From 9a4e3d13747bff98d14cf62753fd58338b1419a9 Mon Sep 17 00:00:00 2001 From: Jenkins Date: Thu, 10 Oct 2024 14:30:49 +0000 Subject: [PATCH 1/9] TASK: Update references [skip ci] --- Neos.Neos/Documentation/References/CommandReference.rst | 2 +- Neos.Neos/Documentation/References/EelHelpersReference.rst | 2 +- .../Documentation/References/FlowQueryOperationReference.rst | 2 +- .../Documentation/References/Signals/ContentRepository.rst | 2 +- Neos.Neos/Documentation/References/Signals/Flow.rst | 2 +- Neos.Neos/Documentation/References/Signals/Media.rst | 2 +- Neos.Neos/Documentation/References/Signals/Neos.rst | 2 +- Neos.Neos/Documentation/References/Validators/Flow.rst | 2 +- Neos.Neos/Documentation/References/Validators/Media.rst | 2 +- Neos.Neos/Documentation/References/Validators/Party.rst | 2 +- .../Documentation/References/ViewHelpers/ContentRepository.rst | 2 +- Neos.Neos/Documentation/References/ViewHelpers/FluidAdaptor.rst | 2 +- Neos.Neos/Documentation/References/ViewHelpers/Form.rst | 2 +- Neos.Neos/Documentation/References/ViewHelpers/Fusion.rst | 2 +- Neos.Neos/Documentation/References/ViewHelpers/Media.rst | 2 +- Neos.Neos/Documentation/References/ViewHelpers/Neos.rst | 2 +- Neos.Neos/Documentation/References/ViewHelpers/TYPO3Fluid.rst | 2 +- 17 files changed, 17 insertions(+), 17 deletions(-) diff --git a/Neos.Neos/Documentation/References/CommandReference.rst b/Neos.Neos/Documentation/References/CommandReference.rst index 0bb54bf1ee9..d191640a84c 100644 --- a/Neos.Neos/Documentation/References/CommandReference.rst +++ b/Neos.Neos/Documentation/References/CommandReference.rst @@ -19,7 +19,7 @@ commands that may be available, use:: ./flow help -The following reference was automatically generated from code on 2024-09-11 +The following reference was automatically generated from code on 2024-10-10 .. _`Neos Command Reference: NEOS.CONTENTREPOSITORY`: diff --git a/Neos.Neos/Documentation/References/EelHelpersReference.rst b/Neos.Neos/Documentation/References/EelHelpersReference.rst index 5ff701f25be..8e4706db8cd 100644 --- a/Neos.Neos/Documentation/References/EelHelpersReference.rst +++ b/Neos.Neos/Documentation/References/EelHelpersReference.rst @@ -3,7 +3,7 @@ Eel Helpers Reference ===================== -This reference was automatically generated from code on 2024-09-11 +This reference was automatically generated from code on 2024-10-10 .. _`Eel Helpers Reference: Api`: diff --git a/Neos.Neos/Documentation/References/FlowQueryOperationReference.rst b/Neos.Neos/Documentation/References/FlowQueryOperationReference.rst index 3e963426271..c140cf71330 100644 --- a/Neos.Neos/Documentation/References/FlowQueryOperationReference.rst +++ b/Neos.Neos/Documentation/References/FlowQueryOperationReference.rst @@ -3,7 +3,7 @@ FlowQuery Operation Reference ============================= -This reference was automatically generated from code on 2024-09-11 +This reference was automatically generated from code on 2024-10-10 .. _`FlowQuery Operation Reference: add`: diff --git a/Neos.Neos/Documentation/References/Signals/ContentRepository.rst b/Neos.Neos/Documentation/References/Signals/ContentRepository.rst index d402575b207..0e9b35fff1d 100644 --- a/Neos.Neos/Documentation/References/Signals/ContentRepository.rst +++ b/Neos.Neos/Documentation/References/Signals/ContentRepository.rst @@ -3,7 +3,7 @@ Content Repository Signals Reference ==================================== -This reference was automatically generated from code on 2024-09-11 +This reference was automatically generated from code on 2024-10-10 .. _`Content Repository Signals Reference: Context (``Neos\ContentRepository\Domain\Service\Context``)`: diff --git a/Neos.Neos/Documentation/References/Signals/Flow.rst b/Neos.Neos/Documentation/References/Signals/Flow.rst index 6957acf5283..615ea2a5f94 100644 --- a/Neos.Neos/Documentation/References/Signals/Flow.rst +++ b/Neos.Neos/Documentation/References/Signals/Flow.rst @@ -3,7 +3,7 @@ Flow Signals Reference ====================== -This reference was automatically generated from code on 2024-09-11 +This reference was automatically generated from code on 2024-10-10 .. _`Flow Signals Reference: AbstractAdvice (``Neos\Flow\Aop\Advice\AbstractAdvice``)`: diff --git a/Neos.Neos/Documentation/References/Signals/Media.rst b/Neos.Neos/Documentation/References/Signals/Media.rst index 95756d464b2..fb2810bc815 100644 --- a/Neos.Neos/Documentation/References/Signals/Media.rst +++ b/Neos.Neos/Documentation/References/Signals/Media.rst @@ -3,7 +3,7 @@ Media Signals