Merge pull request #5417 from mhsdesign/task/remove-obsolte-legacy-ya…

…ml-policy-for-workspaces

!!! TASK: Remove obsolete legacy yaml policy for workspaces

Neos.Neos/Configuration/Policy.yaml

@@ -47,23 +47,10 @@ privilegeTargets:
       label: Access to own personal workspace
       matcher: 'method(Neos\Neos\TypeConverter\NodeConverter->prepareContextProperties(workspaceName === current.userInformation.personalWorkspaceName))'
 
-    # No role should have this privilege assigned:
-    'Neos.Neos:Backend.OtherUsersPersonalWorkspaceAccess':
-      label: Access to other users personal workspace
-      matcher: 'method(Neos\ContentRepository\Domain\Service\Context->validateWorkspace()) && evaluate(this.workspace.owner !== current.userInformation.backendUser, this.workspace.personalWorkspace === true)'
-
     'Neos.Neos:Backend.EditContent':
       label: General access to content editing
       matcher: 'method(Neos\Neos\Service\Controller\NodeController->(show|getPrimaryChildNode|getChildNodesForTree|filterChildNodesForTree|getChildNodes|getChildNodesFromParent|create|createAndRender|createNodeForTheTree|move|moveBefore|moveAfter|moveInto|moveAndRender|copy|copyBefore|copyAfter|copyInto|copyAndRender|update|updateAndRender|delete|searchPage|error)Action()) || method(Neos\Neos\Controller\Backend\ContentController->(uploadAsset|assetsWithMetadata|imageWithMetadata|createImageVariant|error)Action()) || method(Neos\Neos\Controller\Service\AssetProxiesController->(index|show|import|error)Action()) || method(Neos\Neos\Controller\Service\AssetsController->(index|show|error)Action()) || method(Neos\Neos\Controller\Service\NodesController->(index|show|create|error)Action())'
 
-    'Neos.Neos:Backend.PublishOwnWorkspaceContent':
-      label: Allowed to publish own personal workspace
-      matcher: 'method(Neos\Neos\Service\Controller\WorkspaceController->(publishNode|publishNodes|error)Action()) || method(Neos\Neos\Service\Controller\WorkspaceController->publishAllAction(workspaceName = current.userInformation.personalWorkspaceName)) || method(Neos\Neos\Service\Controller\WorkspaceController->getWorkspaceWideUnpublishedNodesAction(workspace.name = current.userInformation.personalWorkspaceName))'
-
-    'Neos.Neos:Backend.DiscardOwnWorkspaceContent':
-      label: Allowed to discard changes in own workspace
-      matcher: 'method(Neos\Neos\Service\Controller\WorkspaceController->(discardNode|discardNodes|error)Action()) || method(Neos\Neos\Service\Controller\WorkspaceController->discardAllAction(workspace.name === current.userInformation.personalWorkspaceName))'
-
     #
     # User management and user settings
     #
@@ -173,7 +160,6 @@ roles:
   'Neos.Neos:AbstractEditor':
     # This group is assigned conventionally for new shared workspaces as collaborator. See WorkspaceService::assignWorkspaceRole
     abstract: true
-    parentRoles: ['Neos.ContentRepository:Administrator']
     privileges:
       -
         privilegeTarget: 'Neos.Neos:Backend.GeneralAccess'
@@ -191,14 +177,6 @@ roles:
         privilegeTarget: 'Neos.Neos:Backend.EditContent'
         permission: GRANT
 
-      -
-        privilegeTarget: 'Neos.Neos:Backend.PublishOwnWorkspaceContent'
-        permission: GRANT
-
-      -
-        privilegeTarget: 'Neos.Neos:Backend.DiscardOwnWorkspaceContent'
-        permission: GRANT
-
       -
         privilegeTarget: 'Neos.Neos:Backend.ContentDimensions'
         permission: GRANT

Neos.Workspace.Ui/Configuration/Policy.yaml

@@ -2,58 +2,22 @@ privilegeTargets:
 
   'Neos\Flow\Security\Authorization\Privilege\Method\MethodPrivilege':
 
-    'Neos.Workspace.Ui:Backend.PublishAllToLiveWorkspace':
-      label: Allowed to publish to the live workspace
-      matcher: 'method(Neos\Workspace\Ui\Controller\WorkspaceController->publishWorkspaceAction(workspace.baseWorkspace.name === "live"))'
-
     'Neos.Workspace.Ui:Backend.CreateWorkspaces':
       label: Allowed to create a workspace
       matcher: 'method(Neos\Workspace\Ui\Controller\WorkspaceController->(create|new)Action())'
 
