Restrict reading of nodes based on a property

[neos-bot]

Jira issue originally created by user @sebobo:

Additionally to hide nodes based on their type or identifier it should be possible to disallow reading of nodes based on a node property.

Use cases

This can be used to allow integrators or editors restrict certain nodes for a frontend user group.

Examples for a possible matchers

    matcher: 'nodeProperty("restricted") == TRUE'

    matcher: 'context.user.role in nodeProperty("allowedGroups")'

    matcher: 'isDescendantOfNodeWithProperty("restricted") == TRUE'

Jira-URL: https://jira.neos.io/browse/NEOS-1458

[neos-bot]

Comment created by @bwaidelich:

This would be a very handy improvement, indeed. Just some remarks:

• Nodes have a (more or less unused) property "AccessRoles" that we could reuse, in addition to actual node properties. With a custom Neos editor that would allow for a UI similar to the one from TYPO3

• Be aware of the Security\Context::getContextHash() that is used to cache doctrine queries/results and that is currently only based on the authenticated roles. We probably have to adjust that behavior anyways, but if you get strange results make sure to disable/debug that cache (Aske once solved this with a hack: https://gist.github.com/aertmann/51ae0040b1ef179c208e#file-sqlfilter-php-L96-L97)

• Rens created a snippet that is related and might help: https://gist.github.com/radmiraal/34cabaea45fecf0c5b40

[neos-bot]

Comment created by @sebobo:

Created a first working version of the feature: https://github.com/Sebobo/neos-development-collection/commit/355478ac9f2dcec095f32739d008fbe15138fbd8

Would require some feedback now. It wasn't able to implement the query with the query builder, there are always errors. The raw query works fine but I'm not 100% sure if there will be problems with other DBMS.