Reference ======================= -This reference was automatically generated from code on 2024-09-11 +This reference was automatically generated from code on 2024-10-10 .. _`Media Signals Reference: AssetCollectionController (``Neos\Media\Browser\Controller\AssetCollectionController``)`: diff --git a/Neos.Neos/Documentation/References/Signals/Neos.rst b/Neos.Neos/Documentation/References/Signals/Neos.rst index 54cce8d99c9..b292c9e2c8f 100644 --- a/Neos.Neos/Documentation/References/Signals/Neos.rst +++ b/Neos.Neos/Documentation/References/Signals/Neos.rst @@ -3,7 +3,7 @@ Neos Signals Reference ====================== -This reference was automatically generated from code on 2024-09-11 +This reference was automatically generated from code on 2024-10-10 .. _`Neos Signals Reference: AbstractCreate (``Neos\Neos\Ui\Domain\Model\Changes\AbstractCreate``)`: diff --git a/Neos.Neos/Documentation/References/Validators/Flow.rst b/Neos.Neos/Documentation/References/Validators/Flow.rst index 4dd63195cca..d6d5407dd4a 100644 --- a/Neos.Neos/Documentation/References/Validators/Flow.rst +++ b/Neos.Neos/Documentation/References/Validators/Flow.rst @@ -3,7 +3,7 @@ Flow Validator Reference ======================== -This reference was automatically generated from code on 2024-09-11 +This reference was automatically generated from code on 2024-10-10 .. _`Flow Validator Reference: AggregateBoundaryValidator`: diff --git a/Neos.Neos/Documentation/References/Validators/Media.rst b/Neos.Neos/Documentation/References/Validators/Media.rst index bd8a8ab1d51..c3fbc2d2dd6 100644 --- a/Neos.Neos/Documentation/References/Validators/Media.rst +++ b/Neos.Neos/Documentation/References/Validators/Media.rst @@ -3,7 +3,7 @@ Media Validator Reference ========================= -This reference was automatically generated from code on 2024-09-11 +This reference was automatically generated from code on 2024-10-10 .. _`Media Validator Reference: ImageOrientationValidator`: diff --git a/Neos.Neos/Documentation/References/Validators/Party.rst b/Neos.Neos/Documentation/References/Validators/Party.rst index fa76ee8febf..11a0cdee6fa 100644 --- a/Neos.Neos/Documentation/References/Validators/Party.rst +++ b/Neos.Neos/Documentation/References/Validators/Party.rst @@ -3,7 +3,7 @@ Party Validator Reference ========================= -This reference was automatically generated from code on 2024-09-11 +This reference was automatically generated from code on 2024-10-10 .. _`Party Validator Reference: AimAddressValidator`: diff --git a/Neos.Neos/Documentation/References/ViewHelpers/ContentRepository.rst b/Neos.Neos/Documentation/References/ViewHelpers/ContentRepository.rst index 3eaa8096f6f..0c7a968afc4 100644 --- a/Neos.Neos/Documentation/References/ViewHelpers/ContentRepository.rst +++ b/Neos.Neos/Documentation/References/ViewHelpers/ContentRepository.rst @@ -3,7 +3,7 @@ Content Repository ViewHelper Reference ####################################### -This reference was automatically generated from code on 2024-09-11 +This reference was automatically generated from code on 2024-10-10 .. _`Content Repository ViewHelper Reference: PaginateViewHelper`: diff --git a/Neos.Neos/Documentation/References/ViewHelpers/FluidAdaptor.rst b/Neos.Neos/Documentation/References/ViewHelpers/FluidAdaptor.rst index d24d20345c7..54b558994c7 100644 --- a/Neos.Neos/Documentation/References/ViewHelpers/FluidAdaptor.rst +++ b/Neos.Neos/Documentation/References/ViewHelpers/FluidAdaptor.rst @@ -3,7 +3,7 @@ FluidAdaptor ViewHelper Reference ################################# -This reference was automatically generated from code on 2024-09-11 +This reference was automatically generated from code on 2024-10-10 .. _`FluidAdaptor ViewHelper Reference: f:debug`: diff --git a/Neos.Neos/Documentation/References/ViewHelpers/Form.rst b/Neos.Neos/Documentation/References/ViewHelpers/Form.rst index 0c7402f3a7f..851e01051fd 100644 --- a/Neos.Neos/Documentation/References/ViewHelpers/Form.rst +++ b/Neos.Neos/Documentation/References/ViewHelpers/Form.rst @@ -3,7 +3,7 @@ Form ViewHelper Reference ######################### -This reference was automatically generated from code on 2024-09-11 +This reference was automatically generated from code on 2024-10-10 .. _`Form ViewHelper Reference: neos.form:form`: diff --git a/Neos.Neos/Documentation/References/ViewHelpers/Fusion.rst b/Neos.Neos/Documentation/References/ViewHelpers/Fusion.rst index 8dc257cfa29..4c8624fbc57 100644 --- a/Neos.Neos/Documentation/References/ViewHelpers/Fusion.rst +++ b/Neos.Neos/Documentation/References/ViewHelpers/Fusion.rst @@ -3,7 +3,7 @@ Fusion ViewHelper Reference ########################### -This reference was automatically generated from code on 2024-09-11 +This reference was automatically generated from code on 2024-10-10 .. _`Fusion ViewHelper Reference: fusion:render`: diff --git a/Neos.Neos/Documentation/References/ViewHelpers/Media.rst b/Neos.Neos/Documentation/References/ViewHelpers/Media.rst index f7cc8b27dad..4a1ff5cc7a7 100644 --- a/Neos.Neos/Documentation/References/ViewHelpers/Media.rst +++ b/Neos.Neos/Documentation/References/ViewHelpers/Media.rst @@ -3,7 +3,7 @@ Media ViewHelper Reference ########################## -This reference was automatically generated from code on 2024-09-11 +This reference was automatically generated from code on 2024-10-10 .. _`Media ViewHelper Reference: neos.media:fileTypeIcon`: diff --git a/Neos.Neos/Documentation/References/ViewHelpers/Neos.rst b/Neos.Neos/Documentation/References/ViewHelpers/Neos.rst index bcbebf833ac..7fea180b4bb 100644 --- a/Neos.Neos/Documentation/References/ViewHelpers/Neos.rst +++ b/Neos.Neos/Documentation/References/ViewHelpers/Neos.rst @@ -3,7 +3,7 @@ Neos ViewHelper Reference ######################### -This reference was automatically generated from code on 2024-09-11 +This reference was automatically generated from code on 2024-10-10 .. _`Neos ViewHelper Reference: neos:backend.authenticationProviderLabel`: diff --git a/Neos.Neos/Documentation/References/ViewHelpers/TYPO3Fluid.rst b/Neos.Neos/Documentation/References/ViewHelpers/TYPO3Fluid.rst index b9653a07ce9..dcf0e9008f3 100644 --- a/Neos.Neos/Documentation/References/ViewHelpers/TYPO3Fluid.rst +++ b/Neos.Neos/Documentation/References/ViewHelpers/TYPO3Fluid.rst @@ -3,7 +3,7 @@ TYPO3 Fluid ViewHelper Reference ################################ -This reference was automatically generated from code on 2024-09-11 +This reference was automatically generated from code on 2024-10-10 .. _`TYPO3 Fluid ViewHelper Reference: f:alias`: From 59343237db1d3bb4693c667f6a1a4cc6e0a9e67f Mon Sep 17 00:00:00 2001 From: vcg-development Date: Mon, 14 Oct 2024 09:13:56 +0200 Subject: [PATCH 2/9] Add isDescendantOfNodetype Condition --- .../Node/Doctrine/ConditionGenerator.php | 12 +++++++++ .../Privilege/Node/NodePrivilegeContext.php | 27 +++++++++++++++++++ 2 files changed, 39 insertions(+) diff --git a/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/Doctrine/ConditionGenerator.php b/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/Doctrine/ConditionGenerator.php index ac708a5247f..3a09d5733bd 100644 --- a/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/Doctrine/ConditionGenerator.php +++ b/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/Doctrine/ConditionGenerator.php @@ -18,6 +18,7 @@ use Neos\Flow\Security\Authorization\Privilege\Entity\Doctrine\ConditionGenerator as EntityConditionGenerator; use Neos\Flow\Security\Authorization\Privilege\Entity\Doctrine\DisjunctionGenerator; use Neos\Flow\Security\Authorization\Privilege\Entity\Doctrine\PropertyConditionGenerator; +use Neos\Flow\Security\Authorization\Privilege\Entity\Doctrine\DecendantOfNodetypeConditionGenerator; use Neos\Flow\Security\Exception\InvalidPrivilegeException; use Neos\ContentRepository\Domain\Model\NodeData; use Neos\ContentRepository\Domain\Model\NodeInterface; @@ -86,6 +87,17 @@ public function isDescendantNodeOf($nodePathOrIdentifier) return new DisjunctionGenerator([$propertyConditionGenerator1->like($nodePath . '/%'), $propertyConditionGenerator2->equals($nodePath)]); } + /** + * @param array $nodeTypes + * @return PropertyConditionGenerator + */ + public function isDescendantOfNodetype($nodeTypes) + { + $propertyConditionGenerator1 = new DecendantOfNodetypeConditionGenerator($nodeTypes); + + return $propertyConditionGenerator1; + } + /** * @param string|array $nodeTypes * @return PropertyConditionGenerator diff --git a/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/NodePrivilegeContext.php b/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/NodePrivilegeContext.php index aba4e98892c..3fa95a7dea9 100644 --- a/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/NodePrivilegeContext.php +++ b/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/NodePrivilegeContext.php @@ -17,6 +17,7 @@ use Neos\ContentRepository\Domain\Model\NodeInterface; use Neos\ContentRepository\Domain\Service\ContentDimensionPresetSourceInterface; use Neos\ContentRepository\Domain\Service\ContextFactory; +use Neos\Eel\FlowQuery\FlowQuery; /** * An