-
-
Notifications
You must be signed in to change notification settings - Fork 224
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Policies / Security #3732
Comments
Some rough ideas that I just discussed with @skurfuerst
Maybe the following can work:We extend the restriction edges (that are currently used to disable nodes recursively) so that we can have multiple dimensions (!=content dimensions - we need to find a better wording). For example "disabled" and "member_area", ... The VisibilityConstraints::forAttributes('disabled', 'member_area'); That will allow to omit nodes based on the attributes¹ the currently authenticated user has access to. We should probably not use this mechanism to hide nodes from the Neos Backend UI. The easiest way would be to extend the Lastly we need a way to restrict Commands based on some ACL. But I would consider this easier to do, especially if the ReadModel knows about the "attributes" of the node to deal with, i.e. it could be another constraint check like: $parentNodeAggregate = $this->requireProjectedNodeAggregate(
$command->contentStreamId,
$command->parentNodeAggregateId,
$contentRepository
);
$this->requireNodeAttributes($parentNodeAggregate, ...); ¹ I used "attributes" here for the "visibility constraints dimension", but maybe we find a better name |
@skurfuerst I just moved this to |
Thanks, good catch! |
Idea (as discussed):We could extend the final class VisibilityConstraints
{
private function __construct(
public readonly AccessibleAttributes $accessibleTags,
public readonly AccessibleContentStreams $accessibleContentStreams,
) {}
// ...
public static function withoutRestrictions(): self
{
return new VisibilityConstraints(AccessibleAttributes::all(), AccessibleContentStreams::all());
}
}
|
After thinking about this again, I think we should rename VisibilityConstraints to something along the lines of "ViewingMode" and then have:
And then something like: The interface PrivilegeProviderInterface {
function getWritePrivileges(): WritePrivileges;
function getReadPrivileges(ViewingMode $mode): ReadPrivileges;
}
|
I like the concept :) I feel ViewingMode is still a bit "German" but I do not have a better idea yet. Is ViewMode better? I am still unsure whether ViewingMode is so much better than VisibilityConstraints, so that it justifies a backwards compatibility break? Because we will make s really hard time to our users if we start renaming such core classes again and again - imho this time should be over now, as more and more people will start building on our subgraph API...) Have a nice holiday @bwaidelich ❤️ |
@skurfuerst you are right.. I was still stuck on the thought that we need something on top of visibility constraints for things like "Document Tree Context", but we can probably just "reuse" them for this. We still have to think of some kind of migration path for < Neos 9 privileges. I also wonder whether the current behavior of the restriction edges might lead to confusion. E.g.: You could tag a node and that tag would be "inherited" to all descendants. But you could additionally tag descendants with the same tag.. Maybe just a matter of good documentation. |
so should we actually revert this whole wip |
currently this feature is not implemented see #3732
Some updates after talking to @mhsdesign , @skurfuerst and @nezaniel :
|
currently this feature is not implemented see neos/neos-development-collection#3732
Neos.ContentRepository.Security
package TASK: RemoveNeos.ContentRepository.Security
#4544[ ] Implement security features based upon Subtree Tags(will be solved as part of !!! FEATURE: Content Repository Privileges #5298)The text was updated successfully, but these errors were encountered: