Hi,
I have Region and School domain model both extends \TYPO3\Party\Domain\Model\AbstractParty. School and Region have ManyToOne relation. I want SchoolManager be able to have access to his own School after login and RegionManager can manage all schools in his region.
I have below Policy Entry:
roles:
SchoolManager: []
RegionManager: ['SchoolManager']
resources:
entities:
'Hwwcn\Sponsor\Domain\Model\School':
Hwwcn_Sponsor_Schools_All: 'ANY'
Hwwcn_Sponsor_Schools_Own: 'this.name != NULL && this.acccounts contains current.securityContext.account || this.region == current.securityContext.party'
Hwwcn_Sponsor_Schools_Other: 'this.name != NULL &&! this.accounts contains current.securityContext.account || this.region != current.securityContext.party'
acls:
SchoolManager:
entities:
Hwwcn_Sponsor_Schools_All: GRANT
Hwwcn_Sponsor_Schools_Own: GRANT
Hwwcn_Sponsor_Schools_Other: DENY
These configuration makes SchoolRepository fetches zero schools for both SchoolManager and Region Manager.