BUGFIX: Use withoutAuthorizationChecks to remove site via user interface

The CR security was introduced with #5298 And now fails when fetching the content graph or deleting nodes: > Read access denied for workspace "user-editor": User is a Neos Administrator without explicit role for workspace "user-editor" The herby proposed fix is not perfect but so is the whole site deletion, instead only the base workspace should need to be deleted and the others need to be rebased.
neos · Jan 20, 2025 · 2ade422 · 2ade422
1 parent a816c4c
commit 2ade422
Showing 1 changed file with 14 additions and 8 deletions.
diff --git a/Neos.Neos/Classes/Domain/Service/SiteServiceInternals.php b/Neos.Neos/Classes/Domain/Service/SiteServiceInternals.php
@@ -68,9 +68,13 @@ public function removeSiteNode(SiteNodeName $siteNodeName): void
             );
         }
 
+        // todo only remove site node in base workspace and rebase dependant workspaces to avoid also the security hacks here.
         foreach ($this->contentRepository->findWorkspaces() as $workspace) {
-            $contentGraph = $this->contentRepository->getContentGraph($workspace->workspaceName);
-            $sitesNodeAggregate = $contentGraph->findRootNodeAggregateByType(
+            $contentGraph = null;
+            $this->securityContext->withoutAuthorizationChecks(function () use (&$contentGraph, $workspace) {
+                $contentGraph = $this->contentRepository->getContentGraph($workspace->workspaceName);
+            });
+            $sitesNodeAggregate = $contentGraph?->findRootNodeAggregateByType(
                 NodeTypeNameFactory::forSites()
             );
             if (!$sitesNodeAggregate) {
@@ -82,12 +86,14 @@ public function removeSiteNode(SiteNodeName $siteNodeName): void
                 $siteNodeName->toNodeName()
             );
             if ($siteNodeAggregate instanceof NodeAggregate) {
-                $this->contentRepository->handle(RemoveNodeAggregate::create(
-                    $workspace->workspaceName,
-                    $siteNodeAggregate->nodeAggregateId,
-                    $arbitraryDimensionSpacePoint,
-                    NodeVariantSelectionStrategy::STRATEGY_ALL_VARIANTS,
-                ));
+                $this->securityContext->withoutAuthorizationChecks(
+                    fn () => $this->contentRepository->handle(RemoveNodeAggregate::create(
+                        $workspace->workspaceName,
+                        $siteNodeAggregate->nodeAggregateId,
+                        $arbitraryDimensionSpacePoint,
+                        NodeVariantSelectionStrategy::STRATEGY_ALL_VARIANTS,
+                    ))
+                );
             }
         }
     }