From 910314570a16f074d94954f30c2941b1e7da652d Mon Sep 17 00:00:00 2001 From: Bastian Waidelich Date: Wed, 23 Oct 2024 12:13:24 +0200 Subject: [PATCH] Adjust to account based authorization --- Classes/Fusion/Helper/WorkspaceHelper.php | 6 +++++- .../Configuration/ConfigurationProvider.php | 10 +++++++--- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/Classes/Fusion/Helper/WorkspaceHelper.php b/Classes/Fusion/Helper/WorkspaceHelper.php index c4c0953b92..3d02ce1045 100644 --- a/Classes/Fusion/Helper/WorkspaceHelper.php +++ b/Classes/Fusion/Helper/WorkspaceHelper.php @@ -71,9 +71,13 @@ public function getPersonalWorkspace(ContentRepositoryId $contentRepositoryId): if ($currentUser === null) { return []; } + $authenticatedAccount = $this->securityContext->getAccount(); + if ($authenticatedAccount === null) { + return []; + } $contentRepository = $this->contentRepositoryRegistry->get($contentRepositoryId); $personalWorkspace = $this->workspaceService->getPersonalWorkspaceForUser($contentRepositoryId, $currentUser->getId()); - $personalWorkspacePermissions = $this->contentRepositoryAuthorizationService->getWorkspacePermissionsForUser($contentRepositoryId, $personalWorkspace->workspaceName, $currentUser); + $personalWorkspacePermissions = $this->contentRepositoryAuthorizationService->getWorkspacePermissionsForAccount($contentRepositoryId, $personalWorkspace->workspaceName, $authenticatedAccount); $publishableNodes = $this->uiWorkspaceService->getPublishableNodeInfo($personalWorkspace->workspaceName, $contentRepository->id); return [ 'name' => $personalWorkspace->workspaceName->value, diff --git a/Classes/Infrastructure/Configuration/ConfigurationProvider.php b/Classes/Infrastructure/Configuration/ConfigurationProvider.php index ef004c04ca..10c7a7cdf8 100644 --- a/Classes/Infrastructure/Configuration/ConfigurationProvider.php +++ b/Classes/Infrastructure/Configuration/ConfigurationProvider.php @@ -18,6 +18,7 @@ use Neos\Flow\Annotations as Flow; use Neos\Flow\Configuration\ConfigurationManager; use Neos\Flow\Mvc\Routing\UriBuilder; +use Neos\Flow\Security\Context as SecurityContext; use Neos\Neos\Domain\Model\WorkspaceClassification; use Neos\Neos\Domain\Service\WorkspaceService; use Neos\Neos\Security\Authorization\ContentRepositoryAuthorizationService; @@ -34,6 +35,9 @@ final class ConfigurationProvider implements ConfigurationProviderInterface #[Flow\Inject] protected UserService $userService; + #[Flow\Inject] + protected SecurityContext $securityContext; + #[Flow\Inject] protected ConfigurationManager $configurationManager; @@ -97,8 +101,8 @@ public function getConfiguration( */ private function getAllowedTargetWorkspaces(ContentRepository $contentRepository): array { - $backendUser = $this->userService->getBackendUser(); - if ($backendUser === null) { + $authenticatedAccount = $this->securityContext->getAccount(); + if ($authenticatedAccount === null) { return []; } $result = []; @@ -107,7 +111,7 @@ private function getAllowedTargetWorkspaces(ContentRepository $contentRepository if (!in_array($workspaceMetadata->classification, [WorkspaceClassification::ROOT, WorkspaceClassification::SHARED], true)) { continue; } - $workspacePermissions = $this->contentRepositoryAuthorizationService->getWorkspacePermissionsForUser($contentRepository->id, $workspace->workspaceName, $backendUser); + $workspacePermissions = $this->contentRepositoryAuthorizationService->getWorkspacePermissionsForAccount($contentRepository->id, $workspace->workspaceName, $authenticatedAccount); if ($workspacePermissions->read === false) { continue; }