Eel context matching expression for the node privileges @@ -104,6 +105,32 @@ public function isDescendantNodeOf($nodePathOrIdentifier) return substr($this->node->getPath() . '/', 0, strlen($nodePath)) === $nodePath; } + /** + * + * @param string|array $nodeTypes A single or an array of fully qualified NodeType name(s), e.g. "Neos.Neos:Document" + * @return boolean true if the given node matches otherwise false + */ + public function isDescendantOfNodetype($nodeTypes) + { + if ($this->node === null) { + return true; + } + if (!is_array($nodeTypes)) { + $nodeTypes = [$nodeTypes]; + } + + foreach ($nodeTypes as $nodeType) { + $fq = new FlowQuery([$this->node]); + + $counted = $fq->closest('[instanceof ' . $nodeType . ']')->count(); + + if ($counted > 0) { + return true; + } + } + return false; + } + /** * Matches if the selected node is a *descendant* or *ancestor* of the given node specified by $nodePathOrIdentifier * From 2f86eecc95e07f8bd085a7c22a065d1774782e7d Mon Sep 17 00:00:00 2001 From: vcg-development Date: Mon, 14 Oct 2024 09:13:56 +0200 Subject: [PATCH 3/9] Add isDescendantOfNodetype Condition --- .../Node/Doctrine/ConditionGenerator.php | 12 +++++++++ .../Privilege/Node/NodePrivilegeContext.php | 27 +++++++++++++++++++ 2 files changed, 39 insertions(+) diff --git a/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/Doctrine/ConditionGenerator.php b/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/Doctrine/ConditionGenerator.php index ac708a5247f..3a09d5733bd 100644 --- a/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/Doctrine/ConditionGenerator.php +++ b/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/Doctrine/ConditionGenerator.php @@ -18,6 +18,7 @@ use Neos\Flow\Security\Authorization\Privilege\Entity\Doctrine\ConditionGenerator as EntityConditionGenerator; use Neos\Flow\Security\Authorization\Privilege\Entity\Doctrine\DisjunctionGenerator; use Neos\Flow\Security\Authorization\Privilege\Entity\Doctrine\PropertyConditionGenerator; +use Neos\Flow\Security\Authorization\Privilege\Entity\Doctrine\DecendantOfNodetypeConditionGenerator; use Neos\Flow\Security\Exception\InvalidPrivilegeException; use Neos\ContentRepository\Domain\Model\NodeData; use Neos\ContentRepository\Domain\Model\NodeInterface; @@ -86,6 +87,17 @@ public function isDescendantNodeOf($nodePathOrIdentifier) return new DisjunctionGenerator([$propertyConditionGenerator1->like($nodePath . '/%'), $propertyConditionGenerator2->equals($nodePath)]); } + /** + * @param array $nodeTypes + * @return PropertyConditionGenerator + */ + public function isDescendantOfNodetype($nodeTypes) + { + $propertyConditionGenerator1 = new DecendantOfNodetypeConditionGenerator($nodeTypes); + + return $propertyConditionGenerator1; + } + /** * @param string|array $nodeTypes * @return PropertyConditionGenerator diff --git a/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/NodePrivilegeContext.php b/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/NodePrivilegeContext.php index aba4e98892c..3fa95a7dea9 100644 --- a/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/NodePrivilegeContext.php +++ b/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/NodePrivilegeContext.php @@ -17,6 +17,7 @@ use Neos\ContentRepository\Domain\Model\NodeInterface; use Neos\ContentRepository\Domain\Service\ContentDimensionPresetSourceInterface; use Neos\ContentRepository\Domain\Service\ContextFactory; +use Neos\Eel\FlowQuery\FlowQuery; /** * An Eel context matching expression for the node privileges @@ -104,6 +105,32 @@ public function isDescendantNodeOf($nodePathOrIdentifier) return substr($this->node->getPath() . '/', 0, strlen($nodePath)) === $nodePath; } + /** + * + * @param string|array $nodeTypes A single or an array of fully qualified NodeType name(s), e.g. "Neos.Neos:Document" + * @return boolean true if the given node matches otherwise false + */ + public function isDescendantOfNodetype($nodeTypes) + { + if ($this->node === null) { + return true; + } + if (!is_array($nodeTypes)) { + $nodeTypes = [$nodeTypes]; + } + + foreach ($nodeTypes as $nodeType) { + $fq = new FlowQuery([$this->node]); + + $counted = $fq->closest('[instanceof ' . $nodeType . ']')->count(); + + if ($counted > 0) { + return true; + } + } + return false; + } + /** * Matches if the selected node is a *descendant* or *ancestor* of the given node specified by $nodePathOrIdentifier * From 94e6956bce89e254efdc4045f66b0a3dbb4ac6d3 Mon Sep 17 00:00:00 2001 From: vcg-development Date: Wed, 16 Oct 2024 14:31:11 +0200 Subject: [PATCH 4/9] Add isDescendantOfNodetype Tests --- .../Security/EditNodePrivilege.feature | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/Neos.ContentRepository/Tests/Behavior/Features/Security/EditNodePrivilege.feature b/Neos.ContentRepository/Tests/Behavior/Features/Security/EditNodePrivilege.feature index 230ac3de6f4..8ffce17ce56 100644 --- a/Neos.ContentRepository/Tests/Behavior/Features/Security/EditNodePrivilege.feature +++ b/Neos.ContentRepository/Tests/Behavior/Features/Security/EditNodePrivilege.feature @@ -13,6 +13,9 @@ Feature: Privilege to restrict editing of nodes 'Neos.ContentRepository:EditEventNodes': matcher: 'isDescendantNodeOf("11d3aded-fb1a-70e7-1412-0b465b11fcd8")' + 'Neos.ContentRepository:EditCollectionType': + matcher: 'isDescendantOfNodetype("Neos.ContentRepository.Testing:ContentCollection")' + roles: 'Neos.Flow:Everybody': privileges: [] @@ -31,6 +34,9 @@ Feature: Privilege to restrict editing of nodes - privilegeTarget: 'Neos.ContentRepository:EditEventNodes' permission: GRANT + - + privilegeTarget: 'Neos.ContentRepository:EditCollectionType' + permission: GRANT """ And I have the following nodes: @@ -40,6 +46,26 @@ Feature: Privilege to restrict editing of nodes | 68ca0dcd-2afb-ef0e-1106-a5301e65b8a0 | /sites/content-repository/company | Neos.ContentRepository.Testing:Document | {"title": "Company"} | live | | 52540602-b417-11e3-9358-14109fd7a2dd | /sites/content-repository/service | Neos.ContentRepository.Testing:Document | {"title": "Service"} | live | | 11d3aded-fb1a-70e7-1412-0b465b11fcd8 | /sites/content-repository/events | Neos.ContentRepository.Testing:Document | {"title": "Events", "description": "Some cool event"} | live | + | d09c4e76-79c6-45d9-a12a-c1a06450329c | /sites/content-repository/service/collection | Neos.ContentRepository.Testing:ContentCollection | {} | live | + | 4f7230ba-36b2-4dc3-96fa-b4159371cd3b | /sites/content-repository/service/collection/text | Neos.ContentRepository.Testing:Text | {"text": "Cool text"} | live | + + @Isolated @fixtures + Scenario: Anonymous users are not granted to edit childnodes on ContenCollection nodetypes + Given I am not authenticated + And I get a node by path "/sites/content-repository/service/collection/text" with the following context: + | Workspace | + | user-admin | + Then I should not be granted to set the "text" property to "Even cooler text" + And I should get false when asking the node authorization service if editing this node is granted + + @Isolated @fixtures + Scenario: Administrators are granted to edit childnodes on ContenCollection nodetypes + Given I am authenticated with role "Neos.ContentRepository:Administrator" + And I get a node by path "/sites/content-repository/service/collection/text" with the following context: + | Workspace | + | user-admin | + Then I should be granted to set the "text" property to "Even cooler text" + And I should get true when asking the node authorization service if editing this node is granted @Isolated @fixtures Scenario: Anonymous users are granted to set properties on company node From 2e63adf0a6f48c93b903899404e8337c58797bf5 Mon Sep 17 00:00:00 2001 From: "oskar.herrmann" Date: Fri, 25 Oct 2024 14:53:17 +0200 Subject: [PATCH 5/9] Move DecendantOfTypeConditionGenarator, Fix typos, rename isDescendantofNodetype --- .../Node/Doctrine/ConditionGenerator.php | 8 ++- .../DecendantOfTypeConditionGenerator.php | 49 +++++++++++++++++++ .../Privilege/Node/NodePrivilegeContext.php | 2 +- .../Security/EditNodePrivilege.feature | 6 +-- 4 files changed, 56 insertions(+), 9 deletions(-) create mode 100644 Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/Doctrine/DecendantOfTypeConditionGenerator.php diff --git a/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/Doctrine/ConditionGenerator.php b/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/Doctrine/ConditionGenerator.php index 3a09d5733bd..0ce51179fa3 100644 --- a/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/Doctrine/ConditionGenerator.php +++ b/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/Doctrine/ConditionGenerator.php @@ -18,7 +18,7 @@ use Neos\Flow\Security\Authorization\Privilege\Entity\Doctrine\ConditionGenerator as EntityConditionGenerator; use Neos\Flow\Security\Authorization\Privilege\Entity\Doctrine\DisjunctionGenerator; use Neos\Flow\Security\Authorization\Privilege\Entity\Doctrine\PropertyConditionGenerator; -use Neos\Flow\Security\Authorization\Privilege\Entity\Doctrine\DecendantOfNodetypeConditionGenerator; +use Neos\ContentRepository\Security\Authorization\Privilege\Node\Doctrine\DecendantOfTypeConditionGenerator; use Neos\Flow\Security\Exception\InvalidPrivilegeException; use Neos\ContentRepository\Domain\Model\NodeData; use Neos\ContentRepository\Domain\Model\NodeInterface; @@ -91,11 +91,9 @@ public function isDescendantNodeOf($nodePathOrIdentifier) * @param array $nodeTypes * @return PropertyConditionGenerator */ - public function isDescendantOfNodetype($nodeTypes) + public function isDescendantOfType($nodeTypes) { - $propertyConditionGenerator1 = new DecendantOfNodetypeConditionGenerator($nodeTypes); - - return $propertyConditionGenerator1; + return new DecendantOfTypeConditionGenerator($nodeTypes); } /** diff --git a/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/Doctrine/DecendantOfTypeConditionGenerator.php b/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/Doctrine/DecendantOfTypeConditionGenerator.php new file mode 100644 index 00000000000..5f50b16218b --- /dev/null +++ b/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/Doctrine/DecendantOfTypeConditionGenerator.php @@ -0,0 +1,49 @@ +nodetypes = $nodetypes; + } + + /** + * Returns an SQL query part that is basically a no-op in order to match any entity + * + * @param DoctrineSqlFilter $sqlFilter + * @param ClassMetadata $targetEntity + * @param string $targetTableAlias + * @return string + */ + public function getSql(DoctrineSqlFilter $sqlFilter, ClassMetadata $targetEntity, $targetTableAlias) + { + $nodetypeList = implode("','", $this->nodetypes); + + return "select * from public.neos_contentrepository_domain_model_nodedata n1 + JOIN public.neos_contentrepository_domain_model_nodedata n2 ON n1.path LIKE CONCAT('%', n2.path, '%') + WHERE n2.nodetype in ('" . $nodetypeList . "')"; + } +} diff --git a/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/NodePrivilegeContext.php b/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/NodePrivilegeContext.php index 3fa95a7dea9..2c0e9e92f9a 100644 --- a/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/NodePrivilegeContext.php +++ b/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/NodePrivilegeContext.php @@ -110,7 +110,7 @@ public function isDescendantNodeOf($nodePathOrIdentifier) * @param string|array $nodeTypes A single or an array of fully qualified NodeType name(s), e.g. "Neos.Neos:Document" * @return boolean true if the given node matches otherwise false */ - public function isDescendantOfNodetype($nodeTypes) + public function isDescendantOfType($nodeTypes) { if ($this->node === null) { return true; diff --git a/Neos.ContentRepository/Tests/Behavior/Features/Security/EditNodePrivilege.feature b/Neos.ContentRepository/Tests/Behavior/Features/Security/EditNodePrivilege.feature index 8ffce17ce56..9c831dbd7a6 100644 --- a/Neos.ContentRepository/Tests/Behavior/Features/Security/EditNodePrivilege.feature +++ b/Neos.ContentRepository/Tests/Behavior/Features/Security/EditNodePrivilege.feature @@ -14,7 +14,7 @@ Feature: Privilege to restrict editing of nodes matcher: 'isDescendantNodeOf("11d3aded-fb1a-70e7-1412-0b465b11fcd8")' 'Neos.ContentRepository:EditCollectionType': - matcher: 'isDescendantOfNodetype("Neos.ContentRepository.Testing:ContentCollection")' + matcher: 'isDescendantOfType("Neos.ContentRepository.Testing:ContentCollection")' roles: 'Neos.Flow:Everybody': @@ -50,7 +50,7 @@ Feature: Privilege to restrict editing of nodes | 4f7230ba-36b2-4dc3-96fa-b4159371cd3b | /sites/content-repository/service/collection/text | Neos.ContentRepository.Testing:Text | {"text": "Cool text"} | live | @Isolated @fixtures - Scenario: Anonymous users are not granted to edit childnodes on ContenCollection nodetypes + Scenario: Anonymous users are not granted to edit childnodes on ContentCollection nodetypes Given I am not authenticated And I get a node by path "/sites/content-repository/service/collection/text" with the following context: | Workspace | @@ -59,7 +59,7 @@ Feature: Privilege to restrict editing of nodes And I should get false when asking the node authorization service if editing this node is granted @Isolated @fixtures - Scenario: Administrators are granted to edit childnodes on ContenCollection nodetypes + Scenario: Administrators are granted to edit childnodes on ContentCollection nodetypes Given I am authenticated with role "Neos.ContentRepository:Administrator" And I get a node by path "/sites/content-repository/service/collection/text" with the following context: | Workspace | From e3b508116cbfc35b5e5d569edd96a78617f8e547 Mon Sep 17 00:00:00 