TASK: Remove policy for removed Neos\Neos\Service\Controller\NodeController

Neos.Neos/Classes/Service/UserService.php

@@ -59,6 +59,18 @@ public function getBackendUser()
         return $this->userDomainService->getCurrentUser();
     }
 
+    /**
+     * 8.3 behaviour: Returns the name of the currently logged in user's personal workspace
+     * (even if that might not exist at that time).
+     * If no user is logged in this method returns null.
+     *
+     * @deprecated and not implemented with Neos 9.0 - can be removed any time, just for the 8.3 upgrade phase
+     */
+    public function getPersonalWorkspaceName(): ?string
+    {
+        throw new \LogicException('`userInformation.personalWorkspaceName` was removed in Neos 9.0 see https://github.com/neos/neos-development-collection/pull/5418');
+    }
+
     /**
      * Returns the stored preferences of a user
      *

Neos.Neos/Configuration/Policy.yaml

@@ -43,26 +43,9 @@ privilegeTargets:
       label: Access to content service APIs
       matcher: 'method(Neos\Neos\Controller\Backend\SchemaController->(nodeTypeSchema)Action()) || method(Neos\Neos\Controller\Backend\SettingsController->editPreviewAction())'
 
-    'Neos.Neos:Backend.PersonalWorkspaceReadAccess.NodeConverter':
-      label: Access to own personal workspace
-      matcher: 'method(Neos\Neos\TypeConverter\NodeConverter->prepareContextProperties(workspaceName === current.userInformation.personalWorkspaceName))'
-
-    # No role should have this privilege assigned:
-    'Neos.Neos:Backend.OtherUsersPersonalWorkspaceAccess':
-      label: Access to other users personal workspace
-      matcher: 'method(Neos\ContentRepository\Domain\Service\Context->validateWorkspace()) && evaluate(this.workspace.owner !== current.userInformation.backendUser, this.workspace.personalWorkspace === true)'
-
     'Neos.Neos:Backend.EditContent':
       label: General access to content editing
-      matcher: 'method(Neos\Neos\Service\Controller\NodeController->(show|getPrimaryChildNode|getChildNodesForTree|filterChildNodesForTree|getChildNodes|getChildNodesFromParent|create|createAndRender|createNodeForTheTree|move|moveBefore|moveAfter|moveInto|moveAndRender|copy|copyBefore|copyAfter|copyInto|copyAndRender|update|updateAndRender|delete|searchPage|error)Action()) || method(Neos\Neos\Controller\Backend\ContentController->(uploadAsset|assetsWithMetadata|imageWithMetadata|createImageVariant|error)Action()) || method(Neos\Neos\Controller\Service\AssetProxiesController->(index|show|import|error)Action()) || method(Neos\Neos\Controller\Service\AssetsController->(index|show|error)Action()) || method(Neos\Neos\Controller\Service\NodesController->(index|show|create|error)Action())'
-
-    'Neos.Neos:Backend.PublishOwnWorkspaceContent':
-      label: Allowed to publish own personal workspace
-      matcher: 'method(Neos\Neos\Service\Controller\WorkspaceController->(publishNode|publishNodes|error)Action()) || method(Neos\Neos\Service\Controller\WorkspaceController->publishAllAction(workspaceName = current.userInformation.personalWorkspaceName)) || method(Neos\Neos\Service\Controller\WorkspaceController->getWorkspaceWideUnpublishedNodesAction(workspace.name = current.userInformation.personalWorkspaceName))'
-
-    'Neos.Neos:Backend.DiscardOwnWorkspaceContent':
-      label: Allowed to discard changes in own workspace
-      matcher: 'method(Neos\Neos\Service\Controller\WorkspaceController->(discardNode|discardNodes|error)Action()) || method(Neos\Neos\Service\Controller\WorkspaceController->discardAllAction(workspace.name === current.userInformation.personalWorkspaceName))'
+      matcher: 'method(Neos\Neos\Controller\Backend\ContentController->(uploadAsset|assetsWithMetadata|imageWithMetadata|createImageVariant|error)Action()) || method(Neos\Neos\Controller\Service\AssetProxiesController->(index|show|import|error)Action()) || method(Neos\Neos\Controller\Service\AssetsController->(index|show|error)Action()) || method(Neos\Neos\Controller\Service\NodesController->(index|show|create|error)Action())'
 
     #
     # User management and user settings
@@ -173,7 +156,6 @@ roles:
   'Neos.Neos:AbstractEditor':
     # This group is assigned conventionally for new shared workspaces as collaborator. See WorkspaceService::assignWorkspaceRole
     abstract: true
-    parentRoles: ['Neos.ContentRepository:Administrator']
     privileges:
       -
         privilegeTarget: 'Neos.Neos:Backend.GeneralAccess'
@@ -183,22 +165,10 @@ roles:
         privilegeTarget: 'Neos.Neos:ContentPreview'
         permission: GRANT
 
-      -
-        privilegeTarget: 'Neos.Neos:Backend.PersonalWorkspaceReadAccess.NodeConverter'
-        permission: GRANT
-
       -
         privilegeTarget: 'Neos.Neos:Backend.EditContent'
         permission: GRANT
 
