class EntityPrivilege extends AbstractPrivilege implements EntityPrivilegeInterface (View source)

A filter to rewrite doctrine queries according to the security policy.

Properties

protected ObjectManagerInterface $objectManager from  AbstractPrivilege
protected string $cacheEntryIdentifier

Unique identifier of this privilege (used for cache entries)

from  AbstractPrivilege
protected PrivilegeTarget $privilegeTarget from  AbstractPrivilege
protected PrivilegeParameterInterface[] $parameters from  AbstractPrivilege
protected string $matcher from  AbstractPrivilege
protected string $parsedMatcher from  AbstractPrivilege
protected string $permission from  AbstractPrivilege
protected bool $isEvaluated
protected string $entityType
protected SqlGeneratorInterface $conditionGenerator

Methods

void
injectObjectManager(ObjectManagerInterface $objectManager)

This object is created very early so we can't rely on AOP for the property injection

__construct(PrivilegeTarget $privilegeTarget, string $matcher, string $permission, array $parameters)

No description

void
buildCacheEntryIdentifier()

Initializes the unique cache entry identifier

string
getCacheEntryIdentifier()

Unique identifier of this privilege

bool
hasParameters()

No description

string
getPermission()

No description

bool
isGranted()

No description

bool
isAbstained()

No description

bool
isDenied()

No description

getPrivilegeTarget()

The related privilege target

string
getPrivilegeTargetIdentifier()

Unique identifier for the related privilege target (e.g. "Neos.Flow:PublicMethods")

string
getMatcher()

A matcher string, describing the privilegeTarget (e.g. pointcut expression for methods or EEL expression for entities)

string
getParsedMatcher()

Returns the matcher string with replaced parameter markers.

bool
matchesEntityType(string $entityType)

No description

string
getSqlConstraint(ClassMetadata $targetEntity, string $targetTableAlias)

Note: The result of this method cannot be cached, as the target table alias might change for different query scenarios

void
evaluateMatcher()

parses the matcher of this privilege using Eel and extracts "entityType" and "conditionGenerator"

bool
matchesSubject(PrivilegeSubjectInterface $subject)

Returns true, if this privilege covers the given subject. As entity privileges are evaluated and enforced "within the database system" in SQL and not by the voting process, this method will always return false.

Details

void injectObjectManager(ObjectManagerInterface $objectManager)

This object is created very early so we can't rely on AOP for the property injection

Parameters

ObjectManagerInterface $objectManager

Return Value

void

__construct(PrivilegeTarget $privilegeTarget, string $matcher, string $permission, array $parameters)

No description

Parameters

PrivilegeTarget $privilegeTarget
string $matcher
string $permission

One of the constants GRANT, DENY or ABSTAIN

array $parameters

protected void buildCacheEntryIdentifier()

Initializes the unique cache entry identifier

Return Value

void

string getCacheEntryIdentifier()

Unique identifier of this privilege

Return Value

string

bool hasParameters()

No description

Return Value

bool

string getPermission()

No description

Return Value

string

bool isGranted()

No description

Return Value

bool

bool isAbstained()

No description

Return Value

bool

bool isDenied()

No description

Return Value

bool

PrivilegeTarget getPrivilegeTarget()

The related privilege target

Return Value

PrivilegeTarget

string getPrivilegeTargetIdentifier()

Unique identifier for the related privilege target (e.g. "Neos.Flow:PublicMethods")

Return Value

string

string getMatcher()

A matcher string, describing the privilegeTarget (e.g. pointcut expression for methods or EEL expression for entities)

Note: This returns the raw matcher string that might contain parameter placeholders. If you want to return the parsed matcher with placeholders replaced, use getParsedMatcher() instead.

Return Value

string

string getParsedMatcher()

Returns the matcher string with replaced parameter markers.

getMatcher()

Return Value

string

bool matchesEntityType(string $entityType)

No description

Parameters

string $entityType

Return Value

bool

Exceptions

InvalidQueryRewritingConstraintException

string getSqlConstraint(ClassMetadata $targetEntity, string $targetTableAlias)

Note: The result of this method cannot be cached, as the target table alias might change for different query scenarios

Parameters

ClassMetadata $targetEntity
string $targetTableAlias

Return Value

string

protected void evaluateMatcher()

parses the matcher of this privilege using Eel and extracts "entityType" and "conditionGenerator"

Return Value

void

protected ConditionGenerator getConditionGenerator()

No description

Return Value

ConditionGenerator

bool matchesSubject(PrivilegeSubjectInterface $subject)

Returns true, if this privilege covers the given subject. As entity privileges are evaluated and enforced "within the database system" in SQL and not by the voting process, this method will always return false.

Parameters

PrivilegeSubjectInterface $subject

Return Value

bool