2001 From: "oskar.herrmann" Date: Fri, 25 Oct 2024 14:58:17 +0200 Subject: [PATCH 6/9] Remove unused line ci fix --- .../Authorization/Privilege/Node/Doctrine/ConditionGenerator.php | 1 - 1 file changed, 1 deletion(-) diff --git a/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/Doctrine/ConditionGenerator.php b/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/Doctrine/ConditionGenerator.php index 0ce51179fa3..72e0518aada 100644 --- a/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/Doctrine/ConditionGenerator.php +++ b/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/Doctrine/ConditionGenerator.php @@ -18,7 +18,6 @@ use Neos\Flow\Security\Authorization\Privilege\Entity\Doctrine\ConditionGenerator as EntityConditionGenerator; use Neos\Flow\Security\Authorization\Privilege\Entity\Doctrine\DisjunctionGenerator; use Neos\Flow\Security\Authorization\Privilege\Entity\Doctrine\PropertyConditionGenerator; -use Neos\ContentRepository\Security\Authorization\Privilege\Node\Doctrine\DecendantOfTypeConditionGenerator; use Neos\Flow\Security\Exception\InvalidPrivilegeException; use Neos\ContentRepository\Domain\Model\NodeData; use Neos\ContentRepository\Domain\Model\NodeInterface; From ffa40a2084133af3f170f307bb5dbe10f9f1e1e3 Mon Sep 17 00:00:00 2001 From: "oskar.herrmann" Date: Thu, 7 Nov 2024 15:18:54 +0100 Subject: [PATCH 7/9] Rename file, fix typo, add comments, change sql --- .../Privilege/Node/Doctrine/ConditionGenerator.php | 4 +++- ...ator.php => DescendantOfTypeConditionGenerator.php} | 10 +++++----- 2 files changed, 8 insertions(+), 6 deletions(-) rename Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/Doctrine/{DecendantOfTypeConditionGenerator.php => DescendantOfTypeConditionGenerator.php} (76%) diff --git a/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/Doctrine/ConditionGenerator.php b/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/Doctrine/ConditionGenerator.php index 72e0518aada..17d83e3915c 100644 --- a/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/Doctrine/ConditionGenerator.php +++ b/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/Doctrine/ConditionGenerator.php @@ -87,12 +87,14 @@ public function isDescendantNodeOf($nodePathOrIdentifier) } /** + * Matches nodes underneath the given NodeType(s) + * * @param array $nodeTypes * @return PropertyConditionGenerator */ public function isDescendantOfType($nodeTypes) { - return new DecendantOfTypeConditionGenerator($nodeTypes); + return new DescendantOfTypeConditionGenerator($nodeTypes); } /** diff --git a/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/Doctrine/DecendantOfTypeConditionGenerator.php b/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/Doctrine/DescendantOfTypeConditionGenerator.php similarity index 76% rename from Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/Doctrine/DecendantOfTypeConditionGenerator.php rename to Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/Doctrine/DescendantOfTypeConditionGenerator.php index 5f50b16218b..2958df539c8 100644 --- a/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/Doctrine/DecendantOfTypeConditionGenerator.php +++ b/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/Doctrine/DescendantOfTypeConditionGenerator.php @@ -2,7 +2,7 @@ namespace Neos\ContentRepository\Security\Authorization\Privilege\Node\Doctrine; /* - * This file is part of the Neos.Flow package. + * This file is part of the Neos.ContentRepository package. * * (c) Contributors of the Neos Project - www.neos.io * @@ -16,9 +16,9 @@ use Neos\Flow\Annotations as Flow; /** - * A SQL generator to create a condition matching anything. + * A SQL generator to create a condition matching a node underneath a certain node type */ -class DecendantOfTypeConditionGenerator implements SqlGeneratorInterface +class DescendantOfTypeConditionGenerator implements SqlGeneratorInterface { private array $nodetypes; @@ -31,7 +31,7 @@ public function __construct(array $nodetypes) } /** - * Returns an SQL query part that is basically a no-op in order to match any entity + * Returns an SQL query part that matches all Nodes that are underneath one of the the given NodeType(s) * * @param DoctrineSqlFilter $sqlFilter * @param ClassMetadata $targetEntity @@ -43,7 +43,7 @@ public function getSql(DoctrineSqlFilter $sqlFilter, ClassMetadata $targetEntity $nodetypeList = implode("','", $this->nodetypes); return "select * from public.neos_contentrepository_domain_model_nodedata n1 - JOIN public.neos_contentrepository_domain_model_nodedata n2 ON