From b0c27cad7c93373cdd306b87f153224a59f3ca00 Mon Sep 17 00:00:00 2001
From: mhsdesign <85400359+mhsdesign@users.noreply.github.com>
Date: Mon, 6 Jan 2025 11:02:42 +0100
Subject: [PATCH] TASK: Remove obsolete legacy yaml policy for workspaces

With the introduction of explicit user assignments for workspaces https://github.com/neos/neos-development-collection/pull/5146 and roles and the full evaluation of those via https://github.com/neos/neos-development-collection/pull/5298 we have replaced the previously still kept 8.3 yaml security configuration for workspaces.

This decision was done as for security we can no longer use flows security framework which uses aop inside the content-repository library, and also we wanted to cleanup the user <-> workspace relation ship as well as the concept of internal vs shared workspaces.

Following yaml roles were removed:
- `Neos.ContentRepository:Administrator`
- `Neos.ContentRepository:InternalWorkspaceAccess`

Following yaml targets were removed:
- `Neos.Neos:PublicWorkspaceAccess`
- `Neos.Neos:OtherWorkspacesAccess`
- `Neos.Neos:Backend.OtherUsersPersonalWorkspaceAccess`
- `Neos.Neos:Backend.PublishOwnWorkspaceContent`
- `Neos.Neos:Backend.DiscardOwnWorkspaceContent`
- `Neos.Workspace.Ui:Backend.PublishAllToLiveWorkspace`

Note that these targets were moved to the `Neos.Workspace.Ui:Backend` package via https://github.com/neos/neos-development-collection/pull/5118 in 9.0 but were removed now either way:

- `Neos.Neos:Backend.Module.Management.Workspaces.ManageOwnWorkspaces` (`Neos.Workspace.Ui:Backend.Module.Management.Workspace.ManageOwnWorkspaces`)
- `Neos.Neos:Backend.Module.Management.Workspaces.ManageInternalWorkspaces` (`Neos.Workspace.Ui:Backend.Module.Management.Workspace.ManageInternalWorkspaces`)
- `Neos.Neos:Backend.Module.Management.Workspaces.ManageAllPrivateWorkspaces` (`Neos.Workspace.Ui:Backend.Module.Management.Workspace.ManageAllPrivateWorkspaces`)
---
 Configuration/Policy.yaml | 30 ------------------------------
 1 file changed, 30 deletions(-)
 delete mode 100644 Configuration/Policy.yaml

diff --git a/Configuration/Policy.yaml b/Configuration/Policy.yaml
deleted file mode 100644
index d015bec..0000000
--- a/Configuration/Policy.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-#                                                                        #
-# Security policy for the ContentRepository package                      #
-#                                                                        #
-
-privilegeTargets:
-  'Neos\Flow\Security\Authorization\Privilege\Method\MethodPrivilege':
-    'Neos.Neos:PublicWorkspaceAccess':
-      label: Allowed to access the public workspace
-      matcher: 'method(Neos\ContentRepository\Domain\Service\Context->validateWorkspace()) && evaluate(this.workspace.publicWorkspace === true)'
-
-    'Neos.Neos:OtherWorkspacesAccess':
-      label: Allowed to access to other users workspaces
-      matcher: 'method(Neos\ContentRepository\Domain\Service\Context->validateWorkspace()) && evaluate(this.workspace.publicWorkspace === false) && evaluate(this.workspace.personalWorkspace === false)'
-
-roles:
-  'Neos.Flow:Everybody':
-    privileges:
-      - privilegeTarget: 'Neos.Neos:PublicWorkspaceAccess'
-        permission: GRANT
-
-  'Neos.ContentRepository:InternalWorkspaceAccess':
-    abstract: TRUE
-    privileges:
-      - privilegeTarget: 'Neos.Neos:OtherWorkspacesAccess'
-        permission: GRANT
-
-  'Neos.ContentRepository:Administrator':
-    abstract: true
-    parentRoles: ['Neos.ContentRepository:InternalWorkspaceAccess']
-