/**
* Parses the global policy configuration and initializes roles and privileges accordingly
*
* @return void
* @throws SecurityException
*/
protected function initialize()
{
if ($this->initialized) {
return;
}
$this->policyConfiguration = $this->configurationManager->getConfiguration(ConfigurationManager::CONFIGURATION_TYPE_POLICY);
$this->emitConfigurationLoaded($this->policyConfiguration);
$this->initializePrivilegeTargets();
$privilegeTargetsForEverybody = $this->privilegeTargets;
$this->roles = [];
$everybodyRole = new Role('Neos.Flow:Everybody');
$everybodyRole->setAbstract(true);
if (isset($this->policyConfiguration['roles'])) {
foreach ($this->policyConfiguration['roles'] as $roleIdentifier => $roleConfiguration) {
if ($roleIdentifier === 'Neos.Flow:Everybody') {
$role = $everybodyRole;
} else {
$role = new Role($roleIdentifier);
if (isset($roleConfiguration['abstract'])) {
$role->setAbstract((bool) $roleConfiguration['abstract']);
}
}
if (isset($roleConfiguration['privileges'])) {
foreach ($roleConfiguration['privileges'] as $privilegeConfiguration) {
$privilegeTargetIdentifier = $privilegeConfiguration['privilegeTarget'];
if (!isset($this->privilegeTargets[$privilegeTargetIdentifier])) {
throw new SecurityException(sprintf('privilege target "%s", referenced in role configuration "%s" is not defined!', $privilegeTargetIdentifier, $roleIdentifier), 1395869320);
}
$privilegeTarget = $this->privilegeTargets[$privilegeTargetIdentifier];
if (!isset($privilegeConfiguration['permission'])) {
throw new SecurityException(sprintf('No permission set for privilegeTarget "%s" in Role "%s"', $privilegeTargetIdentifier, $roleIdentifier), 1395869331);
}
$privilegeParameters = isset($privilegeConfiguration['parameters']) ? $privilegeConfiguration['parameters'] : [];
try {
$privilege = $privilegeTarget->createPrivilege($privilegeConfiguration['permission'], $privilegeParameters);
} catch (\Exception $exception) {
throw new SecurityException(sprintf('Error for privilegeTarget "%s" in Role "%s": %s', $privilegeTargetIdentifier, $roleIdentifier, $exception->getMessage()), 1401886654, $exception);
}
$role->addPrivilege($privilege);
if ($roleIdentifier === 'Neos.Flow:Everybody') {
unset($privilegeTargetsForEverybody[$privilegeTargetIdentifier]);
}
}
}
$this->roles[$roleIdentifier] = $role;
}
}
// create ABSTAIN privilege for all uncovered privilegeTargets
/** @var PrivilegeTarget $privilegeTarget */
foreach ($privilegeTargetsForEverybody as $privilegeTarget) {
if ($privilegeTarget->hasParameters()) {
continue;
}
$everybodyRole->addPrivilege($privilegeTarget->createPrivilege(PrivilegeInterface::ABSTAIN));
}
$this->roles['Neos.Flow:Everybody'] = $everybodyRole;
// Set parent roles
/** @var Role $role */
foreach ($this->roles as $role) {
if (isset($this->policyConfiguration['roles'][$role->getIdentifier()]['parentRoles'])) {
foreach ($this->policyConfiguration['roles'][$role->getIdentifier()]['parentRoles'] as $parentRoleIdentifier) {
$role->addParentRole($this->roles[$parentRoleIdentifier]);
}
}
}
$this->emitRolesInitialized($this->roles);
$this->initialized = true;
}