n1.path LIKE CONCAT('%', n2.path, '%') + JOIN public.neos_contentrepository_domain_model_nodedata n2 ON n1.path LIKE CONCAT(n2.path, '%') WHERE n2.nodetype in ('" . $nodetypeList . "')"; } } From c8c80a4fb45764077a5854ee8b2986fdef313a39 Mon Sep 17 00:00:00 2001 From: "oskar.herrmann" Date: Thu, 7 Nov 2024 15:21:35 +0100 Subject: [PATCH 8/9] Remove extra space, Ci fixes --- .../Privilege/Node/Doctrine/ConditionGenerator.php | 2 +- .../Node/Doctrine/DescendantOfTypeConditionGenerator.php | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/Doctrine/ConditionGenerator.php b/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/Doctrine/ConditionGenerator.php index 17d83e3915c..25555cc8231 100644 --- a/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/Doctrine/ConditionGenerator.php +++ b/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/Doctrine/ConditionGenerator.php @@ -88,7 +88,7 @@ public function isDescendantNodeOf($nodePathOrIdentifier) /** * Matches nodes underneath the given NodeType(s) - * + * * @param array $nodeTypes * @return PropertyConditionGenerator */ diff --git a/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/Doctrine/DescendantOfTypeConditionGenerator.php b/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/Doctrine/DescendantOfTypeConditionGenerator.php index 2958df539c8..28d30c3c307 100644 --- a/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/Doctrine/DescendantOfTypeConditionGenerator.php +++ b/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/Doctrine/DescendantOfTypeConditionGenerator.php @@ -13,7 +13,6 @@ use Doctrine\Persistence\Mapping\ClassMetadata; use Doctrine\ORM\Query\Filter\SQLFilter as DoctrineSqlFilter; -use Neos\Flow\Annotations as Flow; /** * A SQL generator to create a condition matching a node underneath a certain node type From c1b3c2358cd4ad20220b5b4eafb6f805a4f30378 Mon Sep 17 00:00:00 2001 From: "oskar.herrmann" Date: Wed, 11 Dec 2024 17:13:14 +0100 Subject: [PATCH 9/9] Remove unused import, add import, sanitize sql var --- .../Privilege/Node/Doctrine/ConditionGenerator.php | 1 - .../Doctrine/DescendantOfTypeConditionGenerator.php | 11 ++++++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/Doctrine/ConditionGenerator.php b/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/Doctrine/ConditionGenerator.php index 68139980e3c..25555cc8231 100644 --- a/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/Doctrine/ConditionGenerator.php +++ b/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/Doctrine/ConditionGenerator.php @@ -18,7 +18,6 @@ use Neos\Flow\Security\Authorization\Privilege\Entity\Doctrine\ConditionGenerator as EntityConditionGenerator; use Neos\Flow\Security\Authorization\Privilege\Entity\Doctrine\DisjunctionGenerator; use Neos\Flow\Security\Authorization\Privilege\Entity\Doctrine\PropertyConditionGenerator; -use Neos\Flow\Security\Authorization\Privilege\Entity\Doctrine\DecendantOfNodetypeConditionGenerator; use Neos\Flow\Security\Exception\InvalidPrivilegeException; use Neos\ContentRepository\Domain\Model\NodeData; use Neos\ContentRepository\Domain\Model\NodeInterface; diff --git a/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/Doctrine/DescendantOfTypeConditionGenerator.php b/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/Doctrine/DescendantOfTypeConditionGenerator.php index 28d30c3c307..26a2912647a 100644 --- a/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/Doctrine/DescendantOfTypeConditionGenerator.php +++ b/Neos.ContentRepository/Classes/Security/Authorization/Privilege/Node/Doctrine/DescendantOfTypeConditionGenerator.php @@ -13,6 +13,7 @@ use Doctrine\Persistence\Mapping\ClassMetadata; use Doctrine\ORM\Query\Filter\SQLFilter as DoctrineSqlFilter; +use Neos\Flow\Security\Authorization\Privilege\Entity\Doctrine\SqlGeneratorInterface; /** * A SQL generator to create a condition matching a node underneath a certain node type @@ -39,7 +40,15 @@ public function __construct(array $nodetypes) */ public function getSql(DoctrineSqlFilter $sqlFilter, ClassMetadata $targetEntity, $targetTableAlias) { - $nodetypeList = implode("','", $this->nodetypes); + + $nodetypes = array_map('trim', $this->nodetypes); + + $safeNodetypes = []; + foreach ($nodetypes as $nodetype) { + $safeNodetypes[] = str_replace(["'", "`"],"", $nodetype); + } + + $nodetypeList = implode("','", $safeNodetypes); return "select * from public.neos_contentrepository_domain_model_nodedata n1 JOIN public.neos_contentrepository_domain_model_nodedata n2 ON n1.path LIKE CONCAT(n2.path, '%')