Custom Policies¶
The content Repository uses Roles and Policies to give Users access to different functions of the system.
Any bundle can expose available Policies via a PolicyProvider
which can be added to EzPublishCoreBundle's DIC extension.
PolicyProvider¶
A PolicyProvider
object provides a hash containing declared modules, functions and Limitations.
- Each Policy provider provides a collection of permission modules.
- Each module can provide functions (e.g. in
content/read
"content" is the module, "read" is the function) - Each function can provide a collection of Limitations.
First level key is the module name, value is a hash of available functions, with function name as key.
Function value is an array of available Limitations, identified by the alias declared in LimitationType
service tag.
If no Limitation is provided, value can be null
or an empty array.
1 2 3 4 5 6 7 8 9 10 | [ "content" => [ "read" => ["Class", "ParentClass", "Node", "Language"], "edit" => ["Class", "ParentClass", "Language"] ], "custom_module" => [ "custom_function_1" => null, "custom_function_2" => ["CustomLimitation"] ], ] |
Limitations need to be implemented as Limitation types and declared as services identified with ezpublish.limitationType
tag.
Name provided in the hash for each Limitation is the same value set in the alias
attribute in the service tag.
For example:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | namespace Acme\FooBundle\AcmeFooBundle\Security; use eZ\Bundle\EzPublishCoreBundle\DependencyInjection\Configuration\ConfigBuilderInterface; use eZ\Bundle\EzPublishCoreBundle\DependencyInjection\Security\PolicyProvider\PolicyProviderInterface; class MyPolicyProvider implements PolicyProviderInterface { public function addPolicies(ConfigBuilderInterface $configBuilder) { $configBuilder->addConfig([ "custom_module" => [ "custom_function_1" => null, "custom_function_2" => ["CustomLimitation"], ], ]); } } |
YamlPolicyProvider¶
An abstract class based on YAML is provided: eZ\Bundle\EzPublishCoreBundle\DependencyInjection\Security\PolicyProvider\YamlPolicyProvider
.
It defines an abstract getFiles()
method.
Extend YamlPolicyProvider
and implement getFiles()
to return absolute paths to your YAML files.
1 2 3 4 5 6 7 8 9 10 11 12 13 | namespace Acme\ExampleBundle\AcmeExampleBundle\Security; use eZ\Bundle\EzPublishCoreBundle\DependencyInjection\Security\PolicyProvider\YamlPolicyProvider; class MyPolicyProvider extends YamlPolicyProvider { protected function getFiles() { return [ __DIR__ . '/../Resources/config/policies.yml', ]; } } |
In AcmeExampleBundle/Resources/config/policies.yml
:
1 2 3 | custom_module: custom_function_1: ~ custom_function_2: [CustomLimitation] |
Extending existing policies¶
A PolicyProvider
may provide new functions to a module, and additional Limitations to an existing function.
It is however strongly encouraged to add functions to your own Policy modules.
It is not possible to remove an existing module, function or limitation from a Policy.
Integrating the PolicyProvider
into EzPublishCoreBundle¶
For a PolicyProvider
to be active, it must be properly declared in EzPublishCoreBundle.
A bundle just has to retrieve CoreBundle's DIC extension and call addPolicyProvider()
. This must be done in the bundle's build()
method.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | namespace Acme\ExampleBundle\AcmeExampleBundle; use Symfony\Component\HttpKernel\Bundle\Bundle; class AcmeExampleBundle extends Bundle { public function build(ContainerBuilder $container) { parent::build($container); // ... // Retrieve "ezpublish" container extension $eZExtension = $container->getExtension('ezpublish'); // Add the policy provider $eZExtension->addPolicyProvider(new MyPolicyProvider()); } } |