-    'Neos.Workspace.Ui:Backend.Module.Management.Workspace.ManageOwnWorkspaces':
-      label: Allowed to manage own workspaces
-      matcher: 'method(Neos\Workspace\Ui\Controller\WorkspaceController->(publishWorkspace|discardWorkspace|edit|update|delete)Action(workspace.owner === current.userInformation.backendUser))'
-
-    'Neos.Workspace.Ui:Backend.Module.Management.Workspace.ManageInternalWorkspaces':
-      label: Manage internal workspaces
-      matcher: 'method(Neos\Workspace\Ui\Controller\WorkspaceController->(publishWorkspace|discardWorkspace|edit|update|delete)Action(workspace.owner === null))'
-
-    'Neos.Workspace.Ui:Backend.Module.Management.Workspace.ManageAllPrivateWorkspaces':
-      label: Manage all private workspaces
-      matcher: 'method(Neos\Workspace\Ui\Controller\WorkspaceController->(publishWorkspace|discardWorkspace|edit|update|delete)Action()) && evaluate(this.workspace.owner !== current.userInformation.backendUser, this.workspace.personalWorkspace === false)'
-
   'Neos\Neos\Security\Authorization\Privilege\ModulePrivilege':
     'Neos.Workspace.Ui:Backend.Module.Management.Workspace':
       label: General access to the workspace module
       matcher: 'management/workspace'
 
 roles:
-  'Neos.Neos:LivePublisher':
-    privileges:
-      -
-        privilegeTarget: 'Neos.Workspace.Ui:Backend.PublishAllToLiveWorkspace'
-        permission: GRANT
-
   'Neos.Neos:AbstractEditor':
     privileges:
       -
         privilegeTarget: 'Neos.Workspace.Ui:Backend.CreateWorkspaces'
         permission: GRANT
 
-      -
-        privilegeTarget: 'Neos.Workspace.Ui:Backend.Module.Management.Workspace.ManageOwnWorkspaces'
-        permission: GRANT
-
       -
         privilegeTarget: 'Neos.Workspace.Ui:Backend.Module.Management.Workspace'
         permission: GRANT
-
-  'Neos.Neos:Administrator':
-    privileges:
-      -
-        privilegeTarget: 'Neos.Workspace.Ui:Backend.Module.Management.Workspace.ManageInternalWorkspaces'
-        permission: GRANT
-
-      -
-        privilegeTarget: 'Neos.Workspace.Ui:Backend.Module.Management.Workspace.ManageAllPrivateWorkspaces'
-        permission: GRANT

Neos.Workspace.Ui/Migrations/Code/Version20240603134000.php

@@ -26,31 +26,11 @@ public function getIdentifier(): string
 
     public function up(): void
     {
-        $this->searchAndReplace(
-            'Neos.Neos:Backend.PublishAllToLiveWorkspace',
-            'Neos.Workspace.Ui:Backend.PublishAllToLiveWorkspace',
-            ['yaml', 'html', 'php']
-        );
         $this->searchAndReplace(
             'Neos.Neos:Backend.CreateWorkspaces',
             'Neos.Workspace.Ui:Backend.CreateWorkspaces',
             ['yaml', 'html', 'php']
         );
-        $this->searchAndReplace(
-            'Neos.Neos:Backend.Module.Management.Workspaces.ManageOwnWorkspaces',
-            'Neos.Workspace.Ui:Backend.Module.Management.Workspace.ManageOwnWorkspaces',
-            ['yaml', 'html', 'php']
-        );
-        $this->searchAndReplace(
-            'Neos.Neos:Backend.Module.Management.Workspaces.ManageInternalWorkspaces',
-            'Neos.Workspace.Ui:Backend.Module.Management.Workspace.ManageInternalWorkspaces',
-            ['yaml', 'html', 'php']
-        );
-        $this->searchAndReplace(
-            'Neos.Neos:Backend.Module.Management.Workspaces.ManageAllPrivateWorkspaces',
-            'Neos.Workspace.Ui:Backend.Module.Management.Workspace.ManageAllPrivateWorkspaces',
-            ['yaml', 'html', 'php']
-        );
         $this->searchAndReplace(
             'Neos.Neos:Backend.Module.Management.Workspaces',
             'Neos.Workspace.Ui:Backend.Module.Management.Workspace',