BUGFIX: fix check for allowed workspaces

[Benjamin-K]

What I did

Previously the check for workspaces was done by adding ( isInWorkspace("workspaceA") || isInWorkspace("workspaceB") ) to the generated policy. But isInWorkspace() requires an array of all valid workspaces.

I fixed the issue by generating isInWorkspace(["workspaceA", "workspaceB"]) for the policy. I also always added the "live" workspace to this check as otherwise users with this role won't be able to change anything that is published to live even if they are in one of the restricted workspaces. To restrict a user from publishing to live, simply don't add the (parent) role "LivePublisher".

How to verify it

• Login
• Create new role
• Select workspaces you want to restrict the role to (create a new one if you do not have any except live yet)
• Create a new test user and apply the new role to it
• See if you can publish to any workspace not selected previously

Checklist

• [x] Code follows the PSR-2 coding style
• [x] Tests have been created, run and adjusted as needed --> I only tested the change manually

This also fixes #34

[skurfuerst]

very nice, thanks so much :)