Bug #22410 » 14050_cleaning_t3lib_userauthgroup.patch
| t3lib/class.t3lib_userauthgroup.php (revision ) | ||
|---|---|---|
|
<?php
|
||
|
/***************************************************************
|
||
|
* Copyright notice
|
||
|
*
|
||
|
* (c) 1999-2010 Kasper Sk?rh?j (kasperYYYY@typo3.com)
|
||
|
* All rights reserved
|
||
|
*
|
||
|
* This script is part of the TYPO3 project. The TYPO3 project is
|
||
|
* free software; you can redistribute it and/or modify
|
||
|
* it under the terms of the GNU General Public License as published by
|
||
|
* the Free Software Foundation; either version 2 of the License, or
|
||
|
* (at your option) any later version.
|
||
|
*
|
||
|
* The GNU General Public License can be found at
|
||
|
* http://www.gnu.org/copyleft/gpl.html.
|
||
|
* A copy is found in the textfile GPL.txt and important notices to the license
|
||
|
* from the author is found in LICENSE.txt distributed with these scripts.
|
||
|
*
|
||
|
*
|
||
|
* This script is distributed in the hope that it will be useful,
|
||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||
|
* GNU General Public License for more details.
|
||
|
*
|
||
|
* This copyright notice MUST APPEAR in all copies of the script!
|
||
|
***************************************************************/
|
||
|
* Copyright notice
|
||
|
*
|
||
|
* (c) 1999-2010 Kasper Sk?rh?j (kasperYYYY@typo3.com)
|
||
|
* All rights reserved
|
||
|
*
|
||
|
* This script is part of the TYPO3 project. The TYPO3 project is
|
||
|
* free software; you can redistribute it and/or modify
|
||
|
* it under the terms of the GNU General Public License as published by
|
||
|
* the Free Software Foundation; either version 2 of the License, or
|
||
|
* (at your option) any later version.
|
||
|
*
|
||
|
* The GNU General Public License can be found at
|
||
|
* http://www.gnu.org/copyleft/gpl.html.
|
||
|
* A copy is found in the textfile GPL.txt and important notices to the license
|
||
|
* from the author is found in LICENSE.txt distributed with these scripts.
|
||
|
*
|
||
|
*
|
||
|
* This script is distributed in the hope that it will be useful,
|
||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||
|
* GNU General Public License for more details.
|
||
|
*
|
||
|
* This copyright notice MUST APPEAR in all copies of the script!
|
||
|
***************************************************************/
|
||
|
/**
|
||
|
* Contains an extension class specifically for authentication/initialization of backend users in TYPO3
|
||
|
*
|
||
| ... | ... | |
|
*
|
||
|
* 135: class t3lib_userAuthGroup extends t3lib_userAuth
|
||
|
*
|
||
|
* SECTION: Permission checking functions:
|
||
|
* SECTION: Permission checking functions:
|
||
|
* 199: function isAdmin()
|
||
|
* 199: function isAdmin()
|
||
|
* 211: function isMemberOfGroup($groupId)
|
||
|
* 211: function isMemberOfGroup($groupId)
|
||
|
* 233: function doesUserHaveAccess($row,$perms)
|
||
|
* 233: function doesUserHaveAccess($row,$perms)
|
||
|
* 250: function isInWebMount($id,$readPerms='',$exitOnError=0)
|
||
|
* 250: function isInWebMount($id,$readPerms='',$exitOnError=0)
|
||
|
* 277: function modAccess($conf,$exitOnError)
|
||
|
* 277: function modAccess($conf,$exitOnError)
|
||
|
* 328: function getPagePermsClause($perms)
|
||
|
* 328: function getPagePermsClause($perms)
|
||
|
* 367: function calcPerms($row)
|
||
|
* 367: function calcPerms($row)
|
||
|
* 405: function isRTE()
|
||
|
* 405: function isRTE()
|
||
|
* 439: function check($type,$value)
|
||
|
* 439: function check($type,$value)
|
||
|
* 456: function checkAuthMode($table,$field,$value,$authMode)
|
||
|
* 456: function checkAuthMode($table,$field,$value,$authMode)
|
||
|
* 522: function checkLanguageAccess($langValue)
|
||
|
* 522: function checkLanguageAccess($langValue)
|
||
|
* 544: function recordEditAccessInternals($table,$idOrRow,$newRecord=FALSE)
|
||
|
* 544: function recordEditAccessInternals($table,$idOrRow,$newRecord=FALSE)
|
||
|
* 619: function isPSet($lCP,$table,$type='')
|
||
|
* 619: function isPSet($lCP,$table,$type='')
|
||
|
* 636: function mayMakeShortcut()
|
||
|
* 636: function mayMakeShortcut()
|
||
|
* 650: function workspaceCannotEditRecord($table,$recData)
|
||
|
* 650: function workspaceCannotEditRecord($table,$recData)
|
||
|
* 689: function workspaceCannotEditOfflineVersion($table,$recData)
|
||
|
* 689: function workspaceCannotEditOfflineVersion($table,$recData)
|
||
|
* 712: function workspaceAllowLiveRecordsInPID($pid, $table)
|
||
|
* 712: function workspaceAllowLiveRecordsInPID($pid, $table)
|
||
|
* 733: function workspaceCreateNewRecord($pid, $table)
|
||
|
* 733: function workspaceCreateNewRecord($pid, $table)
|
||
|
* 752: function workspaceAllowAutoCreation($table,$id,$recpid)
|
||
|
* 752: function workspaceAllowAutoCreation($table,$id,$recpid)
|
||
|
* 772: function workspaceCheckStageForCurrent($stage)
|
||
|
* 772: function workspaceCheckStageForCurrent($stage)
|
||
|
* 795: function workspacePublishAccess($wsid)
|
||
|
* 795: function workspacePublishAccess($wsid)
|
||
|
* 823: function workspaceSwapAccess()
|
||
|
* 823: function workspaceSwapAccess()
|
||
|
* 835: function workspaceVersioningTypeAccess($type)
|
||
|
* 835: function workspaceVersioningTypeAccess($type)
|
||
|
* 866: function workspaceVersioningTypeGetClosest($type)
|
||
|
* 866: function workspaceVersioningTypeGetClosest($type)
|
||
|
*
|
||
|
* SECTION: Miscellaneous functions
|
||
|
* SECTION: Miscellaneous functions
|
||
|
* 909: function getTSConfig($objectString,$config='')
|
||
|
* 909: function getTSConfig($objectString,$config='')
|
||
|
* 935: function getTSConfigVal($objectString)
|
||
|
* 935: function getTSConfigVal($objectString)
|
||
|
* 947: function getTSConfigProp($objectString)
|
||
|
* 947: function getTSConfigProp($objectString)
|
||
|
* 959: function inList($in_list,$item)
|
||
|
* 959: function inList($in_list,$item)
|
||
|
* 970: function returnWebmounts()
|
||
|
* 970: function returnWebmounts()
|
||
|
* 980: function returnFilemounts()
|
||
|
* 980: function returnFilemounts()
|
||
|
* 997: function jsConfirmation($bitmask)
|
||
|
* 997: function jsConfirmation($bitmask)
|
||
|
*
|
||
|
* SECTION: Authentication methods
|
||
|
* SECTION: Authentication methods
|
||
|
* 1035: function fetchGroupData()
|
||
|
* 1035: function fetchGroupData()
|
||
|
* 1168: function fetchGroups($grList,$idList='')
|
||
|
* 1168: function fetchGroups($grList,$idList='')
|
||
|
* 1266: function setCachedList($cList)
|
||
|
* 1266: function setCachedList($cList)
|
||
|
* 1286: function addFileMount($title, $altTitle, $path, $webspace, $type)
|
||
|
* 1286: function addFileMount($title, $altTitle, $path, $webspace, $type)
|
||
|
* 1333: function addTScomment($str)
|
||
|
* 1333: function addTScomment($str)
|
||
|
*
|
||
|
* SECTION: Workspaces
|
||
|
* SECTION: Workspaces
|
||
|
* 1369: function workspaceInit()
|
||
|
* 1369: function workspaceInit()
|
||
|
* 1412: function checkWorkspace($wsRec,$fields='uid,title,adminusers,members,reviewers,publish_access,stagechg_notification')
|
||
|
* 1412: function checkWorkspace($wsRec,$fields='uid,title,adminusers,members,reviewers,publish_access,stagechg_notification')
|
||
|
* 1487: function checkWorkspaceCurrent()
|
||
|
* 1487: function checkWorkspaceCurrent()
|
||
|
* 1500: function setWorkspace($workspaceId)
|
||
|
* 1500: function setWorkspace($workspaceId)
|
||
|
* 1528: function setWorkspacePreview($previewState)
|
||
|
* 1528: function setWorkspacePreview($previewState)
|
||
|
* 1538: function getDefaultWorkspace()
|
||
|
* 1538: function getDefaultWorkspace()
|
||
|
*
|
||
|
* SECTION: Logging
|
||
|
* SECTION: Logging
|
||
|
* 1589: function writelog($type,$action,$error,$details_nr,$details,$data,$tablename='',$recuid='',$recpid='',$event_pid=-1,$NEWid='',$userId=0)
|
||
|
* 1589: function writelog($type,$action,$error,$details_nr,$details,$data,$tablename='',$recuid='',$recpid='',$event_pid=-1,$NEWid='',$userId=0)
|
||
|
* 1621: function simplelog($message, $extKey='', $error=0)
|
||
|
* 1621: function simplelog($message, $extKey='', $error=0)
|
||
|
* 1642: function checkLogFailures($email, $secondsBack=3600, $max=3)
|
||
|
* 1642: function checkLogFailures($email, $secondsBack=3600, $max=3)
|
||
|
*
|
||
|
* TOTAL FUNCTIONS: 45
|
||
|
* (This index is automatically created/updated by the extension "extdeveval")
|
||
| ... | ... | |
|
*/
|
||
|
/**
|
||
|
* Extension to class.t3lib_userauth.php; Authentication of users in TYPO3 Backend
|
||
|
*
|
||
| ... | ... | |
|
* @subpackage t3lib
|
||
|
*/
|
||
|
class t3lib_userAuthGroup extends t3lib_userAuth {
|
||
|
var $usergroup_column = 'usergroup'; // Should be set to the usergroup-column (id-list) in the user-record
|
||
|
var $usergroup_column = 'usergroup'; // Should be set to the usergroup-column (id-list) in the user-record
|
||
|
var $usergroup_table = 'be_groups'; // The name of the group-table
|
||
|
var $usergroup_table = 'be_groups'; // The name of the group-table
|
||
|
// internal
|
||
|
var $groupData = Array( // This array holds lists of eg. tables, fields and other values related to the permission-system. See fetchGroupData
|
||
|
'filemounts' => Array() // Filemounts are loaded here
|
||
|
var $groupData = array( // This array holds lists of eg. tables, fields and other values related to the permission-system. See fetchGroupData
|
||
|
'filemounts' => array() // Filemounts are loaded here
|
||
|
);
|
||
|
var $workspace = -99; // User workspace. -99 is ERROR (none available), -1 is offline, 0 is online, >0 is custom workspaces.
