Policy.yaml => invert matcher

Hello, everyone,

my policy.yaml looks like this:



      matcher: 'method(My\Project\Controller\(A|B|C|D|E)Controller->.*())'

        privilegeTarget: 'My.Project:OrderController.indexAction'
        permission: GRANT

I have a lot of controllers and the riskt is high that I forget to insert one here - then it is visible for everyone.

My question: Is there a way to invert the whole thing? Say: All are not public, except for example “login”.

Thank you very much in advance for your help.


Yes, that’s what Neos does by default: https://github.com/neos/neos/blob/master/Configuration/Policy.yaml#L14-L15

This is a great overview. Thank you very much for your help!

1 Like