EntityPrivilege
class EntityPrivilege extends AbstractPrivilege implements EntityPrivilegeInterface (View source)
A filter to rewrite doctrine queries according to the security policy.
Properties
| protected ObjectManagerInterface | $objectManager | from AbstractPrivilege | |
| protected string | $cacheEntryIdentifier | Unique identifier of this privilege (used for cache entries) |
from AbstractPrivilege |
| protected PrivilegeTarget | $privilegeTarget | from AbstractPrivilege | |
| protected PrivilegeParameterInterface[] | $parameters | from AbstractPrivilege | |
| protected string | $matcher | from AbstractPrivilege | |
| protected string | $parsedMatcher | from AbstractPrivilege | |
| protected string | $permission | from AbstractPrivilege | |
| protected bool | $isEvaluated | ||
| protected string | $entityType | ||
| protected SqlGeneratorInterface | $conditionGenerator |
Methods
This object is created very early so we can't rely on AOP for the property injection
No description
Initializes the unique cache entry identifier
Unique identifier for the related privilege target (e.g. "Neos.Flow:PublicMethods")
A matcher string, describing the privilegeTarget (e.g. pointcut expression for methods or EEL expression for entities)
Returns the matcher string with replaced parameter markers.
No description
Note: The result of this method cannot be cached, as the target table alias might change for different query scenarios
parses the matcher of this privilege using Eel and extracts "entityType" and "conditionGenerator"
No description
Returns true, if this privilege covers the given subject. As entity privileges are evaluated and enforced "within the database system" in SQL and not by the voting process, this method will always return false.
Details
void
injectObjectManager(ObjectManagerInterface $objectManager)
This object is created very early so we can't rely on AOP for the property injection
__construct(PrivilegeTarget $privilegeTarget, string $matcher, string $permission, array $parameters)
No description
protected void
buildCacheEntryIdentifier()
Initializes the unique cache entry identifier
string
getCacheEntryIdentifier()
Unique identifier of this privilege
PrivilegeParameterInterface[]
getParameters()
No description
bool
hasParameters()
No description
string
getPermission()
No description
bool
isGranted()
No description
bool
isAbstained()
No description
bool
isDenied()
No description
PrivilegeTarget
getPrivilegeTarget()
The related privilege target
string
getPrivilegeTargetIdentifier()
Unique identifier for the related privilege target (e.g. "Neos.Flow:PublicMethods")
string
getMatcher()
A matcher string, describing the privilegeTarget (e.g. pointcut expression for methods or EEL expression for entities)
Note: This returns the raw matcher string that might contain parameter placeholders. If you want to return the parsed matcher with placeholders replaced, use getParsedMatcher() instead.
string
getParsedMatcher()
Returns the matcher string with replaced parameter markers.
getMatcher()
bool
matchesEntityType(string $entityType)
No description
string
getSqlConstraint(ClassMetadata $targetEntity, string $targetTableAlias)
Note: The result of this method cannot be cached, as the target table alias might change for different query scenarios
protected void
evaluateMatcher()
parses the matcher of this privilege using Eel and extracts "entityType" and "conditionGenerator"
protected ConditionGenerator
getConditionGenerator()
No description
bool
matchesSubject(PrivilegeSubjectInterface $subject)
Returns true, if this privilege covers the given subject. As entity privileges are evaluated and enforced "within the database system" in SQL and not by the voting process, this method will always return false.