[Bug]: isGranted of PermissionEvent is ignored with NOT_ALLOWED_POLICY_NULL

[fmaerkl-sw]

Expected behavior

Elements where an event handler for PermissionEvents::PRE_CHECK sets isGranted to false should be returned as null or filtered out of the result of a GraphQL query when NOT_ALLOWED_POLICY_NULL is used.
Just like an exception is thrown when NOT_ALLOWED_POLICY_EXCEPTION is used in the same situation.

Actual behavior

The contents of isGranted are completely ignored. It can be easily seen here that the value of $event->isGranted() has no effect if PimcoreDataHubBundle::getNotAllowedPolicy() !== PimcoreDataHubBundle::NOT_ALLOWED_POLICY_EXCEPTION:

data-hub/src/WorkspaceHelper.php

Lines 233 to 248 in 90aabfc

	$event = new PermissionEvent($element, $type);
	/** @var EventDispatcher $eventDispatcher */
	$eventDispatcher = \Pimcore::getContainer()->get('event_dispatcher');
	$eventDispatcher->dispatch($event, PermissionEvents::PRE_CHECK);
	if (!$event->isGranted() && PimcoreDataHubBundle::getNotAllowedPolicy() === PimcoreDataHubBundle::NOT_ALLOWED_POLICY_EXCEPTION) {
	throw new ClientSafeException('access for '. $element->getFullPath() . ' denied');
	}
	$isAllowed = self::isAllowed($element, $configuration, $type);
	if (!$isAllowed && PimcoreDataHubBundle::getNotAllowedPolicy() === PimcoreDataHubBundle::NOT_ALLOWED_POLICY_EXCEPTION) {
	$elementType = Service::getElementType($element);
	throw new ClientSafeException($type . ' access for ' . $elementType . ' ' . $element->getFullPath() . ' denied');
	}
	return $isAllowed;

Steps to reproduce

Register a handler for PermissionEvent and set isGranted to false:

use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Pimcore\Bundle\DataHubBundle\Event\GraphQL\Model\PermissionEvent;
use Pimcore\Bundle\DataHubBundle\Event\GraphQL\PermissionEvents;

class GraphQlSubscriber implements EventSubscriberInterface
{
    public static function getSubscribedEvents(): array
    {
        return [
            PermissionEvents::PRE_CHECK => 'adaptPermissions'
        ];
    }

    public function adaptPermissions(PermissionEvent $event): void
    {
        $event->setIsGranted(false);
    }
}

[github-actions]

Thanks a lot for reporting the issue. We did not consider the issue as "Pimcore:Priority", "Pimcore:ToDo" or "Pimcore:Backlog", so we're not going to work on that anytime soon. Please create a pull request to fix the issue if this is a bug report. We'll then review it as quickly as possible. If you're interested in contributing a feature, please contact us first here before creating a pull request. We'll then decide whether we'd accept it or not. Thanks for your understanding.