PLA= TFORM >=3D 2015.09
eZ content repository uses the concept of roles and policies in order to= authorize a user to do something (e.g. read content).
content/read, content being the module and read<=
/code> being the function).It is possible for any bundle to expose available policies via a
A PolicyProvider is an object providing a hash co=
ntaining declared modules, functions and limitations.
Policies configuration hash contains declared these modules, functions a=
nd limitations.
First level key is the module name, value is a hash of a=
vailable functions, with function name as key.
Function value is an arra=
y of available limitations, identified by the alias declared in LimitationT=
ype service tag.
If no limitation is provided, value can be null or an empty array.
[
"content" =3D> [
"read" =3D> ["Class", "ParentClass", "Node", "Language"],
"edit" =3D> ["Class", "ParentClass", "Language"]
],
"custom_module" =3D> [
"custom_function_1" =3D> null,
"custom_function_2" =3D> ["CustomLimitation"]
],
]=20
Limitations need to be implemented as limitation types&nbs=
p;and declared as services identified with ezpublish.limitationT=
ype tag. Name provided in the hash for each limitation is =
the same value set in alias attribute in the service tag.
namespace Acme\FooBundle\AcmeFooBundle\Security;
use eZ\Bundle\EzPublishCoreBundle\DependencyInjection\Configuration\ConfigB=
uilderInterface;
use eZ\Bundle\EzPublishCoreBundle\DependencyInjection\Security\PolicyProvid=
er\PolicyProviderInterface;
class MyPolicyProvider implements PolicyProviderInterface
{
public function addPolicies(ConfigBuilderInterface $configBuilder)
{
$configBuilder->addConfig([
"custom_module" =3D> [
"custom_function_1" =3D> null,
"custom_function_2" =3D> ["CustomLimitation"],
],
]);
}
}=20
An abstract class based on YAML is provided: eZ\=
Bundle\EzPublishCoreBundle\DependencyInjection\Security\PolicyProvider\Yaml=
PolicyProvider.
=
getFiles() method.
Extend YamlPolicyProvider and implement getFiles() to return absolute paths to your=
YAML files.
namespace Acme\FooBundle\AcmeFooBundle\Security;
use eZ\Bundle\EzPublishCoreBundle\DependencyInjection\Security\PolicyProvid=
er\YamlPolicyProvider;
class MyPolicyProvider extends YamlPolicyProvider
{
protected function getFiles()
{
return [
__DIR__ . '/../Resources/config/policies.yml',
];
}
}=20
custom_module:
custom_function_1: ~
custom_function_2: [CustomLimitation]=20
A PolicyProvider may provide new functions to a module, and=
additional limitations to an existing function.
It is however strongly encouraged to add functions t=
o your own policy modules.
It is not possible to remove an existing module, function or limitation = from a policy.
For a PolicyProvider to be active, it must be properly declared in=
EzPublishCoreBundle.
A bundle just has to retrieve CoreBundle's DIC ex=
tension and call addPolicyProvider(). This m=
ust be done in bundle's build() method.=
namespace Acme\FooBundle\AcmeFooBundle;
use Symfony\Component\HttpKernel\Bundle\Bundle;
class AcmeFooBundle extends Bundle
{
public function build(ContainerBuilder $container)
{
parent::build($container);
// ...
// Retrieve "ezpublish" container extension.
$eZExtension =3D $container->getExtension('ezpublish');
// Add the policy provider.
$eZExtension->addPolicyProvider(new MyPolicyProvider());
}
}=20
Policies used internally in =
repository services are defined in E=
zPublishCoreBundle/Resources/config/policies.yml.