|
||
|
var $workspace = -99; // User workspace. -99 is ERROR (none available), -1 is offline, 0 is online, >0 is custom workspaces.
|
||
|
var $workspaceRec = array(); // Custom workspace record if any
|
||
|
var $workspaceRec = array(); // Custom workspace record if any
|
||
|
var $userGroups = Array(); // This array will hold the groups that the user is a member of
|
||
|
var $userGroupsUID = Array(); // This array holds the uid's of the groups in the listed order
|
||
|
var $userGroups = array(); // This array will hold the groups that the user is a member of
|
||
|
var $userGroupsUID = array(); // This array holds the uid's of the groups in the listed order
|
||
|
var $groupList =''; // This is $this->userGroupsUID imploded to a comma list... Will correspond to the 'usergroup_cached_list'
|
||
|
var $groupList = ''; // This is $this->userGroupsUID imploded to a comma list... Will correspond to the 'usergroup_cached_list'
|
||
|
var $dataLists=array( // Used internally to accumulate data for the user-group. DONT USE THIS EXTERNALLY! Use $this->groupData instead
|
||
|
var $dataLists = array( // Used internally to accumulate data for the user-group. DONT USE THIS EXTERNALLY! Use $this->groupData instead
|
||
|
'webmount_list'=>'',
|
||
|
'webmount_list' => '',
|
||
|
'filemount_list'=>'',
|
||
|
'filemount_list' => '',
|
||
|
'fileoper_perms' => 0,
|
||
|
'modList'=>'',
|
||
|
'modList' => '',
|
||
|
'tables_select'=>'',
|
||
|
'tables_select' => '',
|
||
|
'tables_modify'=>'',
|
||
|
'tables_modify' => '',
|
||
|
'pagetypes_select'=>'',
|
||
|
'pagetypes_select' => '',
|
||
|
'non_exclude_fields'=>'',
|
||
|
'non_exclude_fields' => '',
|
||
|
'explicit_allowdeny'=>'',
|
||
|
'explicit_allowdeny' => '',
|
||
|
'allowed_languages' => '',
|
||
|
'workspace_perms' => '',
|
||
|
'custom_options' => '',
|
||
|
);
|
||
|
var $includeHierarchy=array(); // For debugging/display of order in which subgroups are included.
|
||
|
var $includeHierarchy = array(); // For debugging/display of order in which subgroups are included.
|
||
|
var $includeGroupArray=array(); // List of group_id's in the order they are processed.
|
||
|
var $includeGroupArray = array(); // List of group_id's in the order they are processed.
|
||
|
var $OS=''; // Set to 'WIN', if windows
|
||
|
var $OS = ''; // Set to 'WIN', if windows
|
||
|
var $TSdataArray=array(); // Used to accumulate the TSconfig data of the user
|
||
|
var $TSdataArray = array(); // Used to accumulate the TSconfig data of the user
|
||
|
var $userTS_text = ''; // Contains the non-parsed user TSconfig
|
||
|
var $userTS_text = ''; // Contains the non-parsed user TSconfig
|
||
|
var $userTS = array(); // Contains the parsed user TSconfig
|
||
|
var $userTS = array(); // Contains the parsed user TSconfig
|
||
|
var $userTSUpdated=0; // Set internally if the user TSconfig was parsed and needs to be cached.
|
||
|
var $userTSUpdated = 0; // Set internally if the user TSconfig was parsed and needs to be cached.
|
||
|
var $userTS_dontGetCached=0; // Set this from outside if you want the user TSconfig to ALWAYS be parsed and not fetched from cache.
|
||
|
var $userTS_dontGetCached = 0; // Set this from outside if you want the user TSconfig to ALWAYS be parsed and not fetched from cache.
|
||
|
var $RTE_errors = array(); // RTE availability errors collected.
|
||
|
var $RTE_errors = array(); // RTE availability errors collected.
|
||
|
var $errorMsg = ''; // Contains last error message
|
||
|
var $errorMsg = ''; // Contains last error message
|
||
|
var $checkWorkspaceCurrent_cache=NULL; // Cache for checkWorkspaceCurrent()
|
||
|
var $checkWorkspaceCurrent_cache = NULL; // Cache for checkWorkspaceCurrent()
|
||
|
/************************************
|
||
|
*
|
||
|
* Permission checking functions:
|
||
| ... | ... | |
|
*
|
||
|
* @return boolean
|
||
|
*/
|
||
|
function isAdmin() {
|
||
|
function isAdmin() {
|
||
|
return (($this->user['admin']&1) ==1);
|
||
|
return (($this->user['admin'] & 1) == 1);
|
||
|
}
|
||
|
/**
|
||
| ... | ... | |
|
* @param integer Group ID to look for in $this->groupList
|
||
|
* @return boolean
|
||
|
*/
|
||
|
function isMemberOfGroup($groupId) {
|
||
|
function isMemberOfGroup($groupId) {
|
||
|
$groupId = intval($groupId);
|
||
|
if ($this->groupList && $groupId) {
|
||
|
if ($this->groupList && $groupId) {
|
||
|
return $this->inList($this->groupList, $groupId);
|
||
|
}
|
||
|
}
|
||
| ... | ... | |
|
*
|
||
|
* Bits for permissions, see $perms variable:
|
||
|
*
|
||
|
* 1 - Show: See/Copy page and the pagecontent.
|
||
|
* 1 - Show: See/Copy page and the pagecontent.
|
||
|
* 16- Edit pagecontent: Change/Add/Delete/Move pagecontent.
|
||
|
* 16- Edit pagecontent: Change/Add/Delete/Move pagecontent.
|
||
|
* 2- Edit page: Change/Move the page, eg. change title, startdate, hidden.
|
||
|
* 2- Edit page: Change/Move the page, eg. change title, startdate, hidden.
|
||
|
* 4- Delete page: Delete the page and pagecontent.
|
||
|
* 4- Delete page: Delete the page and pagecontent.
|
||
|
* 8- New pages: Create new pages under the page.
|
||
|
* 8- New pages: Create new pages under the page.
|
||
|
*
|
||
|
* @param array $row is the pagerow for which the permissions is checked
|
||
|
* @param integer $perms is the binary representation of the permission we are going to check. Every bit in this number represents a permission that must be set. See function explanation.
|
||
|
* @return boolean True or False upon evaluation
|
||
|
*/
|
||
|
function doesUserHaveAccess($row,$perms) {
|
||
|
function doesUserHaveAccess($row, $perms) {
|
||
|
$userPerms = $this->calcPerms($row);
|
||
|
return ($userPerms & $perms)==$perms;
|
||
|
return ($userPerms & $perms) == $perms;
|
||
|
}
|
||
|
/**
|
||
| ... | ... | |
|
* @param boolean If set, then the function will exit with an error message.
|
||
|
* @return integer The page UID of a page in the rootline that matched a mount point
|
||
|
*/
|
||
|
function isInWebMount($id,$readPerms='',$exitOnError=0) {
|
||
|
function isInWebMount($id, $readPerms = '', $exitOnError = 0) {
|
||
|
if (!$GLOBALS['TYPO3_CONF_VARS']['BE']['lockBeUserToDBmounts'] || $this->isAdmin()) return 1;
|
||
|
if (!$GLOBALS['TYPO3_CONF_VARS']['BE']['lockBeUserToDBmounts'] || $this->isAdmin()) {
|
||
|
return 1;
|
||
|
}
|
||
|
$id = intval($id);
|
||
|
// Check if input id is an offline version page in which case we will map id to the online version:
|
||
|
$checkRec = t3lib_beFUnc::getRecord('pages',$id,'pid,t3ver_oid');
|
||
|
$checkRec = t3lib_beFUnc::getRecord('pages', $id, 'pid,t3ver_oid');
|
||
|
if ($checkRec['pid']==-1) {
|
||
|
if ($checkRec['pid'] == -1) {
|
||
|
$id = intval($checkRec['t3ver_oid']);
|
||
|
}
|
||
|
if (!$readPerms) $readPerms = $this->getPagePermsClause(1);
|
||
|
if (!$readPerms) {
|
||
|
$readPerms = $this->getPagePermsClause(1);
|
||
|
}
|
||
|
if ($id>0) {
|
||
|
if ($id > 0) {
|
||
|
$wM = $this->returnWebmounts();
|
||
|
$rL = t3lib_BEfunc::BEgetRootLine($id,' AND '.$readPerms);
|
||
|
$rL = t3lib_BEfunc::BEgetRootLine($id, ' AND ' . $readPerms);
|
||
|
foreach($rL as $v) {
|
||
|
foreach ($rL as $v) {
|
||
|
if ($v['uid'] && in_array($v['uid'],$wM)) {
|
||
|
if ($v['uid'] && in_array($v['uid'], $wM)) {
|
||
|
return $v['uid'];
|
||
|
}
|
||
|
}
|
||
| ... | ... | |
|
* @param boolean If set, an array will issue an error message and exit.
