Adjust to account based authorization

bwaidelich · bwaidelich · commit 910314570a16 · 2024-10-23T12:13:24.000+02:00
diff --git a/Classes/Fusion/Helper/WorkspaceHelper.php b/Classes/Fusion/Helper/WorkspaceHelper.php
@@ -71,9 +71,13 @@ public function getPersonalWorkspace(ContentRepositoryId $contentRepositoryId):
         if ($currentUser === null) {
             return [];
         }
+        $authenticatedAccount = $this->securityContext->getAccount();
+        if ($authenticatedAccount === null) {
+            return [];
+        }
         $contentRepository = $this->contentRepositoryRegistry->get($contentRepositoryId);
         $personalWorkspace = $this->workspaceService->getPersonalWorkspaceForUser($contentRepositoryId, $currentUser->getId());
-        $personalWorkspacePermissions = $this->contentRepositoryAuthorizationService->getWorkspacePermissionsForUser($contentRepositoryId, $personalWorkspace->workspaceName, $currentUser);
+        $personalWorkspacePermissions = $this->contentRepositoryAuthorizationService->getWorkspacePermissionsForAccount($contentRepositoryId, $personalWorkspace->workspaceName, $authenticatedAccount);
         $publishableNodes = $this->uiWorkspaceService->getPublishableNodeInfo($personalWorkspace->workspaceName, $contentRepository->id);
         return [
             'name' => $personalWorkspace->workspaceName->value,
diff --git a/Classes/Infrastructure/Configuration/ConfigurationProvider.php b/Classes/Infrastructure/Configuration/ConfigurationProvider.php
@@ -18,6 +18,7 @@
 use Neos\Flow\Annotations as Flow;
 use Neos\Flow\Configuration\ConfigurationManager;
 use Neos\Flow\Mvc\Routing\UriBuilder;
+use Neos\Flow\Security\Context as SecurityContext;
 use Neos\Neos\Domain\Model\WorkspaceClassification;
 use Neos\Neos\Domain\Service\WorkspaceService;
 use Neos\Neos\Security\Authorization\ContentRepositoryAuthorizationService;
@@ -34,6 +35,9 @@ final class ConfigurationProvider implements ConfigurationProviderInterface
     #[Flow\Inject]
     protected UserService $userService;
 
+    #[Flow\Inject]
+    protected SecurityContext $securityContext;
+
     #[Flow\Inject]
     protected ConfigurationManager $configurationManager;
 
@@ -97,8 +101,8 @@ public function getConfiguration(
      */
     private function getAllowedTargetWorkspaces(ContentRepository $contentRepository): array
     {
-        $backendUser = $this->userService->getBackendUser();
-        if ($backendUser === null) {
+        $authenticatedAccount = $this->securityContext->getAccount();
+        if ($authenticatedAccount === null) {
             return [];
         }
         $result = [];
@@ -107,7 +111,7 @@ private function getAllowedTargetWorkspaces(ContentRepository $contentRepository
             if (!in_array($workspaceMetadata->classification, [WorkspaceClassification::ROOT, WorkspaceClassification::SHARED], true)) {
                 continue;
             }
-            $workspacePermissions = $this->contentRepositoryAuthorizationService->getWorkspacePermissionsForUser($contentRepository->id, $workspace->workspaceName, $backendUser);
+            $workspacePermissions = $this->contentRepositoryAuthorizationService->getWorkspacePermissionsForAccount($contentRepository->id, $workspace->workspaceName, $authenticatedAccount);
             if ($workspacePermissions->read === false) {
                 continue;
             }
