In this presentation we present the new architecture and features of the security framework 2.0 shipped with Flow 3.0. Additionally the usage of this new architecture, to implement access controls for the whole editing process within the Neos CMS ist shown.
7. It’s all about protecting database
reads and method calls!
8. How would that work?
Changing the title of a page
fancy AOP magic
included!
method(Node->setProperty(propertyName == "title"))
9.
10.
11. How would that work?
Visibility of a page
mind blowing SQL
rewrites in the
wild!
this.workspace.name != ''live''
12. Your benefit!
• All privileges are defined declaratively in a central place,
not in your code
• SQL constraints are faster than in memory filters
• The actual protection code is part of the framework
robust, well tested, updated in a central place
15. We want to use the
Neos Language!
Am I allowed to edit this property?
Am I allowed to move this node to this
target?
Am I allowed to publish this node to that
workspace?
Am I allowed to see this part of the
node tree?
16. We just invented
custom privilege types
Edit Node
Read Node
Create Node
Move Node
Remove Node
Node Tree
19. Behind the scenes
1. Privilege types are real php classes
2. Functionality can be inherited!
3. Eel is used for the expressions
4. You can easily implement your own types