|
||
|
* @return boolean Will return true if $MCONF['access'] is not set at all, if the BE_USER is admin or if the module is enabled in the be_users/be_groups records of the user (specifically enabled). Will return false if the module name is not even found in $TBE_MODULES
|
||
|
*/
|
||
|
function modAccess($conf,$exitOnError) {
|
||
|
function modAccess($conf, $exitOnError) {
|
||
|
if (!t3lib_BEfunc::isModuleSetInTBE_MODULES($conf['name'])) {
|
||
|
if (!t3lib_BEfunc::isModuleSetInTBE_MODULES($conf['name'])) {
|
||
|
if ($exitOnError) {
|
||
|
throw new RuntimeException('Fatal Error: This module "'.$conf['name'].'" is not enabled in TBE_MODULES');
|
||
|
throw new RuntimeException('Fatal Error: This module "' . $conf['name'] . '" is not enabled in TBE_MODULES');
|
||
|
}
|
||
|
return FALSE;
|
||
|
}
|
||
|
// Workspaces check:
|
||
|
if ($conf['workspaces']) {
|
||
|
if ($conf['workspaces']) {
|
||
|
if (($this->workspace===0 && t3lib_div::inList($conf['workspaces'],'online')) ||
|
||
|
if (($this->workspace === 0 && t3lib_div::inList($conf['workspaces'], 'online')) ||
|
||
|
($this->workspace===-1 && t3lib_div::inList($conf['workspaces'],'offline')) ||
|
||
|
($this->workspace === -1 && t3lib_div::inList($conf['workspaces'], 'offline')) ||
|
||
|
($this->workspace>0 && t3lib_div::inList($conf['workspaces'],'custom'))) {
|
||
|
($this->workspace > 0 && t3lib_div::inList($conf['workspaces'], 'custom'))) {
|
||
|
// ok, go on...
|
||
|
// ok, go on...
|
||
|
} else {
|
||
|
if ($exitOnError) {
|
||
|
throw new RuntimeException('Workspace Error: This module "'.$conf['name'].'" is not available under the current workspace');
|
||
|
throw new RuntimeException('Workspace Error: This module "' . $conf['name'] . '" is not available under the current workspace');
|
||
|
}
|
||
|
return FALSE;
|
||
|
}
|
||
|
}
|
||
|
// Returns true if conf[access] is not set at all or if the user is admin
|
||
|
if (!$conf['access'] || $this->isAdmin()) return TRUE;
|
||
|
if (!$conf['access'] || $this->isAdmin()) {
|
||
|
return TRUE;
|
||
|
}
|
||
|
// If $conf['access'] is set but not with 'admin' then we return true, if the module is found in the modList
|
||
|
if (!strstr($conf['access'],'admin') && $conf['name']) {
|
||
|
if (!strstr($conf['access'], 'admin') && $conf['name']) {
|
||
|
$acs = $this->check('modules',$conf['name']);
|
||
|
$acs = $this->check('modules', $conf['name']);
|
||
|
}
|
||
|
if (!$acs && $exitOnError) {
|
||
|
if (!$acs && $exitOnError) {
|
||
|
throw new RuntimeException('Access Error: You don\'t have access to this module.');
|
||
|
} else {
|
||
|
return $acs;
|
||
| ... | ... | |
|
/**
|
||
|
* Returns a WHERE-clause for the pages-table where user permissions according to input argument, $perms, is validated.
|
||
|
* $perms is the "mask" used to select. Fx. if $perms is 1 then you'll get all pages that a user can actually see!
|
||
|
* 2^0 = show (1)
|
||
|
* 2^0 = show (1)
|
||
|
* 2^1 = edit (2)
|
||
|
* 2^1 = edit (2)
|
||
|
* 2^2 = delete (4)
|
||
|
* 2^2 = delete (4)
|
||
|
* 2^3 = new (8)
|
||
|
* 2^3 = new (8)
|
||
|
* If the user is 'admin' " 1=1" is returned (no effect)
|
||
|
* If the user is not set at all (->user is not an array), then " 1=0" is returned (will cause no selection results at all)
|
||
|
* The 95% use of this function is "->getPagePermsClause(1)" which will return WHERE clauses for *selecting* pages in backend listings - in other words this will check read permissions.
|
||
| ... | ... | |
|
* @param integer Permission mask to use, see function description
|
||
|
* @return string Part of where clause. Prefix " AND " to this.
|
||
|
*/
|
||
|
function getPagePermsClause($perms) {
|
||
|
function getPagePermsClause($perms) {
|
||
|
global $TYPO3_CONF_VARS;
|
||
|
if (is_array($this->user)) {
|
||
|
if (is_array($this->user)) {
|
||
|
if ($this->isAdmin()) {
|
||
|
if ($this->isAdmin()) {
|
||
|
return ' 1=1';
|
||
|
}
|
||
|
$perms = intval($perms); // Make sure it's integer.
|
||
|
$perms = intval($perms); // Make sure it's integer.
|
||
|
$str= ' ('.
|
||
|
$str = ' (' .
|
||
|
'(pages.perms_everybody & '.$perms.' = '.$perms.')'. // Everybody
|
||
|
'(pages.perms_everybody & ' . $perms . ' = ' . $perms . ')' . // Everybody
|
||
|
' OR (pages.perms_userid = '.$this->user['uid'].' AND pages.perms_user & '.$perms.' = '.$perms.')'; // User
|
||
|
' OR (pages.perms_userid = ' . $this->user['uid'] . ' AND pages.perms_user & ' . $perms . ' = ' . $perms . ')'; // User
|
||
|
if ($this->groupList) {
|
||
|
if ($this->groupList) {
|
||
|
$str.= ' OR (pages.perms_groupid in ('.$this->groupList.') AND pages.perms_group & '.$perms.' = '.$perms.')'; // Group (if any is set)
|
||
|
$str .= ' OR (pages.perms_groupid in (' . $this->groupList . ') AND pages.perms_group & ' . $perms . ' = ' . $perms . ')'; // Group (if any is set)
|
||
|
}
|
||
|
$str.=')';
|
||
|
$str .= ')';
|
||
|
// ****************
|
||
|
// getPagePermsClause-HOOK
|
||
|
// ****************
|
||
|
// ****************
|
||
|
// getPagePermsClause-HOOK
|
||
|
// ****************
|
||
|
if (is_array($TYPO3_CONF_VARS['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['getPagePermsClause'])) {
|
||
|
foreach($TYPO3_CONF_VARS['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['getPagePermsClause'] as $_funcRef) {
|
||
|
foreach ($TYPO3_CONF_VARS['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['getPagePermsClause'] as $_funcRef) {
|
||
|
$_params = array('currentClause' => $str, 'perms' => $perms);
|
||
|
$str = t3lib_div::callUserFunction($_funcRef, $_params, $this);
|
||
|
}
|
||
| ... | ... | |
|
* @param array Input page row with all perms_* fields available.
|
||
|
* @return integer Bitwise representation of the users permissions in relation to input page row, $row
|
||
|
*/
|
||
|
function calcPerms($row) {
|
||
|
function calcPerms($row) {
|
||
|
global $TYPO3_CONF_VARS;
|
||
|
if ($this->isAdmin()) {return 31;} // Return 31 for admin users.
|
||
|
if ($this->isAdmin()) {
|
||
|
return 31;
|
||
|
} // Return 31 for admin users.
|
||
|
$out=0;
|
||
|
$out = 0;
|
||
|
if (isset($row['perms_userid']) && isset($row['perms_user']) && isset($row['perms_groupid']) && isset($row['perms_group']) && isset($row['perms_everybody']) && isset($this->groupList)) {
|
||
|
if (isset($row['perms_userid']) && isset($row['perms_user']) && isset($row['perms_groupid']) && isset($row['perms_group']) && isset($row['perms_everybody']) && isset($this->groupList)) {
|
||
|
if ($this->user['uid']==$row['perms_userid']) {
|
||
|
if ($this->user['uid'] == $row['perms_userid']) {
|
||
|
$out|=$row['perms_user'];
|
||
|
$out |= $row['perms_user'];
|
||
|
}
|
||
|
if ($this->isMemberOfGroup($row['perms_groupid'])) {
|
||
|
if ($this->isMemberOfGroup($row['perms_groupid'])) {
|
||
|
$out|=$row['perms_group'];
|
||
|
$out |= $row['perms_group'];
|
||
|
}
|
||
|
$out|=$row['perms_everybody'];
|
||
|
$out |= $row['perms_everybody'];
|
||
|
}
|
||
|
// ****************
|
||
|
// CALCPERMS hook
|
||
|
// ****************
|
||
|
// ****************
|
||
|
// CALCPERMS hook
|
||
|
// ****************
|
||
|
if (is_array($TYPO3_CONF_VARS['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['calcPerms'])) {
|
||
|
foreach($TYPO3_CONF_VARS['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['calcPerms'] as $_funcRef) {
|
||
|
foreach ($TYPO3_CONF_VARS['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['calcPerms'] as $_funcRef) {
|
||
|
$_params = array(
|
||
|
'row' => $row,
|
||
|
'outputPermissions' => $out
|
||
| ... | ... | |
|
*
|
||
|
* @return boolean
|
||
|
*/
|
||
|
function isRTE() {
|
||
|
function isRTE() {
|
||
|
global $CLIENT;
|
||
|
// Start:
|
||
|
$this->RTE_errors = array();
|
||
|
if (!$this->uc['edit_RTE'])
|
||
|
if (!$this->uc['edit_RTE']) {
|
||
|
$this->RTE_errors[] = 'RTE is not enabled for user!';
|
||
|
if (!$GLOBALS['TYPO3_CONF_VARS']['BE']['RTEenabled'])
|
||
|
}
|
||
|
if (!$GLOBALS['TYPO3_CONF_VARS']['BE']['RTEenabled']) {
|
||
|
$this->RTE_errors[] = 'RTE is not enabled in $TYPO3_CONF_VARS["BE"]["RTEenabled"]';
|
||
|
}
|
||
|
// Acquire RTE object:
|
||
|
$RTE = t3lib_BEfunc::RTEgetObj();
|
||
|
if (!is_object($RTE)) {
|
||
|
if (!is_object($RTE)) {
|
||
|
$this->RTE_errors = array_merge($this->RTE_errors, $RTE);
|
||
|
}
|
||
|
if (!count($this->RTE_errors)) {
|
||
|
if (!count($this->RTE_errors)) {
|
||
|
return TRUE;
|
||
|
} else {
|
||
|
return FALSE;
|
||
| ... | ... | |
|
* @param string Auth mode keyword (explicitAllow, explicitDeny, individual)
|
||
|
* @return boolean True or false whether access is granted or not.