-      -
-        privilegeTarget: 'Neos.Neos:Backend.PublishOwnWorkspaceContent'
-        permission: GRANT
-
-      -
-        privilegeTarget: 'Neos.Neos:Backend.DiscardOwnWorkspaceContent'
-        permission: GRANT
-
       -
         privilegeTarget: 'Neos.Neos:Backend.ContentDimensions'
         permission: GRANT

Neos.Workspace.Ui/Configuration/Policy.yaml

@@ -2,58 +2,22 @@ privilegeTargets:
 
   'Neos\Flow\Security\Authorization\Privilege\Method\MethodPrivilege':
 
-    'Neos.Workspace.Ui:Backend.PublishAllToLiveWorkspace':
-      label: Allowed to publish to the live workspace
-      matcher: 'method(Neos\Workspace\Ui\Controller\WorkspaceController->publishWorkspaceAction(workspace.baseWorkspace.name === "live"))'
-
     'Neos.Workspace.Ui:Backend.CreateWorkspaces':
       label: Allowed to create a workspace
       matcher: 'method(Neos\Workspace\Ui\Controller\WorkspaceController->(create|new)Action())'
 
-    'Neos.Workspace.Ui:Backend.Module.Management.Workspace.ManageOwnWorkspaces':
-      label: Allowed to manage own workspaces
-      matcher: 'method(Neos\Workspace\Ui\Controller\WorkspaceController->(publishWorkspace|discardWorkspace|edit|update|delete)Action(workspace.owner === current.userInformation.backendUser))'
-
-    'Neos.Workspace.Ui:Backend.Module.Management.Workspace.ManageInternalWorkspaces':
-      label: Manage internal workspaces
-      matcher: 'method(Neos\Workspace\Ui\Controller\WorkspaceController->(publishWorkspace|discardWorkspace|edit|update|delete)Action(workspace.owner === null))'
-
-    'Neos.Workspace.Ui:Backend.Module.Management.Workspace.ManageAllPrivateWorkspaces':
-      label: Manage all private workspaces
-      matcher: 'method(Neos\Workspace\Ui\Controller\WorkspaceController->(publishWorkspace|discardWorkspace|edit|update|delete)Action()) && evaluate(this.workspace.owner !== current.userInformation.backendUser, this.workspace.personalWorkspace === false)'
-
   'Neos\Neos\Security\Authorization\Privilege\ModulePrivilege':
     'Neos.Workspace.Ui:Backend.Module.Management.Workspace':
       label: General access to the workspace module
       matcher: 'management/workspace'
 
 roles:
-  'Neos.Neos:LivePublisher':
-    privileges:
-      -
-        privilegeTarget: 'Neos.Workspace.Ui:Backend.PublishAllToLiveWorkspace'
-        permission: GRANT
-
   'Neos.Neos:AbstractEditor':
     privileges:
       -
         privilegeTarget: 'Neos.Workspace.Ui:Backend.CreateWorkspaces'
         permission: GRANT
 
-      -
-        privilegeTarget: 'Neos.Workspace.Ui:Backend.Module.Management.Workspace.ManageOwnWorkspaces'
-        permission: GRANT
-
       -
         privilegeTarget: 'Neos.Workspace.Ui:Backend.Module.Management.Workspace'
         permission: GRANT
-
-  'Neos.Neos:Administrator':
-    privileges:
-      -
-        privilegeTarget: 'Neos.Workspace.Ui:Backend.Module.Management.Workspace.ManageInternalWorkspaces'
-        permission: GRANT
-
-      -
-        privilegeTarget: 'Neos.Workspace.Ui:Backend.Module.Management.Workspace.ManageAllPrivateWorkspaces'
-        permission: GRANT

Neos.Workspace.Ui/Migrations/Code/Version20240603134000.php

@@ -26,31 +26,11 @@ public function getIdentifier(): string
 
     public function up(): void
     {
-        $this->searchAndReplace(
-            'Neos.Neos:Backend.PublishAllToLiveWorkspace',
-            'Neos.Workspace.Ui:Backend.PublishAllToLiveWorkspace',
-            ['yaml', 'html', 'php']
-        );
         $this->searchAndReplace(
             'Neos.Neos:Backend.CreateWorkspaces',
             'Neos.Workspace.Ui:Backend.CreateWorkspaces',
             ['yaml', 'html', 'php']
         );
-        $this->searchAndReplace(
-            'Neos.Neos:Backend.Module.Management.Workspaces.ManageOwnWorkspaces',
-            'Neos.Workspace.Ui:Backend.Module.Management.Workspace.ManageOwnWorkspaces',
-            ['yaml', 'html', 'php']
-        );
-        $this->searchAndReplace(
-            'Neos.Neos:Backend.Module.Management.Workspaces.ManageInternalWorkspaces',
-            'Neos.Workspace.Ui:Backend.Module.Management.Workspace.ManageInternalWorkspaces',
-            ['yaml', 'html', 'php']
-        );
-        $this->searchAndReplace(
-            'Neos.Neos:Backend.Module.Management.Workspaces.ManageAllPrivateWorkspaces',
-            'Neos.Workspace.Ui:Backend.Module.Management.Workspace.ManageAllPrivateWorkspaces',
-            ['yaml', 'html', 'php']
-        );
         $this->searchAndReplace(
             'Neos.Neos:Backend.Module.Management.Workspaces',
             'Neos.Workspace.Ui:Backend.Module.Management.Workspace',