...
- Each policy provider provides a collection of permission modules.
- Each module can provide functions (e.g. "content/read": "content" is the module, "read" is the function)
- Each function can provide a collection of limitations.
Policies configuration hash contains declared these modules, functions and limitations.
First level key is the module name, value is a hash of available functions, with function name as key.
Function value is an array of available limitations, identified by the alias declared in LimitationType service tag.
If no limitation is provided, value can be null or an empty array.
| Code Block |
|---|
|
[
"content" => [
"read" => ["Class", "ParentClass", "Node", "Language"],
"edit" => ["Class", "ParentClass", "Language"]
],
"custom_module" => [
"custom_function_1" => null,
"custom_function_2" => ["CustomLimitation"]
],
] |
| Note |
|---|
Limitations need to be implemented as limitation types and declared as services identified with ezpublish.limitationType tag. Name provided in the hash for each limitation is the same value set in alias attribute in the service tag. |
Example
| Code Block |
|---|
|
namespace Acme\FooBundle\AcmeFooBundle\Security;
use eZ\Bundle\EzPublishCoreBundle\DependencyInjection\Configuration\ConfigBuilderInterface;
use eZ\Bundle\EzPublishCoreBundle\DependencyInjection\Security\PolicyProvider\PolicyProviderInterface;
class MyPolicyProvider implements PolicyProviderInterface
{
public function addPolicies(ConfigBuilderInterface $configBuilder)
{
$configBuilder->addConfig([
"custom_module" => [
"custom_function_1" => null,
"custom_function_2" => ["CustomLimitation"],
],
]);
}
} |
...