|
||
|
*/
|
||
|
function checkAuthMode($table,$field,$value,$authMode) {
|
||
|
function checkAuthMode($table, $field, $value, $authMode) {
|
||
|
global $TCA;
|
||
|
// Admin users can do anything:
|
||
|
if ($this->isAdmin()) return TRUE;
|
||
|
if ($this->isAdmin()) {
|
||
|
return TRUE;
|
||
|
}
|
||
|
// Allow all blank values:
|
||
|
if (!strcmp($value,'')) return TRUE;
|
||
|
if (!strcmp($value, '')) {
|
||
|
return TRUE;
|
||
|
}
|
||
|
// Certain characters are not allowed in the value
|
||
|
if (preg_match('/[:|,]/',$value)) {
|
||
|
if (preg_match('/[:|,]/', $value)) {
|
||
|
return FALSE;
|
||
|
}
|
||
|
// Initialize:
|
||
|
$testValue = $table.':'.$field.':'.$value;
|
||
|
$testValue = $table . ':' . $field . ':' . $value;
|
||
|
$out = TRUE;
|
||
|
// Checking value:
|
||
|
switch((string)$authMode) {
|
||
|
switch ((string) $authMode) {
|
||
|
case 'explicitAllow':
|
||
|
if (!$this->inList($this->groupData['explicit_allowdeny'],$testValue.':ALLOW')) {
|
||
|
if (!$this->inList($this->groupData['explicit_allowdeny'], $testValue . ':ALLOW')) {
|
||
|
$out = FALSE;
|
||
|
}
|
||
|
break;
|
||
|
case 'explicitDeny':
|
||
|
if ($this->inList($this->groupData['explicit_allowdeny'],$testValue.':DENY')) {
|
||
|
if ($this->inList($this->groupData['explicit_allowdeny'], $testValue . ':DENY')) {
|
||
|
$out = FALSE;
|
||
|
}
|
||
|
break;
|
||
|
case 'individual':
|
||
|
t3lib_div::loadTCA($table);
|
||
|
if (is_array($TCA[$table]) && is_array($TCA[$table]['columns'][$field])) {
|
||
|
if (is_array($TCA[$table]) && is_array($TCA[$table]['columns'][$field])) {
|
||
|
$items = $TCA[$table]['columns'][$field]['config']['items'];
|
||
|
if (is_array($items)) {
|
||
|
if (is_array($items)) {
|
||
|
foreach($items as $iCfg) {
|
||
|
foreach ($items as $iCfg) {
|
||
|
if (!strcmp($iCfg[1],$value) && $iCfg[4]) {
|
||
|
if (!strcmp($iCfg[1], $value) && $iCfg[4]) {
|
||
|
switch((string)$iCfg[4]) {
|
||
|
switch ((string) $iCfg[4]) {
|
||
|
case 'EXPL_ALLOW':
|
||
|
if (!$this->inList($this->groupData['explicit_allowdeny'],$testValue.':ALLOW')) {
|
||
|
if (!$this->inList($this->groupData['explicit_allowdeny'], $testValue . ':ALLOW')) {
|
||
|
$out = FALSE;
|
||
|
}
|
||
|
break;
|
||
|
case 'EXPL_DENY':
|
||
|
if ($this->inList($this->groupData['explicit_allowdeny'],$testValue.':DENY')) {
|
||
|
if ($this->inList($this->groupData['explicit_allowdeny'], $testValue . ':DENY')) {
|
||
|
$out = FALSE;
|
||
|
}
|
||
|
break;
|
||
|
}
|
||
|
break;
|
||
|
break;
|
||
|
}
|
||
|
}
|
||
|
}
|
||
| ... | ... | |
|
* @param integer Language value to evaluate
|
||
|
* @return boolean Returns true if the language value is allowed, otherwise false.
|
||
|
*/
|
||
|
function checkLanguageAccess($langValue) {
|
||
|
function checkLanguageAccess($langValue) {
|
||
|
if (strcmp(trim($this->groupData['allowed_languages']),'')) { // The users language list must be non-blank - otherwise all languages are allowed.
|
||
|
if (strcmp(trim($this->groupData['allowed_languages']), '')) { // The users language list must be non-blank - otherwise all languages are allowed.
|
||
|
$langValue = intval($langValue);
|
||
|
if ($langValue != -1 && !$this->check('allowed_languages',$langValue)) { // Language must either be explicitly allowed OR the lang Value be "-1" (all languages)
|
||
|
if ($langValue != -1 && !$this->check('allowed_languages', $langValue)) { // Language must either be explicitly allowed OR the lang Value be "-1" (all languages)
|
||
|
return FALSE;
|
||
|
}
|
||
|
}
|
||
| ... | ... | |
|
/**
|
||
|
* Check if user has access to all existing localizations for a certain record
|
||
|
*
|
||
|
* @param string the table
|
||
|
* @param string the table
|
||
|
* @param array the current record
|
||
|
* @param array the current record
|
||
|
* @return boolean
|
||
|
*/
|
||
|
function checkFullLanguagesAccess($table, $record) {
|
||
|
$recordLocalizationAccess = $this->checkLanguageAccess(0);
|
||
|
if ($recordLocalizationAccess
|
||
|
&& (
|
||
|
t3lib_BEfunc::isTableLocalizable($table)
|
||
|
|| isset($GLOBALS['TCA'][$table]['ctrl']['transForeignTable'])
|
||
|
&& (
|
||
|
t3lib_BEfunc::isTableLocalizable($table)
|
||
|
|| isset($GLOBALS['TCA'][$table]['ctrl']['transForeignTable'])
|
||
|
)
|
||
|
) {
|
||
| ... | ... | |
|
);
|
||
|
if (is_array($recordLocalizations)) {
|
||
|
foreach($recordLocalizations as $localization) {
|
||
|
foreach ($recordLocalizations as $localization) {
|
||
|
$recordLocalizationAccess = $recordLocalizationAccess
|
||
|
&& $this->checkLanguageAccess($localization[$GLOBALS['TCA'][$l10nTable]['ctrl']['languageField']]);
|
||
|
&& $this->checkLanguageAccess($localization[$GLOBALS['TCA'][$l10nTable]['ctrl']['languageField']]);
|
||
|
if (!$recordLocalizationAccess) {
|
||
|
break;
|
||
|
}
|
||
| ... | ... | |
|
function recordEditAccessInternals($table, $idOrRow, $newRecord = FALSE, $deletedRecord = FALSE, $checkFullLanguageAccess = FALSE) {
|
||
|
global $TCA;
|
||
|
if (isset($TCA[$table])) {
|
||
|
if (isset($TCA[$table])) {
|
||
|
t3lib_div::loadTCA($table);
|
||
|
// Always return true for Admin users.
|
||
|
if ($this->isAdmin()) return TRUE;
|
||
|
if ($this->isAdmin()) {
|
||
|
return TRUE;
|
||
|
}
|
||
|
// Fetching the record if the $idOrRow variable was not an array on input:
|
||
|
if (!is_array($idOrRow)) {
|
||
|
if (!is_array($idOrRow)) {
|
||
|
if ($deletedRecord) {
|
||
|
$idOrRow = t3lib_BEfunc::getRecord($table, $idOrRow, '*', '', FALSE);
|
||
|
} else {
|
||
|
$idOrRow = t3lib_BEfunc::getRecord($table, $idOrRow);
|
||
|
}
|
||
|
if (!is_array($idOrRow)) {
|
||
|
if (!is_array($idOrRow)) {
|
||
|
$this->errorMsg = 'ERROR: Record could not be fetched.';
|
||
|
return FALSE;
|
||
|
}
|
||
|
}
|
||
|
// Checking languages:
|
||
|
if ($TCA[$table]['ctrl']['languageField']) {
|
||
|
if ($TCA[$table]['ctrl']['languageField']) {
|
||
|
if (isset($idOrRow[$TCA[$table]['ctrl']['languageField']])) { // Language field must be found in input row - otherwise it does not make sense.
|
||
|
if (isset($idOrRow[$TCA[$table]['ctrl']['languageField']])) { // Language field must be found in input row - otherwise it does not make sense.
|
||
|
if (!$this->checkLanguageAccess($idOrRow[$TCA[$table]['ctrl']['languageField']])) {
|
||
|
if (!$this->checkLanguageAccess($idOrRow[$TCA[$table]['ctrl']['languageField']])) {
|
||
|
$this->errorMsg = 'ERROR: Language was not allowed.';
|
||
|
return FALSE;
|
||
|
} elseif ($checkFullLanguageAccess && $idOrRow[$TCA[$table]['ctrl']['languageField']]==0 && !$this->checkFullLanguagesAccess($table, $idOrRow)) {
|
||
|
} elseif ($checkFullLanguageAccess && $idOrRow[$TCA[$table]['ctrl']['languageField']] == 0 && !$this->checkFullLanguagesAccess($table, $idOrRow)) {
|
||
|
$this->errorMsg = 'ERROR: Related/affected language was not allowed.';
|
||
|
return FALSE;
|
||
|
}
|
||
|
} else {
|
||
|
$this->errorMsg = 'ERROR: The "languageField" field named "'.$TCA[$table]['ctrl']['languageField'].'" was not found in testing record!';
|
||
|
$this->errorMsg = 'ERROR: The "languageField" field named "' . $TCA[$table]['ctrl']['languageField'] . '" was not found in testing record!';
|
||
|
return FALSE;
|
||
|
}
|
||
|
} elseif (isset($TCA[$table]['ctrl']['transForeignTable']) && $checkFullLanguageAccess && !$this->checkFullLanguagesAccess($table, $idOrRow)) {
|
||
| ... | ... | |
|
}
|
||
|
// Checking authMode fields:
|
||
|
if (is_array($TCA[$table]['columns'])) {
|
||
|
if (is_array($TCA[$table]['columns'])) {
|
||
|
foreach ($TCA[$table]['columns'] as $fieldName => $fieldValue) {
|
||
|
if (isset($idOrRow[$fieldName])) {
|
||
|
if ($fieldValue['config']['type'] == 'select' && $fieldValue['config']['authMode'] && !strcmp($fieldValue['config']['authMode_enforce'], 'strict')) {
|
||
| ... | ... | |
|
}
|
||
|
// Checking "editlock" feature (doesn't apply to new records)
|
||
|
if (!$newRecord && $TCA[$table]['ctrl']['editlock']) {
|
||
|
if (!$newRecord && $TCA[$table]['ctrl']['editlock']) {
|
||
|
if (isset($idOrRow[$TCA[$table]['ctrl']['editlock']])) {
|
||
|
if (isset($idOrRow[$TCA[$table]['ctrl']['editlock']])) {
|
||
|
if ($idOrRow[$TCA[$table]['ctrl']['editlock']]) {
|
||
|
if ($idOrRow[$TCA[$table]['ctrl']['editlock']]) {
|
||
|
$this->errorMsg = 'ERROR: Record was locked for editing. Only admin users can change this state.';
|
||
|
return FALSE;
|
||
|
}
|
||
|
} else {
|
||
|
$this->errorMsg = 'ERROR: The "editLock" field named "'.$TCA[$table]['ctrl']['editlock'].'" was not found in testing record!';
|
||
|
$this->errorMsg = 'ERROR: The "editLock" field named "' . $TCA[$table]['ctrl']['editlock'] . '" was not found in testing record!';
|
||
|
return FALSE;
|
||
|
}
|
||
|
}
|
||
|
// Checking record permissions
|
||
|
// THIS is where we can include a check for "perms_" fields for other records than pages...
