[Neos] Make your own privilege: Why is MethodPrivilegeInterface hard-coded in class PolicyEnforcement

Bastian Waidelich bastian at typo3.org
Wed Apr 22 11:02:34 CEST 2015

On 21.04.15, at 10:38, Olle Haerstedt wrote:

Hi again,

> So, what is best then - to implement MethodPrivilegeInterface or extend
> the already present class?

as usual, it depends ;)

As you have figured out already, matchers of standard *MethodPrivilege*s 
are written using *PointcutExpressions*[1].

Matchers of the default *EntityPrivilege* are written using *Eel* syntax[2].

More interesting for your case, are the custom *node*-related privileges 
we've built *on top* of those default privileges:

Take for example the *EditNodePrivilege*[3] - it uses the "Decorator 
Pattern"[4] to wrap a *MethodPrivilege* but it consumes Eel..

Sounds rather complex and it is in a way, but it will be pretty easy to 
implement once we finished our little tutorial.

> Maybe there should be an exception too, when a privilege target in
> policy.yaml doesn't implement
> either of those two interfaces (method or entity).

You get an exception if your privilege does not implement 
*PrivilegeInterface*, the rest is up to you. Usually you want to 
implement the *MethodPrivilegeInterface* (in order to activate 
PolicyEnforcement) but you could also have a completely independent 
privilege that you only check using the *PrivilegeManager*.


[4] http://en.wikipedia.org/wiki/Decorator_pattern

Bastian Waidelich

More information about the Neos mailing list