Been working on Aimeos integration on my local Neos 3.1.0 installation and first priority is to protect the shop admin interface, so only ShopAdmin can access the page. I know that Sascha Löffler and Søren Malling (on Slack) has been working on the same issue, but nothing seems to have been solved.
Installing Aimeos went well and i can see both list view (the shop) and the admin interface.
My configuration for restricting access is as follows:
Setting.yaml (in my package Configuration folder):
Neos: Flow: security: authentication: providers: 'Neos.Neos:Backend': requestPatterns: 'MyShop:AdminControllers': pattern: 'ControllerObjectName' patternOptions: controllerObjectNamePattern: 'Aimeos\Shop\Controller\(Admin|Extadm|Jsonadm|Jqadm).*'
Policy.yaml (in my package Configuration folder):
privilegeTargets: 'Neos\Flow\Security\Authorization\Privilege\Method\MethodPrivilege': 'MyShop:AllActions': matcher: 'method(Aimeos\Shop\Controller\(Catalog|Locale|Account|Basket|Checkout|Page|Jsonapi)Controller->(.*)Action())' 'MyShop:AdminActions': matcher: 'method(Aimeos\Shop\Controller\(Admin|Extadm|Jsonadm|Jqadm)Controller->(.*)Action())' roles: 'Aimeos.Shop:ShopAdmin': privileges: - privilegeTarget: 'MyShop:AdminActions' permission: GRANT 'Neos.Flow:Everybody': privileges: - privilegeTarget: 'MyShop:AllActions' permission: GRANT
I have tested around with different users like Administrator, Editor - and also checked that user Everybody works in different modes.
It seems Token is not sent or accepted, as i get this error:
Could not authenticate any token.
Might be missing or wrong credentials or no authentication provider matched.
Evaluated following 1 privilege target(s):
(0 granted, 0 denied, 1 abstained)
Exception Code 1222204027
Exception Type Neos\Flow\Security\Exception\NoTokensAuthenticatedException
Log Reference 201708230158528c4cba
Thrown in File Data/Temporary/Development/Cache/Code/Flow_Object_Classes/Neos_Flow_Security_Authorization_Interceptor_PolicyEnforcement.php
Original File Packages/Framework/Neos.Flow/Classes/Security/Authorization/Interceptor/PolicyEnforcement.php
Does anyone have any idea how to solve this, or maybe come up with another approach?
Kim Holberg Andersen