|
||
|
// THIS is where we can include a check for "perms_" fields for other records than pages...
|
||
|
// Process any hooks
|
||
|
if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['recordEditAccessInternals'])) {
|
||
|
if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['recordEditAccessInternals'])) {
|
||
|
foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['recordEditAccessInternals'] as $funcRef) {
|
||
|
foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['recordEditAccessInternals'] as $funcRef) {
|
||
|
$params = array(
|
||
|
'table' => $table,
|
||
|
'idOrRow' => $idOrRow,
|
||
| ... | ... | |
|
$result = TRUE;
|
||
|
}
|
||
|
elseif ($tableName == 'pages') {
|
||
|
switch($actionType) {
|
||
|
switch ($actionType) {
|
||
|
case 'edit':
|
||
|
$result = ($compiledPermissions & 2) !== 0;
|
||
|
break;
|
||
|
break;
|
||
|
case 'new':
|
||
|
// Create new page OR page content
|
||
|
// Create new page OR page content
|
||
|
$result = ($compiledPermissions & (8 + 16)) !== 0;
|
||
|
break;
|
||
|
break;
|
||
|
case 'delete':
|
||
|
$result = ($compiledPermissions & 4) !== 0;
|
||
|
break;
|
||
|
break;
|
||
|
case 'editcontent':
|
||
|
$result = ($compiledPermissions & 16) !== 0;
|
||
|
break;
|
||
|
break;
|
||
|
default:
|
||
|
$result = FALSE;
|
||
|
}
|
||
| ... | ... | |
|
*
|
||
|
* @return boolean
|
||
|
*/
|
||
|
function mayMakeShortcut() {
|
||
|
function mayMakeShortcut() {
|
||
|
// "Shortcuts" have been renamed to "Bookmarks"
|
||
|
// @deprecated remove shortcuts code in TYPO3 4.7
|
||
|
return ($this->getTSConfigVal('options.enableShortcuts')
|
||
|
return ($this->getTSConfigVal('options.enableShortcuts')
|
||
|
|| $this->getTSConfigVal('options.enableBookmarks'))
|
||
|
&& (!$this->getTSConfigVal('options.mayNotCreateEditShortcuts')
|
||
|
&& (!$this->getTSConfigVal('options.mayNotCreateEditShortcuts')
|
||
|
&& !$this->getTSConfigVal('options.mayNotCreateEditBookmarks'));
|
||
|
&& !$this->getTSConfigVal('options.mayNotCreateEditBookmarks'));
|
||
|
}
|
||
|
/**
|
||
|
* Checking if editing of an existing record is allowed in current workspace if that is offline.
|
||
|
* Rules for editing in offline mode:
|
||
|
* - record supports versioning and is an offline version from workspace and has the corrent stage
|
||
|
* - record supports versioning and is an offline version from workspace and has the corrent stage
|
||
|
* - or record (any) is in a branch where there is a page which is a version from the workspace and where the stage is not preventing records
|
||
|
* - or record (any) is in a branch where there is a page which is a version from the workspace and where the stage is not preventing records
|
||
|
*
|
||
|
* @param string Table of record
|
||
|
* @param array Integer (record uid) or array where fields are at least: pid, t3ver_wsid, t3ver_stage (if versioningWS is set)
|
||
|
* @return string String error code, telling the failure state. FALSE=All ok
|
||
|
*/
|
||
|
function workspaceCannotEditRecord($table,$recData) {
|
||
|
function workspaceCannotEditRecord($table, $recData) {
|
||
|
if ($this->workspace!==0) { // Only test offline spaces:
|
||
|
if ($this->workspace !== 0) { // Only test offline spaces:
|
||
|
if (!is_array($recData)) {
|
||
|
if (!is_array($recData)) {
|
||
|
$recData = t3lib_BEfunc::getRecord($table,$recData,'pid'.($GLOBALS['TCA'][$table]['ctrl']['versioningWS']?',t3ver_wsid,t3ver_stage':''));
|
||
|
$recData = t3lib_BEfunc::getRecord($table, $recData, 'pid' . ($GLOBALS['TCA'][$table]['ctrl']['versioningWS'] ? ',t3ver_wsid,t3ver_stage' : ''));
|
||
|
}
|
||
|
if (is_array($recData)) {
|
||
|
if (is_array($recData)) {
|
||
|
if ((int)$recData['pid']===-1) { // We are testing a "version" (identified by a pid of -1): it can be edited provided that workspace matches and versioning is enabled for the table.
|
||
|
if ((int) $recData['pid'] === -1) { // We are testing a "version" (identified by a pid of -1): it can be edited provided that workspace matches and versioning is enabled for the table.
|
||
|
if (!$GLOBALS['TCA'][$table]['ctrl']['versioningWS']) { // No versioning, basic error, inconsistency even! Such records should not have a pid of -1!
|
||
|
if (!$GLOBALS['TCA'][$table]['ctrl']['versioningWS']) { // No versioning, basic error, inconsistency even! Such records should not have a pid of -1!
|
||
|
return 'Versioning disabled for table';
|
||
|
} elseif ((int)$recData['t3ver_wsid']!==$this->workspace) { // So does workspace match?
|
||
|
} elseif ((int) $recData['t3ver_wsid'] !== $this->workspace) { // So does workspace match?
|
||
|
return 'Workspace ID of record didn\'t match current workspace';
|
||
|
} else { // So what about the stage of the version, does that allow editing for this user?
|
||
|
} else { // So what about the stage of the version, does that allow editing for this user?
|
||
|
return $this->workspaceCheckStageForCurrent($recData['t3ver_stage']) ? FALSE : 'Record stage "'.$recData['t3ver_stage'].'" and users access level did not allow for editing';
|
||
|
return $this->workspaceCheckStageForCurrent($recData['t3ver_stage']) ? FALSE : 'Record stage "' . $recData['t3ver_stage'] . '" and users access level did not allow for editing';
|
||
|
}
|
||
|
} else { // We are testing a "live" record:
|
||
|
} else { // We are testing a "live" record:
|
||
|
if ($res = $this->workspaceAllowLiveRecordsInPID($recData['pid'], $table)) { // For "Live" records, check that PID for table allows editing
|
||
|
if ($res = $this->workspaceAllowLiveRecordsInPID($recData['pid'], $table)) { // For "Live" records, check that PID for table allows editing
|
||
|
// Live records are OK in this branch, but what about the stage of branch point, if any:
|
||
|
// Live records are OK in this branch, but what about the stage of branch point, if any:
|
||
|
return $res>0 ? FALSE : 'Stage for versioning root point and users access level did not allow for editing'; // OK
|
||
|
return $res > 0 ? FALSE : 'Stage for versioning root point and users access level did not allow for editing'; // OK
|
||
|
} else { // If not offline and not in versionized branch, output error:
|
||
|
} else { // If not offline and not in versionized branch, output error:
|
||
|
return 'Online record was not in versionized branch!';
|
||
|
}
|
||
|
}
|
||
|
} else return 'No record';
|
||
|
} else {
|
||
|
} else {
|
||
|
return 'No record';
|
||
|
}
|
||
|
} else {
|
||
|
return FALSE; // OK because workspace is 0
|
||
|
return FALSE; // OK because workspace is 0
|
||
|
}
|
||
|
}
|
||
| ... | ... | |
|
* @return string String error code, telling the failure state. FALSE=All ok
|
||
|
* @see workspaceCannotEditRecord()
|
||
|
*/
|
||
|
function workspaceCannotEditOfflineVersion($table,$recData) {
|
||
|
function workspaceCannotEditOfflineVersion($table, $recData) {
|
||
|
if ($GLOBALS['TCA'][$table]['ctrl']['versioningWS']) {
|
||
|
if ($GLOBALS['TCA'][$table]['ctrl']['versioningWS']) {
|
||
|
if (!is_array($recData)) {
|
||
|
if (!is_array($recData)) {
|
||
|
$recData = t3lib_BEfunc::getRecord($table,$recData,'uid,pid,t3ver_wsid,t3ver_stage');
|
||
|
$recData = t3lib_BEfunc::getRecord($table, $recData, 'uid,pid,t3ver_wsid,t3ver_stage');
|
||
|
}
|
||
|
if (is_array($recData)) {
|
||
|
if (is_array($recData)) {
|
||
|
if ((int)$recData['pid']===-1) {
|
||
|
if ((int) $recData['pid'] === -1) {
|
||
|
return $this->workspaceCannotEditRecord($table,$recData);
|
||
|
return $this->workspaceCannotEditRecord($table, $recData);
|
||
|
} else return 'Not an offline version';
|
||
|
} else return 'No record';
|
||
|
} else return 'Table does not support versioning.';
|
||
|
} else {
|
||
|
return 'Not an offline version';
|
||
|
}
|
||
|
}
|
||
|
} else {
|
||
|
return 'No record';
|
||
|
}
|
||
|
} else {
|
||
|
return 'Table does not support versioning.';
|
||
|
}
|
||
|
}
|
||
|
/**
|
||
|
* Check if "live" records from $table may be created or edited in this PID.
