TASK: Move withoutAuthorizationChecks into createSiteNodeIfNotExists

Neos.Neos/Classes/Controller/Module/Administration/SitesController.php

@@ -28,7 +28,6 @@
 use Neos\Flow\Annotations as Flow;
 use Neos\Flow\Package;
 use Neos\Flow\Package\PackageManager;
-use Neos\Flow\Security\Context as SecurityContext;
 use Neos\Flow\Session\SessionInterface;
 use Neos\Media\Domain\Repository\AssetCollectionRepository;
 use Neos\Neos\Controller\Module\AbstractModuleController;
@@ -40,10 +39,8 @@
 use Neos\Neos\Domain\Repository\DomainRepository;
 use Neos\Neos\Domain\Repository\SiteRepository;
 use Neos\Neos\Domain\Service\NodeTypeNameFactory;
-use Neos\Neos\Domain\Service\SiteImportService;
 use Neos\Neos\Domain\Service\SiteService;
 use Neos\Neos\Domain\Service\UserService;
-use Neos\Utility\Files;
 
 /**
  * The Neos Sites Management module controller
@@ -96,21 +93,10 @@ class SitesController extends AbstractModuleController
      * the site must have a field to define the contentRepositoryId to correctly create sites dynamically.
      *
      * @Flow\InjectConfiguration("sitePresets.default.contentRepository")
+     * @var string|null
      */
     protected $defaultContentRepositoryForNewSites;
 
-    /**
-     * @Flow\Inject
-     * @var SecurityContext
-     */
-    protected $securityContext;
-
-    /**
-     * @Flow\Inject
-     * @var SiteImportService
-     */
-    protected $siteImportService;
-
     #[Flow\Inject]
     protected UserService $domainUserService;
 
@@ -293,11 +279,7 @@ public function newSiteAction(): void
     public function createSiteNodeAction($packageKey, $siteName, $nodeType)
     {
         try {
-            // CreateRootWorkspace was denied: Creation of root workspaces is currently only allowed with disabled authorization checks
-            $site = null;
-            $this->securityContext->withoutAuthorizationChecks(function () use (&$site, $packageKey, $siteName, $nodeType) {
-                $site = $this->siteService->createSite($packageKey, $siteName, $nodeType);
-            });
+            $site = $this->siteService->createSite($packageKey, $siteName, $nodeType);
         } catch (NodeTypeNotFound $exception) {
             $this->addFlashMessage(
                 $this->getModuleLabel('sites.siteCreationError.givenNodeTypeNotFound.body', [$nodeType]),

Neos.Neos/Classes/Domain/Service/SiteService.php

@@ -20,6 +20,7 @@
 use Neos\ContentRepositoryRegistry\ContentRepositoryRegistry;
 use Neos\Flow\Annotations as Flow;
 use Neos\Flow\Persistence\PersistenceManagerInterface;
+use Neos\Flow\Security\Context as SecurityContext;
 use Neos\Media\Domain\Model\Asset;
 use Neos\Media\Domain\Repository\AssetCollectionRepository;
 use Neos\Neos\Domain\Exception\SiteNodeNameIsAlreadyInUseByAnotherSite;
@@ -70,14 +71,21 @@ class SiteService
      */
     protected $workspaceService;
 
+    /**
+     * @Flow\Inject
+     * @var SecurityContext
+     */
+    protected $securityContext;
+
     /**
      * Remove given site all nodes for that site and all domains associated.
      */
     public function pruneSite(Site $site): void
     {
         $siteServiceInternals = new SiteServiceInternals(
             $this->contentRepositoryRegistry->get($site->getConfiguration()->contentRepositoryId),
-            $this->workspaceService
+            $this->workspaceService,
+            $this->securityContext
         );
 
         try {
@@ -181,7 +189,8 @@ public function createSite(
 
         $siteServiceInternals = new SiteServiceInternals(
             $this->contentRepositoryRegistry->get($site->getConfiguration()->contentRepositoryId),
-            $this->workspaceService
+            $this->workspaceService,
+            $this->securityContext
         );
         $siteServiceInternals->createSiteNodeIfNotExists($site, $nodeTypeName);
 

Neos.Neos/Classes/Domain/Service/SiteServiceInternals.php

@@ -30,6 +30,7 @@
 use Neos\ContentRepository\Core\SharedModel\Node\NodeAggregateId;
 use Neos\ContentRepository\Core\SharedModel\Node\NodeVariantSelectionStrategy;
 use Neos\ContentRepository\Core\SharedModel\Workspace\WorkspaceName;
+use Neos\Flow\Security\Context as SecurityContext;
 use Neos\Neos\Domain\Exception\SiteNodeTypeIsInvalid;
 use Neos\Neos\Domain\Model\Site;
 use Neos\Neos\Domain\Model\SiteNodeName;
@@ -49,6 +50,7 @@
     public function __construct(
         private ContentRepository $contentRepository,
         private WorkspaceService $workspaceService,
+        private SecurityContext $securityContext
     ) {
         $this->nodeTypeManager = $this->contentRepository->getNodeTypeManager();
         $this->interDimensionalVariationGraph = $this->contentRepository->getVariationGraph();
@@ -94,12 +96,15 @@ public function createSiteNodeIfNotExists(Site $site, string $nodeTypeName): voi
     {
         $liveWorkspace = $this->contentRepository->findWorkspaceByName(WorkspaceName::forLive());
         if ($liveWorkspace === null) {
-            $this->workspaceService->createRootWorkspace(
-                $this->contentRepository->id,
-                WorkspaceName::forLive(),
-                WorkspaceTitle::fromString('Public live workspace'),
-                WorkspaceDescription::empty(),
-                WorkspaceRoleAssignments::createForLiveWorkspace()
+            // CreateRootWorkspace was denied: Creation of root workspaces is currently only allowed with disabled authorization checks
+            $this->securityContext->withoutAuthorizationChecks(
+                fn () => $this->workspaceService->createRootWorkspace(
+                    $this->contentRepository->id,
+                    WorkspaceName::forLive(),
+                    WorkspaceTitle::fromString('Public live workspace'),
+                    WorkspaceDescription::empty(),
+                    WorkspaceRoleAssignments::createForLiveWorkspace()
+                )
             );
         }