheNodeAuthorizationService($table) { if ($this->isolated === true) { $this->callStepInSubProcess(__METHOD__, sprintf(' %s %s', escapeshellarg(\Neos\Flow\Tests\Functional\Command\TableNode::class), escapeshellarg(json_encode($table->getHash())))); } else { $rows = $table->getHash(); $deniedPropertyNames = $this->nodeAuthorizationService->getDeniedNodePropertiesForEditing($this->currentNodes[0]); if (count($rows) !== count($deniedPropertyNames)) { Assert::fail('The node authorization service did not return the expected amount of node property names! Got: ' . implode(', ', $deniedPropertyNames)); } foreach ($rows as $row) { if (in_array($row['propertyName'], $deniedPropertyNames) === false) { Assert::fail('The following property name has not been returned by the node authorization service: ' . $row['propertyName']); } } } }