bwaidelich/ActionIfGrantedViewHelper.php

## ActionIfGrantedViewHelper.php
<?php
namespace Your\Package\ViewHelpers\Link;

use TYPO3\Flow\Annotations as Flow;
use TYPO3\Flow\Aop\JoinPoint;
use TYPO3\Flow\Mvc\ActionRequest;
use TYPO3\Flow\Security\Authorization\Privilege\Method\MethodPrivilegeInterface;
use TYPO3\Flow\Security\Authorization\Privilege\Method\MethodPrivilegeSubject;
use TYPO3\Flow\Security\Authorization\PrivilegeManagerInterface;
use TYPO3\Fluid\ViewHelpers\Link\ActionViewHelper;

/**
 * Specialized link.action ViewHelper that only renders the link if the target action is granted for the currently authenticated user
 *
 * = Examples =
 *
 * <code>
 * <x:link.actionIfGranted action="foo">some link</f:link.actionIfGranted>
 * </code>
 * <output>
 * <a href="...">some link</a>
 * (if the fooAction of the current controller is granted)
 * some link
 * (if it wasn't)
 * </output>
 */
class ActionIfGrantedViewHelper extends ActionViewHelper
{

    /**
     * @Flow\Inject
     * @var PrivilegeManagerInterface
     */
    protected $privilegeManager;

    /**
     * @inheritdoc
     */
    public function render($action, $arguments = [], $controller = null, $package = null, $subpackage = null, $section = '', $format = '', array $additionalParams = [], $addQueryString = false, array $argumentsToBeExcludedFromQueryString = [], $useParentRequest = false, $absolute = true)
    {
        if ($this->targetActionIsGranted()) {
            return parent::render($action, $arguments, $controller, $package, $subpackage, $section, $format, $additionalParams, $addQueryString, $argumentsToBeExcludedFromQueryString, $useParentRequest, $absolute);
        } else {
            return $this->renderChildren();
        }
    }

    /**
     * Whether or not the requested action is granted for the currently authenticated roles
     *
     * @return bool
     */
    protected function targetActionIsGranted()
    {
        $currentRequest = $this->controllerContext->getRequest();
        if (!$currentRequest instanceof ActionRequest) {
            return true;
        }
        $targetRequest = clone $currentRequest;
        if ($this->hasArgument('controller')) {
            $targetRequest->setControllerName($this->arguments['controller']);
        }
        if ($this->hasArgument('package')) {
            $targetRequest->setControllerPackageKey($this->arguments['package']);
        }
        if ($this->hasArgument('subpackage')) {
            $targetRequest->setControllerSubpackageKey($this->arguments['subpackage']);
        }
        $controllerObjectName = $targetRequest->getControllerObjectName();
        $proxy = $this->objectManager->get($controllerObjectName);
        $joinPoint = new JoinPoint($proxy, $controllerObjectName, $this->arguments['action'] . 'Action', $this->arguments['arguments']);
        return $this->privilegeManager->isGranted(MethodPrivilegeInterface::class, new MethodPrivilegeSubject($joinPoint));
    }

}
	<?php
	namespace Your\Package\ViewHelpers\Link;

	use TYPO3\Flow\Annotations as Flow;
	use TYPO3\Flow\Aop\JoinPoint;
	use TYPO3\Flow\Mvc\ActionRequest;
	use TYPO3\Flow\Security\Authorization\Privilege\Method\MethodPrivilegeInterface;
	use TYPO3\Flow\Security\Authorization\Privilege\Method\MethodPrivilegeSubject;
	use TYPO3\Flow\Security\Authorization\PrivilegeManagerInterface;
	use TYPO3\Fluid\ViewHelpers\Link\ActionViewHelper;

	/**
	* Specialized link.action ViewHelper that only renders the link if the target action is granted for the currently authenticated user
	*
	* = Examples =
	*
	* <code>
	* <x:link.actionIfGranted action="foo">some link</f:link.actionIfGranted>
	* </code>
	* <output>
	* <a href="...">some link</a>
	* (if the fooAction of the current controller is granted)
	* some link
	* (if it wasn't)
	* </output>
	*/
	class ActionIfGrantedViewHelper extends ActionViewHelper
	{

	/**
	* @Flow\Inject
	* @var PrivilegeManagerInterface
	*/
	protected $privilegeManager;

	/**
	* @inheritdoc
	*/
	public function render($action, $arguments = [], $controller = null, $package = null, $subpackage = null, $section = '', $format = '', array $additionalParams = [], $addQueryString = false, array $argumentsToBeExcludedFromQueryString = [], $useParentRequest = false, $absolute = true)
	{
	if ($this->targetActionIsGranted()) {
	return parent::render($action, $arguments, $controller, $package, $subpackage, $section, $format, $additionalParams, $addQueryString, $argumentsToBeExcludedFromQueryString, $useParentRequest, $absolute);
	} else {
	return $this->renderChildren();
	}
	}

	/**
	* Whether or not the requested action is granted for the currently authenticated roles
	*
	* @return bool
	*/
	protected function targetActionIsGranted()
	{
	$currentRequest = $this->controllerContext->getRequest();
	if (!$currentRequest instanceof ActionRequest) {
	return true;
	}
	$targetRequest = clone $currentRequest;
	if ($this->hasArgument('controller')) {
	$targetRequest->setControllerName($this->arguments['controller']);
	}
	if ($this->hasArgument('package')) {
	$targetRequest->setControllerPackageKey($this->arguments['package']);
	}
	if ($this->hasArgument('subpackage')) {
	$targetRequest->setControllerSubpackageKey($this->arguments['subpackage']);
	}
	$controllerObjectName = $targetRequest->getControllerObjectName();
	$proxy = $this->objectManager->get($controllerObjectName);
	$joinPoint = new JoinPoint($proxy, $controllerObjectName, $this->arguments['action'] . 'Action', $this->arguments['arguments']);
	return $this->privilegeManager->isGranted(MethodPrivilegeInterface::class, new MethodPrivilegeSubject($joinPoint));
	}

	}