Hello, everyone,
my policy.yaml looks like this:
privilegeTargets:
'Neos\Flow\Security\Authorization\Privilege\Method\MethodPrivilege':
'My.Project:OrderController.indexAction':
matcher: 'method(My\Project\Controller\(A|B|C|D|E)Controller->.*())'
roles:
'My.Project:Administrator':
privileges:
-
privilegeTarget: 'My.Project:OrderController.indexAction'
permission: GRANT
I have a lot of controllers and the riskt is high that I forget to insert one here - then it is visible for everyone.
My question: Is there a way to invert the whole thing? Say: All are not public, except for example “login”.
Thank you very much in advance for your help.
Tobias