public function showEffectivePolicyCommand($privilegeType, $roles = '')
{
$systemRoleIdentifiers = ['Neos.Flow:Everybody', 'Neos.Flow:Anonymous', 'Neos.Flow:AuthenticatedUser'];
if (strpos($privilegeType, '\\') === false) {
$privilegeType = sprintf('\\Neos\\Flow\\Security\\Authorization\\Privilege\\%s\\%sPrivilegeInterface', ucfirst($privilegeType), ucfirst($privilegeType));
}
if (!class_exists($privilegeType) && !interface_exists($privilegeType)) {
$this->outputLine('The privilege type "%s" was not defined.', [$privilegeType]);
$this->quit(1);
}
if (!is_subclass_of($privilegeType, PrivilegeInterface::class)) {
$this->outputLine('"%s" does not refer to a valid Privilege', [$privilegeType]);
$this->quit(1);
}
$requestedRoles = [];
foreach (Arrays::trimExplode(',', $roles) as $roleIdentifier) {
try {
if (in_array($roleIdentifier, $systemRoleIdentifiers)) {
continue;
}
$currentRole = $this->policyService->getRole($roleIdentifier);
$requestedRoles[$roleIdentifier] = $currentRole;
foreach ($currentRole->getAllParentRoles() as $currentParentRole) {
if (!in_array($currentParentRole, $requestedRoles)) {
$requestedRoles[$currentParentRole->getIdentifier()] = $currentParentRole;
}
}
} catch (NoSuchRoleException $exception) {
$this->outputLine('The role %s was not defined.', [$roleIdentifier]);
$this->quit(1);
}
}
if (count($requestedRoles) > 0) {
$requestedRoles['Neos.Flow:AuthenticatedUser'] = $this->policyService->getRole('Neos.Flow:AuthenticatedUser');
} else {
$requestedRoles['Neos.Flow:Anonymous'] = $this->policyService->getRole('Neos.Flow:Anonymous');
}
$requestedRoles['Neos.Flow:Everybody'] = $this->policyService->getRole('Neos.Flow:Everybody');
$this->outputLine('Effective Permissions for the roles <b>%s</b> ', [implode(', ', $requestedRoles)]);
$this->outputLine(str_repeat('-', $this->output->getMaximumLineLength()));
$definedPrivileges = $this->policyService->getAllPrivilegesByType($privilegeType);
$permissions = [];
/** @var PrivilegeInterface $definedPrivilege */
foreach ($definedPrivileges as $definedPrivilege) {
$accessGrants = 0;
$accessDenies = 0;
$permission = 'ABSTAIN';
/** @var Role $requestedRole */
foreach ($requestedRoles as $requestedRole) {
$privilegeType = $requestedRole->getPrivilegeForTarget($definedPrivilege->getPrivilegeTarget()->getIdentifier());
if ($privilegeType === null) {
continue;
}
if ($privilegeType->isGranted()) {
$accessGrants++;
} elseif ($privilegeType->isDenied()) {
$accessDenies++;
}
}
if ($accessDenies > 0) {
$permission = '<error>DENY</error>';
}
if ($accessGrants > 0 && $accessDenies === 0) {
$permission = '<success>GRANT</success>';
}
$permissions[$definedPrivilege->getPrivilegeTarget()->getIdentifier()] = $permission;
}
ksort($permissions);
foreach ($permissions as $privilegeTargetIdentifier => $permission) {
$formattedPrivilegeTargetIdentifier = wordwrap($privilegeTargetIdentifier, $this->output->getMaximumLineLength() - 10, PHP_EOL . str_repeat(' ', 10), true);
$this->outputLine('%-70s %s', [$formattedPrivilegeTargetIdentifier, $permission]);
}
}