-
-
Notifications
You must be signed in to change notification settings - Fork 6
/
Policy.yaml
executable file
·45 lines (40 loc) · 1.7 KB
/
Policy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
privilegeTargets:
'Neos\Flow\Security\Authorization\Privilege\Method\MethodPrivilege':
'Shel.Neos.Terminal:ExecuteCommands':
matcher: 'method(Shel\Neos\Terminal\Controller\TerminalCommandController->(?!initialize).*Action())'
'Shel.Neos.Terminal:GetCommands':
matcher: 'method(Shel\Neos\Terminal\Controller\TerminalCommandController->getCommandsAction())'
'Shel\Neos\Terminal\Security\TerminalCommandPrivilege':
'Shel.Neos.Terminal:Command.All':
matcher: '*'
'Shel.Neos.Terminal:Command.Eel':
matcher: 'eel'
'Shel.Neos.Terminal:Command.FlushCache':
matcher: 'flushCache'
'Shel.Neos.Terminal:Command.Search':
matcher: 'search'
'Shel.Neos.Terminal:Command.NodeRepair':
matcher: 'nodeRepair'
roles:
'Neos.Flow:Everybody':
privileges:
# Allow everybody to load commands to prevent 403 errors for users without access in the UI.
# The command list will still be empty in the response as all commands have their own privileges.
- privilegeTarget: 'Shel.Neos.Terminal:GetCommands'
permission: GRANT
'Shel.Neos.Terminal:TerminalUser':
label: 'Terminal user'
description: 'Grants access to run read-only eel and search terminal commands'
privileges:
- privilegeTarget: 'Shel.Neos.Terminal:ExecuteCommands'
permission: GRANT
- privilegeTarget: 'Shel.Neos.Terminal:Command.Eel'
permission: GRANT
- privilegeTarget: 'Shel.Neos.Terminal:Command.Search'
permission: GRANT
'Neos.Neos:Administrator':
privileges:
- privilegeTarget: 'Shel.Neos.Terminal:ExecuteCommands'
permission: GRANT
- privilegeTarget: 'Shel.Neos.Terminal:Command.All'
permission: GRANT