Extract `ContentRepositoryAuthProvider::nodeThatRequiresEditPrivilege…

…ForCommand()`
neos · Nov 6, 2024 · 41e6b57 · 41e6b57
1 parent 187b80e
commit 41e6b57
Showing 1 changed file with 26 additions and 19 deletions.
diff --git a/Neos.Neos/Classes/Security/ContentRepositoryAuthProvider/ContentRepositoryAuthProvider.php b/Neos.Neos/Classes/Security/ContentRepositoryAuthProvider/ContentRepositoryAuthProvider.php
@@ -48,6 +48,7 @@
 use Neos\Neos\Domain\Model\WorkspacePermissions;
 use Neos\Neos\Domain\Service\UserService;
 use Neos\Neos\Security\Authorization\ContentRepositoryAuthorizationService;
+use Neos\Neos\Security\Authorization\Privilege\EditNodePrivilege;
 
 /**
  * Implementation of Content Repository {@see AuthProviderInterface} which ties the authorization
@@ -103,25 +104,7 @@ public function canExecuteCommand(CommandInterface $command): Privilege
         if ($this->securityContext->areAuthorizationChecksDisabled()) {
             return Privilege::granted('Authorization checks are disabled');
         }
-
-        /** @var NodeAddress|null $nodeThatRequiresEditPrivilege */
-        $nodeThatRequiresEditPrivilege = match ($command::class) {
-            CopyNodesRecursively::class => NodeAddress::create($this->contentRepositoryId, $command->workspaceName, $command->targetDimensionSpacePoint->toDimensionSpacePoint(), $command->targetParentNodeAggregateId),
-            CreateNodeAggregateWithNode::class,
-            CreateNodeAggregateWithNodeAndSerializedProperties::class => NodeAddress::create($this->contentRepositoryId, $command->workspaceName, $command->originDimensionSpacePoint->toDimensionSpacePoint(), $command->parentNodeAggregateId),
-            CreateNodeVariant::class => NodeAddress::create($this->contentRepositoryId, $command->workspaceName, $command->sourceOrigin->toDimensionSpacePoint(), $command->nodeAggregateId),
-            DisableNodeAggregate::class,
-            EnableNodeAggregate::class,
-            RemoveNodeAggregate::class,
-            TagSubtree::class,
-            UntagSubtree::class => NodeAddress::create($this->contentRepositoryId, $command->workspaceName, $command->coveredDimensionSpacePoint, $command->nodeAggregateId),
-            MoveNodeAggregate::class => NodeAddress::create($this->contentRepositoryId, $command->workspaceName, $command->dimensionSpacePoint, $command->nodeAggregateId),
-            SetNodeProperties::class,
-            SetSerializedNodeProperties::class => NodeAddress::create($this->contentRepositoryId, $command->workspaceName, $command->originDimensionSpacePoint->toDimensionSpacePoint(), $command->nodeAggregateId),
-            SetNodeReferences::class,
-            SetSerializedNodeReferences::class => NodeAddress::create($this->contentRepositoryId, $command->workspaceName, $command->sourceOriginDimensionSpacePoint->toDimensionSpacePoint(), $command->sourceNodeAggregateId),
-            default => null,
-        };
+        $nodeThatRequiresEditPrivilege = $this->nodeThatRequiresEditPrivilegeForCommand($command);
         if ($nodeThatRequiresEditPrivilege !== null) {
             $workspacePermissions = $this->getWorkspacePermissionsForCurrentUser($nodeThatRequiresEditPrivilege->workspaceName);
             if (!$workspacePermissions->write) {
@@ -172,6 +155,30 @@ public function canExecuteCommand(CommandInterface $command): Privilege
         };
     }
 
+    /**
+     * For a given command, determine the node (represented as {@see NodeAddress}) that needs {@see EditNodePrivilege} to be granted
+     */
+    private function nodeThatRequiresEditPrivilegeForCommand(CommandInterface $command): ?NodeAddress
+    {
+        return match ($command::class) {
+            CopyNodesRecursively::class => NodeAddress::create($this->contentRepositoryId, $command->workspaceName, $command->targetDimensionSpacePoint->toDimensionSpacePoint(), $command->targetParentNodeAggregateId),
+            CreateNodeAggregateWithNode::class,
+            CreateNodeAggregateWithNodeAndSerializedProperties::class => NodeAddress::create($this->contentRepositoryId, $command->workspaceName, $command->originDimensionSpacePoint->toDimensionSpacePoint(), $command->parentNodeAggregateId),
+            CreateNodeVariant::class => NodeAddress::create($this->contentRepositoryId, $command->workspaceName, $command->sourceOrigin->toDimensionSpacePoint(), $command->nodeAggregateId),
+            DisableNodeAggregate::class,
+            EnableNodeAggregate::class,
+            RemoveNodeAggregate::class,
+            TagSubtree::class,
+            UntagSubtree::class => NodeAddress::create($this->contentRepositoryId, $command->workspaceName, $command->coveredDimensionSpacePoint, $command->nodeAggregateId),
+            MoveNodeAggregate::class => NodeAddress::create($this->contentRepositoryId, $command->workspaceName, $command->dimensionSpacePoint, $command->nodeAggregateId),
+            SetNodeProperties::class,
+            SetSerializedNodeProperties::class => NodeAddress::create($this->contentRepositoryId, $command->workspaceName, $command->originDimensionSpacePoint->toDimensionSpacePoint(), $command->nodeAggregateId),
+            SetNodeReferences::class,
+            SetSerializedNodeReferences::class => NodeAddress::create($this->contentRepositoryId, $command->workspaceName, $command->sourceOriginDimensionSpacePoint->toDimensionSpacePoint(), $command->sourceNodeAggregateId),
+            default => null,
+        };
+    }
+
     private function requireWorkspaceWritePermission(WorkspaceName $workspaceName): Privilege
     {
         $workspacePermissions = $this->getWorkspacePermissionsForCurrentUser($workspaceName);