my policy.yaml looks like this:
privilegeTargets: 'Neos\Flow\Security\Authorization\Privilege\Method\MethodPrivilege': 'My.Project:OrderController.indexAction': matcher: 'method(My\Project\Controller\(A|B|C|D|E)Controller->.*())' roles: 'My.Project:Administrator': privileges: - privilegeTarget: 'My.Project:OrderController.indexAction' permission: GRANT
I have a lot of controllers and the riskt is high that I forget to insert one here - then it is visible for everyone.
My question: Is there a way to invert the whole thing? Say: All are not public, except for example “login”.
Thank you very much in advance for your help.