Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FEATURE: isDescendantOfNodetype matcher #5291

Open
wants to merge 7 commits into
base: 8.4
Choose a base branch
from
Open

FEATURE: isDescendantOfNodetype matcher #5291

wants to merge 7 commits into from

Conversation

vcg-development
Copy link

I have added the isDescendantOfNodetype Condition in the Condition Generator, which uses the newly created DecendantOfNodetypeConditionGenerator in the flow-development-collection Repository (merge request pending).
It makes it possible to add a matcher to the Policies that matches all Nodes that are a descendant of the given Nodetype.

Example:
Iww.IwwDe:Artikel:
matcher: isDescendantOfNodetype(['Iww.NodeTypes:Documents.ArtikelCenshare'])

The above shown example matches all Nodes (and the node itself) that are of a certain type and makes it possible for example, using this privilegeTarget matcher, to forbid the editing of the given nodetype and all its children.

Review instructions

We needed that functionality, so we can have nodetypes that are only editable by someone with the correct role.

You can verify this change by using the isDescendantOfNodetype privilege target in a Policy.yaml and adding it to a role or use the added tests.

Checklist

  • Code follows the PSR-2 coding style
  • Tests have been created, run and adjusted as needed
  • The PR is created against the lowest maintained branch
  • Reviewer - PR Title is brief but complete and starts with FEATURE|TASK|BUGFIX
  • Reviewer - The first section explains the change briefly for change-logs
  • Reviewer - Breaking Changes are marked with !!! and have upgrade-instructions

@github-actions github-actions bot added the 8.3 label Oct 16, 2024
@mhsdesign mhsdesign changed the title Decendant of nodetype FEATURE: isDescendantOfNodetype matcher Oct 16, 2024
@vcg-development
Copy link
Author

vcg-development commented Oct 17, 2024
edited
Loading

The Tests here will fail before the other pull request is merged I think.
neos/flow-development-collection#3403
grafik
The DecendantOfNodetypeConditionGenerator is needed.

@vcg-development vcg-development changed the base branch from 8.3 to 8.4 October 22, 2024 09:48
@github-actions github-actions bot added 8.4 and removed 8.3 labels Oct 22, 2024
This was referenced Oct 23, 2024
Closed
Closed
skurfuerst
skurfuerst requested changes Oct 23, 2024
View reviewed changes
Copy link
Member

@skurfuerst skurfuerst left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @vcg-development ,

thanks for your contribution :) I have some suggestions for this change - there are some detail adjustments, and the biggest recommendation is moving the things from neos/flow-development-collection#3403 into this repo (as explained in the inline comments).

Thanks and all the best,
Sebastian
PS: I often do not see the Github notifications -> so it would be extremely helpful for me in case you work on this and need another review if you could quickly ping me on Slack (sebastian - as private message). Thanks <3

...tentRepository/Classes/Security/Authorization/Privilege/Node/Doctrine/ConditionGenerator.php Outdated Show resolved Hide resolved
Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/NodePrivilegeContext.php Outdated Show resolved Hide resolved
Neos.ContentRepository/Tests/Behavior/Features/Security/EditNodePrivilege.feature Outdated Show resolved Hide resolved
Neos.ContentRepository/Tests/Behavior/Features/Security/EditNodePrivilege.feature Outdated Show resolved Hide resolved
skurfuerst
skurfuerst requested changes Nov 7, 2024
View reviewed changes
Copy link
Member

@skurfuerst skurfuerst left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey,

thanks again, I still found some detail nitpicks and one mini functional issue I guess. Otherwise it is fine and we are close to merging when this is fixed from my side. I'll then go around and look for another reviewer :)

All the best,
Sebastian

...Classes/Security/Authorization/Privilege/Node/Doctrine/DecendantOfTypeConditionGenerator.php Outdated Show resolved Hide resolved
...Classes/Security/Authorization/Privilege/Node/Doctrine/DecendantOfTypeConditionGenerator.php Outdated Show resolved Hide resolved
...Classes/Security/Authorization/Privilege/Node/Doctrine/DecendantOfTypeConditionGenerator.php Outdated Show resolved Hide resolved
...tentRepository/Classes/Security/Authorization/Privilege/Node/Doctrine/ConditionGenerator.php Show resolved Hide resolved
...Classes/Security/Authorization/Privilege/Node/Doctrine/DecendantOfTypeConditionGenerator.php Outdated Show resolved Hide resolved
...Classes/Security/Authorization/Privilege/Node/Doctrine/DecendantOfTypeConditionGenerator.php Outdated Show resolved Hide resolved
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@skurfuerst skurfuerst Awaiting requested review from skurfuerst

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
8.4 Feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@vcg-development @skurfuerst @oherrmannVogel