Policy.yaml => invert matcher

Hello, everyone,

my policy.yaml looks like this:

privilegeTargets:

  'Neos\Flow\Security\Authorization\Privilege\Method\MethodPrivilege':

    'My.Project:OrderController.indexAction':
      matcher: 'method(My\Project\Controller\(A|B|C|D|E)Controller->.*())'

roles:
  'My.Project:Administrator':
    privileges:
      -
        privilegeTarget: 'My.Project:OrderController.indexAction'
        permission: GRANT

I have a lot of controllers and the riskt is high that I forget to insert one here - then it is visible for everyone.

My question: Is there a way to invert the whole thing? Say: All are not public, except for example “login”.

Thank you very much in advance for your help.

Tobias

Yes, that’s what Neos does by default: https://github.com/neos/neos/blob/master/Configuration/Policy.yaml#L14-L15

This is a great overview. Thank you very much for your help!

1 Like