Security roles matcher all descendants of type


I’m trying to get my roles right. Is there a matcher rule that matches on all children of a node by type ? I know isDescendantNodeOf, but I want to match by node type not by node identifier/path.

I am also aware of nodeIsOfType, but that one doesn’t apply the rule to its children. I need a combination of these two … an imaginary matcher called isDescendantNodeOfType sounds like music in my ears. Is there something like this available ?

Bonus question: In case this is not possible right now, is it possible to create a custom role matcher function to support this ?

Thanks in advance !

To answer the last question

Sure, the privileges are fairly thin classes, that implements check. When you configure the Policy.yaml file, you start by setting a privilege class name - try and open that file and find inspiration for creating your own :slight_smile:

Hi Soren,

that’s very good to hear. Unfortunately I still don’t understand where to find the class you are talking about, is there a documentation reference for this matter ? Are you referring to Neos\Flow\Security\Authorization\Privilege\Method\MethodPrivilege ?

PS: Your routine of scanning the forum questions has been very helpful, Soren. Thank you and keep it up !