[SOLVED] Policy Configuration fails in FLOW 4.0.6 (merge removes values)

chvonrohr · April 15, 2017, 1:55pm

After the migration from latest Flow 3.x to Flow 4.0.6 several Packages are not working anymore.
After core:migrate all packages, an error appears as following:

privilege target "TYPO3.AccountManagement:Profile", referenced in role
configuration "TYPO3.AccountManagement:Administrator" is not defined!

I tracked down the problem to the ConfigurationManager->mergePolicyConfiguration, where the privilegeTargets are overridden by each package (not merged as expected!) - even with empty arrays - in the Arrays::arrayMergeRecursiveOverrule method.

AFAIK the Policy configuration did not change besides the new namespace.
Configuration see: https://github.com/svparijs/TYPO3.AccountManagement/blob/master/Configuration/Policy.yaml

Has anyone the same problem or a clue if this is a configuration issue from my side or something has changed in the corresponding code?

thanks , greets, flow on

chvonrohr · April 18, 2017, 9:34am

I got some new findings.

The problem is the main Package Neos.Flow. In the Policy.yaml of the Package an empty array is defined for privilegeTargets, which overrides all configuration of packages loaded before:

// Policy Configuration before
array(1) {
  ["Neos\Flow\Security\Authorization\Privilege\Method\MethodPrivilege"]=>
  array(3) {
    ["TYPO3.AccountManagement:ProfileActions"]=>
    array(1) {
      ["matcher"]=>
      string(66) "method(TYPO3\AccountManagement\Controller\ProfileController->.*())"
    }
    ["TYPO3.AccountManagement:AccountActions"]=>
    array(1) {
      ["matcher"]=>
      string(66) "method(TYPO3\AccountManagement\Controller\AccountController->.*())"
    }
    ["TYPO3.AccountManagement:RoleActions"]=>
    array(1) {
      ["matcher"]=>
      string(63) "method(TYPO3\AccountManagement\Controller\RoleController->.*())"
    }
  }
}


// merge Neos.Flow Policy Configuration
array(2) {
  ["roles"]=>
  array(3) {
    ["Neos.Flow:Everybody"]=>
    array(1) {
      ["abstract"]=>
      bool(true)
    }
    ["Neos.Flow:Anonymous"]=>
    array(1) {
      ["abstract"]=>
      bool(true)
    }
    ["Neos.Flow:AuthenticatedUser"]=>
    array(1) {
      ["abstract"]=>
      bool(true)
    }
  }
  ["privilegeTargets"]=>
  array(0) {
  }
}

// merged result of privilege targets
array(0) {
}

I think either the empty array initiation should be removed or the Neos.Flow Configuration loaded as first package, as its done for other configurations:

github.com

neos/flow/blob/master/Classes/Configuration/ConfigurationManager.php#L433


 */
protected function loadConfiguration($configurationType, array $packages)
{
    $this->configurations[$configurationType] = [];
    $this->cacheNeedsUpdate = true;


    $configurationProcessingType = $this->resolveConfigurationProcessingType($configurationType);
    $allowSplitSource = $this->isSplitSourceAllowedForConfigurationType($configurationType);
    switch ($configurationProcessingType) {
        case self::CONFIGURATION_PROCESSING_TYPE_SETTINGS:


            // Make sure that the Flow package is the first item of the packages array:
            if (isset($packages['Neos.Flow'])) {
                $flowPackage = $packages['Neos.Flow'];
                unset($packages['Neos.Flow']);
                $packages = array_merge(['Neos.Flow' => $flowPackage], $packages);
                unset($flowPackage);
            }


            $settings = [];
            /** @var $package PackageInterface */

Looking at the code of the ConfigurationManager, there has something changed since Flow 3.x:

github.com

neos/flow/blob/2b3845fcb106f90f2c987349597233689f3838e2/Classes/Configuration/ConfigurationManager.php#L491


    }
    $this->configurations[$configurationType] = [];
    /** @var $package PackageInterface */
    foreach ($packages as $package) {
        $packagePolicyConfiguration = $this->configurationSource->load($package->getConfigurationPath() . $configurationType, $allowSplitSource);
        $this->validatePolicyConfiguration($packagePolicyConfiguration, $package);
        $this->configurations[$configurationType] = $this->mergePolicyConfiguration($this->configurations[$configurationType], $packagePolicyConfiguration);
    }
    $this->configurations[$configurationType] = $this->mergePolicyConfiguration($this->configurations[$configurationType], $this->configurationSource->load(FLOW_PATH_CONFIGURATION . $configurationType, $allowSplitSource));


    foreach ($this->orderedListOfContextNames as $contextName) {
        /** @var $package PackageInterface */
        foreach ($packages as $package) {
            $packagePolicyConfiguration = $this->configurationSource->load($package->getConfigurationPath() . $contextName . '/' . $configurationType, $allowSplitSource);
            $this->validatePolicyConfiguration($packagePolicyConfiguration, $package);
            $this->configurations[$configurationType] = $this->mergePolicyConfiguration($this->configurations[$configurationType], $packagePolicyConfiguration);
        }
        $this->configurations[$configurationType] = $this->mergePolicyConfiguration($this->configurations[$configurationType], $this->configurationSource->load(FLOW_PATH_CONFIGURATION . $contextName . '/' . $configurationType, $allowSplitSource));
    }
break;
case self::CONFIGURATION_PROCESSING_TYPE_DEFAULT:

sorenmalling · April 18, 2017, 10:47am

Hi @chvonrohr

I’ve experience the same, but it was due to wrong dependency. So my own package didn’t require neos/flow which caused the array to be reset.

If you have changed namespace from typo3/* to neos/* check that you have done it everywhere, so that you don’t have any reference to typo3/flow - that will cause the same issue.

chvonrohr · April 18, 2017, 11:49am

Hey @sorenmalling

Thx for the reply - your trick did it… awesome!