FEATURE: Add Flow\Policy Attribute/Annotation
#3324
Draft
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mficzel
changed the title
Flow\Policy Annotations/AttributesFlow\Policy Attribute/Annotation
mficzel
force-pushed
the
feature/policyAnnotations
branch
5 times, most recently
from
2332d14 to
052a794
Compare
|
A better name for the |
mficzel
force-pushed
the
feature/policyAnnotations
branch
from
052a794 to
4e0f4fb
Compare
6 tasks
mficzel
force-pushed
the
feature/policyAnnotations
branch
2 times, most recently
from
512e1bd to
41304fa
Compare
mficzel
force-pushed
the
feature/policyAnnotations
branch
from
41304fa to
4e8b5c7
Compare
The `Flow\Policy` attribute allows to assign the required policies (mostly roles) directly on the affected method.
This allows to avoid dealing with Policy.yaml in projects in simple cases where is sometimes is annoying to look up the exact syntax for that.
Hint: While this is a very convenient way to add policies in project code it should not be used in libraries/packages that expect to be configured for the outside.
In such cases the policy.yaml is still preferred as it is easier to overwrite.
Usage:
```php
use Neos\Flow\Mvc\Controller\ActionController;
use Neos\Flow\Annotations as Flow;
use Neos\Flow\Security\Authorization\Privilege\PrivilegeInterface;
class ExampleController extends ActionController
{
/**
* By assigning a policy with a role argument access to the method is granted to the specified role
*/
#[Flow\Policy(role: 'Neos.Flow:Everybody')]
public function everybodyAction(): void
{
}
/**
* By specifying the permission in addition and the DENY and ABSTAIN can be configured aswell
* Flow\Policy attributes can be assigned multiple times if multiple roles are to be configured
*/
#[Flow\Policy(role: 'Neos.Flow:Administrator', permission: PrivilegeInterface::GRANT)]
#[Flow\Policy(role: 'Neos.Flow:Anonymous', permission: PrivilegeInterface::DENY)]
public function adminButNotAnonymousAction(): void
{
}
}
```
The package: `Meteko.PolicyAnnotation` by @sorenmalling implemented the same ideas earlier.
Resolves: neos#2060
mficzel
force-pushed
the
feature/policyAnnotations
branch
from
4e8b5c7 to
de803b4
Compare
|
Just discovered that the signal in the policy service is called to late for any policies that require proxy building. Will try to refactor this to the PolicyConfigurationLoader that seems to be called in time. Strange is that the roles and policies show up in the |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The
Flow\Policyattribute allows to assign the required policies (mostly roles) directly on the affected method.This allows to avoid dealing with Policy.yaml in projects in simple cases where is sometimes is annoying to look up the exact syntax for that.
Hint: While this is a very convenient way to add policies in project code it should not be used in libraries/packages that expect to be configured for the outside. In such cases the policy.yaml is still preferred as it is easier to overwrite. Also Policy yaml offers features like parameter filters that are not available via annotations.
Usage:
The package:
Meteko.PolicyAnnotationby @sorenmalling implemented the same ideas earlier.Resolves: #2060
Upgrade instructions
Review instructions
See: #3325 resolving #2059, both solutions should work hand in hand
Checklist
FEATURE|TASK|BUGFIX!!!and have upgrade-instructions