[Neos] Make your own privilege: Why is MethodPrivilegeInterface hard-coded in class PolicyEnforcement

Bastian Waidelich bastian at typo3.org
Mon Apr 20 16:33:07 CEST 2015

On 20.04.15, at 15:48, Olle Haerstedt wrote:

Hi Olle,

> I'm trying to make my own privilege to use in the policy settings.

Just to get everyone on track: you're talking about the (not yet 
final-released) ACL features of Flow 3.0.

> The thing is, in function invoke() in class PolicyEnforcement, the
> interface
> MethodPrivilegeInterface is hard-coded instead of PrivilegeInterface [...]

So, there are two main types of privileges: Entity and Method.
The *EntityPrivileges* intercept SQL queries to protect data on the 
database level (we use it for the ReadNodePrivilege in order to prevent 
inaccessible nodes to be loaded from the TYPO3CR).
The *MethodPrivilege* is much more common and it is used to intercept 
arbitrary method calls.

You can also combine the two types (creating a composite privilege). But 
if you want to protect method calls you'll have to implement the 

Because the *PolicyEnforcement* is only about method calls, it only 
cares about privileges implementing the *MethodPrivilegeInterface*.


Bastian Waidelich

More information about the Neos mailing list