|
||
| ... | ... | |
|
* @param string Table name
|
||
|
* @return mixed Returns FALSE if a live record cannot be created and must be versionized in order to do so. 2 means a) Workspace is "Live" or workspace allows "live edit" of records from non-versionized tables (and the $table is not versionizable). 1 and -1 means the pid is inside a versionized branch where -1 means that the branch-point did NOT allow a new record according to its state.
|
||
|
*/
|
||
|
function workspaceAllowLiveRecordsInPID($pid, $table) {
|
||
|
function workspaceAllowLiveRecordsInPID($pid, $table) {
|
||
|
// Always for Live workspace AND if live-edit is enabled and tables are completely without versioning it is ok as well.
|
||
|
if ($this->workspace===0 || ($this->workspaceRec['live_edit'] && !$GLOBALS['TCA'][$table]['ctrl']['versioningWS']) || $GLOBALS['TCA'][$table]['ctrl']['versioningWS_alwaysAllowLiveEdit']) {
|
||
|
if ($this->workspace === 0 || ($this->workspaceRec['live_edit'] && !$GLOBALS['TCA'][$table]['ctrl']['versioningWS']) || $GLOBALS['TCA'][$table]['ctrl']['versioningWS_alwaysAllowLiveEdit']) {
|
||
|
return 2; // OK to create for this table.
|
||
|
return 2; // OK to create for this table.
|
||
|
} elseif (t3lib_BEfunc::isPidInVersionizedBranch($pid, $table)) { // Check if records from $table can be created with this PID: Either if inside "branch" versioning type or a "versioning_followPages" table on a "page" versioning type.
|
||
|
} elseif (t3lib_BEfunc::isPidInVersionizedBranch($pid, $table)) { // Check if records from $table can be created with this PID: Either if inside "branch" versioning type or a "versioning_followPages" table on a "page" versioning type.
|
||
|
// Now, check what the stage of that "page" or "branch" version type is:
|
||
|
$stage = t3lib_BEfunc::isPidInVersionizedBranch($pid, $table, TRUE);
|
||
|
return $this->workspaceCheckStageForCurrent($stage) ? 1 : -1;
|
||
|
} else {
|
||
|
return FALSE; // If the answer is FALSE it means the only valid way to create or edit records in the PID is by versioning
|
||
|
return FALSE; // If the answer is FALSE it means the only valid way to create or edit records in the PID is by versioning
|
||
|
}
|
||
|
}
|
||
| ... | ... | |
|
* @param string Table name
|
||
|
* @return boolean TRUE if OK.
|
||
|
*/
|
||
|
function workspaceCreateNewRecord($pid, $table) {
|
||
|
function workspaceCreateNewRecord($pid, $table) {
|
||
|
if ($res = $this->workspaceAllowLiveRecordsInPID($pid,$table)) { // If LIVE records cannot be created in the current PID due to workspace restrictions, prepare creation of placeholder-record
|
||
|
if ($res = $this->workspaceAllowLiveRecordsInPID($pid, $table)) { // If LIVE records cannot be created in the current PID due to workspace restrictions, prepare creation of placeholder-record
|
||
|
if ($res<0) {
|
||
|
if ($res < 0) {
|
||
|
return FALSE; // Stage for versioning root point and users access level did not allow for editing
|
||
|
return FALSE; // Stage for versioning root point and users access level did not allow for editing
|
||
|
}
|
||
|
} elseif (!$GLOBALS['TCA'][$table]['ctrl']['versioningWS']) { // So, if no live records were allowed, we have to create a new version of this record:
|
||
|
} elseif (!$GLOBALS['TCA'][$table]['ctrl']['versioningWS']) { // So, if no live records were allowed, we have to create a new version of this record:
|
||
|
return FALSE;
|
||
|
}
|
||
|
return TRUE;
|
||
| ... | ... | |
|
* @param integer PID of record
|
||
|
* @return boolean TRUE if ok.
|
||
|
*/
|
||
|
function workspaceAllowAutoCreation($table,$id,$recpid) {
|
||
|
function workspaceAllowAutoCreation($table, $id, $recpid) {
|
||
|
// Auto-creation of version: In offline workspace, test if versioning is enabled and look for workspace version of input record. If there is no versionized record found we will create one and save to that.
|
||
|
if ($this->workspace!==0 // Only in draft workspaces
|
||
|
if ($this->workspace !== 0 // Only in draft workspaces
|
||
|
&& !$this->workspaceRec['disable_autocreate'] // Auto-creation must not be disabled.
|
||
|
&& !$this->workspaceRec['disable_autocreate'] // Auto-creation must not be disabled.
|
||
|
&& $GLOBALS['TCA'][$table]['ctrl']['versioningWS'] // Table must be versionizable
|
||
|
&& $GLOBALS['TCA'][$table]['ctrl']['versioningWS'] // Table must be versionizable
|
||
|
&& $recpid >= 0 // The PID of the record must NOT be -1 or less (would indicate that it already was a version!)
|
||
|
&& $recpid >= 0 // The PID of the record must NOT be -1 or less (would indicate that it already was a version!)
|
||
|
&& !t3lib_BEfunc::getWorkspaceVersionOfRecord($this->workspace, $table, $id, 'uid') // There must be no existing version of this record in workspace.
|
||
|
&& !t3lib_BEfunc::getWorkspaceVersionOfRecord($this->workspace, $table, $id, 'uid') // There must be no existing version of this record in workspace.
|
||
|
&& !t3lib_BEfunc::isPidInVersionizedBranch($recpid, $table)) { // PID must NOT be in a versionized branch either
|
||
|
&& !t3lib_BEfunc::isPidInVersionizedBranch($recpid, $table)) { // PID must NOT be in a versionized branch either
|
||
|
return TRUE;
|
||
|
return TRUE;
|
||
|
}
|
||
|
}
|
||
| ... | ... | |
|
* @param integer Stage id from an element: -1,0 = editing, 1 = reviewer, >1 = owner
|
||
|
* @return boolean TRUE if user is allowed access
|
||
|
*/
|
||
|
function workspaceCheckStageForCurrent($stage) {
|
||
|
function workspaceCheckStageForCurrent($stage) {
|
||
|
if ($this->isAdmin()) return TRUE;
|
||
|
if ($this->isAdmin()) {
|
||
|
return TRUE;
|
||
|
}
|
||
|
if ($this->workspace>0) {
|
||
|
if ($this->workspace > 0) {
|
||
|
$stat = $this->checkWorkspaceCurrent();
|
||
|
// Check if custom staging is activated
|
||
|
$workspaceRec = t3lib_BEfunc::getRecord('sys_workspace', $stat['uid']);
|
||
|
if ($workspaceRec['custom_stages'] > 0 && $stage !== '0' && $stage !== '-10') {
|
||
|
if ($workspaceRec['custom_stages'] > 0 && $stage !== '0' && $stage !== '-10') {
|
||
|
// Get custom stage record
|
||
|
$workspaceStageRec = t3lib_BEfunc::getRecord('sys_workspace_stage', $stage);
|
||
|
// Check if the user is responsible for the current stage
|
||
|
if ((t3lib_div::inList($workspaceStageRec['responsible_persons'], 'be_users_' . $this->user['uid'])
|
||
|
&& $stat['_ACCESS'] === 'member')
|
||
|
&& $stat['_ACCESS'] === 'member')
|
||
|
|| $stat['_ACCESS'] === 'owner') {
|
||
|
return TRUE; // OK for these criteria
|
||
|
}
|
||
| ... | ... | |
|
// Check if the user is in a group which is responsible for the current stage
|
||
|
foreach ($this->userGroupsUID as $groupUid) {
|
||
|
if ((t3lib_div::inList($workspaceStageRec['responsible_persons'], 'be_groups_' . $groupUid)
|
||
|
&& $stat['_ACCESS'] === 'member')
|
||
|
&& $stat['_ACCESS'] === 'member')
|
||
|
|| $stat['_ACCESS'] === 'owner') {
|
||
|
return TRUE; // OK for these criteria
|
||
|
}
|
||
| ... | ... | |
|
} else {
|
||
|
$memberStageLimit = $this->workspaceRec['review_stage_edit'] ? 1 : 0;
|
||
|
if (($stage <= $memberStageLimit && $stat['_ACCESS'] === 'member')
|
||
|
|| ($stage <= 1 && $stat['_ACCESS'] === 'reviewer')
|
||
|
|| $stat['_ACCESS'] === 'owner') {
|
||
|
|| ($stage <= 1 && $stat['_ACCESS'] === 'reviewer')
|
||
|
|| $stat['_ACCESS'] === 'owner') {
|
||
|
return TRUE; // OK for these criteria
|
||
|
return TRUE; // OK for these criteria
|
||
|
}
|
||
|
}
|
||
|
} else return TRUE; // Always OK for live and draft workspaces.
|
||
|
} else {
|
||
|
return TRUE;
|
||
|
} // Always OK for live and draft workspaces.
|
||
|
}
|
||
|
/**
|
||
| ... | ... | |
|
* @param integer Workspace UID; -1,0,1+
|
||
|
* @return boolean Returns TRUE if the user has access to publish content from the workspace ID given.
|
||
|
*/
|
||
|
function workspacePublishAccess($wsid) {
|
||
|
function workspacePublishAccess($wsid) {
|
||
|
if ($this->isAdmin()) return TRUE;
|
||
|
if ($this->isAdmin()) {
|
||
|
return TRUE;
|
||
|
}
|
||
|
// If no access to workspace, of course you cannot publish!
|
||
|
$retVal = FALSE;
|
||
|
$wsAccess = $this->checkWorkspace($wsid);
|
||
|
if ($wsAccess) {
|
||
|
if ($wsAccess) {
|
||
|
switch($wsAccess['uid']) {
|
||
|
switch ($wsAccess['uid']) {
|
||
|
case 0: // Live workspace
|
||
|
case 0: // Live workspace
|
||
|
$retVal = TRUE; // If access to Live workspace, no problem.
|
||
|
$retVal = TRUE; // If access to Live workspace, no problem.
|
||
|
break;
|
||
|
case -1: // Default draft workspace
|
||
|
case -1: // Default draft workspace
|
||
|
$retVal = $this->checkWorkspace(0) ? TRUE : FALSE; // If access to Live workspace, no problem.
|
||
|
$retVal = $this->checkWorkspace(0) ? TRUE : FALSE; // If access to Live workspace, no problem.
|
||
|
break;
|
||
|
default: // Custom workspace
|
||
|
default: // Custom workspace
|
||
|
$retVal = $wsAccess['_ACCESS'] === 'owner' || ($this->checkWorkspace(0) && !($wsAccess['publish_access']&2)); // Either be an adminuser OR have access to online workspace which is OK as well as long as publishing access is not limited by workspace option.
|
||
|
$retVal = $wsAccess['_ACCESS'] === 'owner' || ($this->checkWorkspace(0) && !($wsAccess['publish_access'] & 2)); // Either be an adminuser OR have access to online workspace which is OK as well as long as publishing access is not limited by workspace option.
|
||
|
break;
|
||
|
}
|
||
|
}
|
||
| ... | ... | |
|
*
|
||
|
* @return boolean Returns TRUE if records can be swapped in the current workspace, otherwise false
|
||
|
*/
|
||
|
function workspaceSwapAccess() {
|
||
|
function workspaceSwapAccess() {
|
||
|
if ($this->workspace>0 && (int)$this->workspaceRec['swap_modes']===2) {
|
||
|
if ($this->workspace > 0 && (int) $this->workspaceRec['swap_modes'] === 2) {
|
||
|
return FALSE;
|
||
|
} else return TRUE;
|
||
|
} else {
|
||
|
return TRUE;
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
/**
|
||
|
* Workspace Versioning type access. Check wether the requsted type of versioning (element/page/branch) is allowd in current workspace
|
||
| ... | ... | |
|
* >1 = branch (deprecated), indicating the "nesting" level
|
||
|
* @return boolean TRUE if OK
|
||
|
*/
|
||
|
function workspaceVersioningTypeAccess($type) {
|
||
|
function workspaceVersioningTypeAccess($type) {
|
||
|
$retVal = FALSE;
|
||
|
$type = t3lib_div::intInRange($type,-1);
|
||
|
$type = t3lib_div::intInRange($type, -1);
|
||
|
// Check if only element versioning is allowed:
|
||
|
if ($GLOBALS['TYPO3_CONF_VARS']['BE']['elementVersioningOnly'] && $type!=-1) {
|
||
|
if ($GLOBALS['TYPO3_CONF_VARS']['BE']['elementVersioningOnly'] && $type != -1) {
|
||
|
return FALSE;
|
||
|
}
|
||
|
if ($this->workspace>0 && !$this->isAdmin()) {
|
||
|
if ($this->workspace > 0 && !$this->isAdmin()) {
|
||
|
$stat = $this->checkWorkspaceCurrent();
|
||
|
if ($stat['_ACCESS']!=='owner') {
|
||
|
if ($stat['_ACCESS'] !== 'owner') {
|
||
|
switch((int)$type) {
|
||
|
switch ((int) $type) {
|
||
|
case -1:
|
||
|
$retVal = $this->workspaceRec['vtypes']&1 ? FALSE : TRUE;
|
||
|
$retVal = $this->workspaceRec['vtypes'] & 1 ? FALSE : TRUE;
|
||
|
break;
|
||
|
case 0:
|
||
|
$retVal = $this->workspaceRec['vtypes']&2 ? FALSE : TRUE;
|
||
|
$retVal = $this->workspaceRec['vtypes'] & 2 ? FALSE : TRUE;
|
||
|
break;
|
||
|
default:
|
||
|
$retVal = $this->workspaceRec['vtypes']&4 ? FALSE : TRUE;
|
||
|
$retVal = $this->workspaceRec['vtypes'] & 4 ? FALSE : TRUE;
|
||
|
break;
|
||
|
}
|
||
|
} else $retVal = TRUE;
|
||
|
} else $retVal = TRUE;
|
||
|
} else {
|
||
|
$retVal = TRUE;
|
||
|
}
|
||
|
} else {
|
||
|
$retVal = TRUE;
|
||
|
}
|
||
|
return $retVal;
|
||
|
}
|
||
| ... | ... | |
|
* @param integer Versioning type to evaluation: -1, 0, >1
|
||
|
* @return integer Returning versioning type
|
||
|
*/
|
||
|
function workspaceVersioningTypeGetClosest($type) {
|
||
|
function workspaceVersioningTypeGetClosest($type) {
|
||
|
$type = t3lib_div::intInRange($type,-1);
|
||
|
$type = t3lib_div::intInRange($type, -1);
|
||
|
if ($this->workspace>0) {
|
||
|
if ($this->workspace > 0) {
|
||
|
switch((int)$type) {
|
||
|
switch ((int) $type) {
|
||
|
case -1:
|
||
|
$type = -1;
|
||
|
break;
|
||
| ... | ... | |
|
}
|
||
|
/*************************************
|
||
|
*
|
||
|
* Miscellaneous functions
|
||
| ... | ... | |
|
* @return array An array with two keys, "value" and "properties" where "value" is a string with the value of the objectsting and "properties" is an array with the properties of the objectstring.
|
||
|
* @params array An array with the TypoScript where the $objectString is located. If this argument is not an array, then internal ->userTS (User TSconfig for the current BE_USER) will be used instead.
|
||
|
*/
|
||
|
function getTSConfig($objectString,$config='') {
|
||
|
function getTSConfig($objectString, $config = '') {
|
||
|
if (!is_array($config)) {
|
||
|
if (!is_array($config)) {
|
||
|
$config=$this->userTS; // Getting Root-ts if not sent
|
||
|
$config = $this->userTS; // Getting Root-ts if not sent
|
||
|
}
|
||
|
$TSConf=array();
|
||
|
$TSConf = array();
|
||
|
$parts = explode('.',$objectString,2);
|
||
|
$parts = explode('.', $objectString, 2);
|
||
|
$key = $parts[0];
|
||
|
if (trim($key)) {
|
||
|
if (trim($key)) {
|
||
|
if (count($parts)>1 && trim($parts[1])) {
|
||
|
if (count($parts) > 1 && trim($parts[1])) {
|
||
|
// Go on, get the next level
|
||
|
// Go on, get the next level
|
||
|
if (is_array($config[$key.'.'])) $TSConf = $this->getTSConfig($parts[1],$config[$key.'.']);
|
||
|
if (is_array($config[$key . '.'])) {
|
||
|
$TSConf = $this->getTSConfig($parts[1], $config[$key . '.']);
|
||
|
}
|
||
|
} else {
|
||
|
$TSConf['value']=$config[$key];
|
||
|
$TSConf['value'] = $config[$key];
|
||
|
$TSConf['properties']=$config[$key.'.'];
|
||
|
$TSConf['properties'] = $config[$key . '.'];
|
||
|
}
|
||
|
}
|
||
|
return $TSConf;
|
||
| ... | ... | |
|
* @return string The value for that object string (object path)
|
||
|
* @see getTSConfig()
|
||
|
*/
|
||
|
function getTSConfigVal($objectString) {
|
||
|
function getTSConfigVal($objectString) {
|
||
|
$TSConf = $this->getTSConfig($objectString);
|
||
|
return $TSConf['value'];
|
||
|
}
|
||
| ... | ... | |
|
* @return array The properties for that object string (object path) - if any
|
||
|
* @see getTSConfig()
|
||
|
*/
|
||
|
function getTSConfigProp($objectString) {
|
||
|
function getTSConfigProp($objectString) {
|
||
|
$TSConf = $this->getTSConfig($objectString);
|
||
|
return $TSConf['properties'];
|
||
|
}
|
||
| ... | ... | |
|
* @param string The string to find in the list of items
|
||
|
* @return string Boolean
|
||
|
*/
|
||
|
function inList($in_list,$item) {
|
||
|
function inList($in_list, $item) {
|
||
|
return strstr(','.$in_list.',', ','.$item.',');
|
||
|
return strstr(',' . $in_list . ',', ',' . $item . ',');
|
||
|
}
|
||
|
/**
|
||
| ... | ... | |
|
*
|
||
|
* @return array
|
||
|
*/
|
||
|
function returnWebmounts() {
|
||
|
function returnWebmounts() {
|
||
|
return (string)($this->groupData['webmounts'])!='' ? explode(',',$this->groupData['webmounts']) : Array();
|
||
|
return (string) ($this->groupData['webmounts']) != '' ? explode(',', $this->groupData['webmounts']) : array();
|
||
|
}
|
||
|
/**
|
||
| ... | ... | |
|
*
|
||
|
* @return array
|
||
|
*/
|
||
|
function returnFilemounts() {
|
||
|
function returnFilemounts() {
|
||
|
return $this->groupData['filemounts'];
|
||
|
}
|
||
| ... | ... | |
|
* Permissions of the user and groups the user is a member of were combined by a logical OR.
