TYPO3.Flow

when having defined an Entity resource like

'current.securityContext.party != this.owner'

the `owner` field refers to, in one case, to the actual `owner` field of the database table (i.e. in \TYPO3\Flow\Security\Aspect\PersistenceQueryRewritingAspect::rewriteQomQuery

and in the other case to the (hydrated) Entity property `owner` (i.e. in \TYPO3\Flow\Security\Aspect\PersistenceQueryRewritingAspect::checkAccessAfterFetchingAnObjectByIdentifier)

This leads to unpredicted results when the entity for example does not have a getter on this property, as it was in my case. I just considered it not necessary.

IMO urgently an exception is necessary if, in \TYPO3\Flow\Security\Aspect\PersistenceQueryRewritingAspect::checkSingleConstraintDefinitionOnResultObject, the following lines:

1if (!is_array($constraintDefinition['leftValue']) && strpos($constraintDefinition['leftValue'], 'this.') === 0) {
2    $referenceToThisFound = TRUE;
3    $propertyPath = substr($constraintDefinition['leftValue'], 5);
4    $leftOperand = $this->getObjectValueByPath($result, $propertyPath);
5}

need to throw an exception if getObjectValueByPath, leading to ObjectAccess::getPropertyPath, tries to access something that cannot be retrieved.