|
||
|
*
|
||
|
* Meaning of each bit:
|
||
|
* 1 - Files: Upload,Copy,Move,Delete,Rename
|
||
|
* 1 - Files: Upload,Copy,Move,Delete,Rename
|
||
|
* 2 - Files: Unzip
|
||
|
* 2 - Files: Unzip
|
||
|
* 4 - Directory: Move,Delete,Rename,New
|
||
|
* 4 - Directory: Move,Delete,Rename,New
|
||
|
* 8 - Directory: Copy
|
||
|
* 8 - Directory: Copy
|
||
|
* 16 - Directory: Delete recursively (rm -Rf)
|
||
|
* 16 - Directory: Delete recursively (rm -Rf)
|
||
|
*
|
||
|
* @return integer File operation permission bitmask
|
||
|
*/
|
||
| ... | ... | |
|
* Returns true or false, depending if an alert popup (a javascript confirmation) should be shown
|
||
|
* call like $GLOBALS['BE_USER']->jsConfirmation($BITMASK)
|
||
|
*
|
||
|
* 1 - typeChange
|
||
|
* 1 - typeChange
|
||
|
* 2 - copy/move/paste
|
||
|
* 2 - copy/move/paste
|
||
|
* 4 - delete
|
||
|
* 4 - delete
|
||
|
* 8 - frontend editing
|
||
|
* 8 - frontend editing
|
||
|
* 128 - other (not used yet)
|
||
|
* 128 - other (not used yet)
|
||
|
*
|
||
|
* @param integer Bitmask
|
||
|
* @return boolean true if the confirmation should be shown
|
||
|
*/
|
||
|
function jsConfirmation($bitmask) {
|
||
|
function jsConfirmation($bitmask) {
|
||
|
$alertPopup = $GLOBALS['BE_USER']->getTSConfig('options.alertPopups');
|
||
|
$alertPopup = $GLOBALS['BE_USER']->getTSConfig('options.alertPopups');
|
||
|
if (empty($alertPopup['value'])) {
|
||
|
if (empty($alertPopup['value'])) {
|
||
|
$alertPopup = 255; // default: show all warnings
|
||
|
$alertPopup = 255; // default: show all warnings
|
||
|
} else {
|
||
|
} else {
|
||
|
$alertPopup = (int)$alertPopup['value'];
|
||
|
$alertPopup = (int) $alertPopup['value'];
|
||
|
}
|
||
|
}
|
||
|
if(($alertPopup&$bitmask) == $bitmask) { // show confirmation
|
||
|
if (($alertPopup & $bitmask) == $bitmask) { // show confirmation
|
||
|
return 1;
|
||
|
} else { // don't show confirmation
|
||
|
return 0;
|
||
|
}
|
||
|
}
|
||
|
return 1;
|
||
|
} else { // don't show confirmation
|
||
|
return 0;
|
||
|
}
|
||
|
}
|
||
|
/*************************************
|
||
|
*
|
||
|
* Authentication methods
|
||
| ... | ... | |
|
* @access private
|
||
|
* @see t3lib_TSparser
|
||
|
*/
|
||
|
function fetchGroupData() {
|
||
|
function fetchGroupData() {
|
||
|
if ($this->user['uid']) {
|
||
|
if ($this->user['uid']) {
|
||
|
// Get lists for the be_user record and set them as default/primary values.
|
||
|
$this->dataLists['modList'] = $this->user['userMods']; // Enabled Backend Modules
|
||
|
$this->dataLists['modList'] = $this->user['userMods']; // Enabled Backend Modules
|
||
|
$this->dataLists['allowed_languages'] = $this->user['allowed_languages']; // Add Allowed Languages
|
||
|
$this->dataLists['allowed_languages'] = $this->user['allowed_languages']; // Add Allowed Languages
|
||
|
$this->dataLists['workspace_perms'] = $this->user['workspace_perms']; // Set user value for workspace permissions.
|
||
|
$this->dataLists['workspace_perms'] = $this->user['workspace_perms']; // Set user value for workspace permissions.
|
||
|
$this->dataLists['webmount_list'] = $this->user['db_mountpoints']; // Database mountpoints
|
||
|
$this->dataLists['webmount_list'] = $this->user['db_mountpoints']; // Database mountpoints
|
||
|
$this->dataLists['filemount_list'] = $this->user['file_mountpoints']; // File mountpoints
|
||
|
$this->dataLists['filemount_list'] = $this->user['file_mountpoints']; // File mountpoints
|
||
|
$this->dataLists['fileoper_perms'] = (int)$this->user['fileoper_perms']; // Fileoperation permissions
|
||
|
$this->dataLists['fileoper_perms'] = (int) $this->user['fileoper_perms']; // Fileoperation permissions
|
||
|
// Setting default User TSconfig:
|
||
|
$this->TSdataArray[]=$this->addTScomment('From $GLOBALS["TYPO3_CONF_VARS"]["BE"]["defaultUserTSconfig"]:').
|
||
|
$this->TSdataArray[] = $this->addTScomment('From $GLOBALS["TYPO3_CONF_VARS"]["BE"]["defaultUserTSconfig"]:') .
|
||
|
$GLOBALS['TYPO3_CONF_VARS']['BE']['defaultUserTSconfig'];
|
||
|
$GLOBALS['TYPO3_CONF_VARS']['BE']['defaultUserTSconfig'];
|
||
|
// Default TSconfig for admin-users
|
||
|
if ($this->isAdmin()) {
|
||
|
if ($this->isAdmin()) {
|
||
|
$this->TSdataArray[]=$this->addTScomment('"admin" user presets:').'
|
||
|
$this->TSdataArray[] = $this->addTScomment('"admin" user presets:') . '
|
||
|
admPanel.enable.all = 1
|
||
|
';
|
||
|
if (t3lib_extMgm::isLoaded('sys_note')) {
|
||
|
if (t3lib_extMgm::isLoaded('sys_note')) {
|
||
|
$this->TSdataArray[]='
|
||
|
$this->TSdataArray[] = '
|
||
|
// Setting defaults for sys_note author / email...
|
||
|
// Setting defaults for sys_note author / email...
|
||
|
TCAdefaults.sys_note.author = '.$this->user['realName'].'
|
||
|
TCAdefaults.sys_note.author = ' . $this->user['realName'] . '
|
||
|
TCAdefaults.sys_note.email = '.$this->user['email'].'
|
||
|
TCAdefaults.sys_note.email = ' . $this->user['email'] . '
|
||
|
';
|
||
|
}
|
||
|
}
|
||
|
// FILE MOUNTS:
|
||
|
// Admin users has the base fileadmin dir mounted
|
||
|
if ($this->isAdmin() && $GLOBALS['TYPO3_CONF_VARS']['BE']['fileadminDir']) {
|
||
|
if ($this->isAdmin() && $GLOBALS['TYPO3_CONF_VARS']['BE']['fileadminDir']) {
|
||
|
$this->addFileMount($GLOBALS['TYPO3_CONF_VARS']['BE']['fileadminDir'], '', PATH_site.$GLOBALS['TYPO3_CONF_VARS']['BE']['fileadminDir'], 0, '');
|
||
|
$this->addFileMount($GLOBALS['TYPO3_CONF_VARS']['BE']['fileadminDir'], '', PATH_site . $GLOBALS['TYPO3_CONF_VARS']['BE']['fileadminDir'], 0, '');
|
||
|
}
|
||
|
// If userHomePath is set, we attempt to mount it
|
||
|
if ($GLOBALS['TYPO3_CONF_VARS']['BE']['userHomePath']) {
|
||
|
if ($GLOBALS['TYPO3_CONF_VARS']['BE']['userHomePath']) {
|
||
|
// First try and mount with [uid]_[username]
|
||
|
$didMount=$this->addFileMount($this->user['username'], '',$GLOBALS['TYPO3_CONF_VARS']['BE']['userHomePath'].$this->user['uid'].'_'.$this->user['username'].$GLOBALS['TYPO3_CONF_VARS']['BE']['userUploadDir'], 0, 'user');
|
||
|
$didMount = $this->addFileMount($this->user['username'], '', $GLOBALS['TYPO3_CONF_VARS']['BE']['userHomePath'] . $this->user['uid'] . '_' . $this->user['username'] . $GLOBALS['TYPO3_CONF_VARS']['BE']['userUploadDir'], 0, 'user');
|
||
|
if (!$didMount) {
|
||
|
if (!$didMount) {
|
||
|
// If that failed, try and mount with only [uid]
|
||
|
$this->addFileMount($this->user['username'], '', $GLOBALS['TYPO3_CONF_VARS']['BE']['userHomePath'].$this->user['uid'].$GLOBALS['TYPO3_CONF_VARS']['BE']['userUploadDir'], 0, 'user');
|
||
|
$this->addFileMount($this->user['username'], '', $GLOBALS['TYPO3_CONF_VARS']['BE']['userHomePath'] . $this->user['uid'] . $GLOBALS['TYPO3_CONF_VARS']['BE']['userUploadDir'], 0, 'user');
|
||
|
}
|
||
|
}
|
||
|
// BE_GROUPS:
|
||
|
// Get the groups...
|
||
|
# $grList = t3lib_BEfunc::getSQLselectableList($this->user[$this->usergroup_column],$this->usergroup_table,$this->usergroup_table);
|
||
|
# $grList = t3lib_BEfunc::getSQLselectableList($this->user[$this->usergroup_column],$this->usergroup_table,$this->usergroup_table);
|
||
|
$grList = $GLOBALS['TYPO3_DB']->cleanIntList($this->user[$this->usergroup_column]); // 240203: Since the group-field never contains any references to groups with a prepended table name we think it's safe to just intExplode and re-implode - which should be much faster than the other function call.
|
||
|
$grList = $GLOBALS['TYPO3_DB']->cleanIntList($this->user[$this->usergroup_column]); // 240203: Since the group-field never contains any references to groups with a prepended table name we think it's safe to just intExplode and re-implode - which should be much faster than the other function call.
|
||
|
if ($grList) {
|
||
|
if ($grList) {
|
||
|
// Fetch groups will add a lot of information to the internal arrays: modules, accesslists, TSconfig etc. Refer to fetchGroups() function.
|
||
|
$this->fetchGroups($grList);
|
||
|
}
|
||
|
// Add the TSconfig for this specific user:
|
||
|
$this->TSdataArray[] = $this->addTScomment('USER TSconfig field').$this->user['TSconfig'];
|
||
|
$this->TSdataArray[] = $this->addTScomment('USER TSconfig field') . $this->user['TSconfig'];
|
||
|
// Check include lines.
|
||
|
$this->TSdataArray = t3lib_TSparser::checkIncludeLines_array($this->TSdataArray);
|
||
|
$this->userTS_text = implode(LF.'[GLOBAL]'.LF,$this->TSdataArray); // Imploding with "[global]" will make sure that non-ended confinements with braces are ignored.
|
||
|
$this->userTS_text = implode(LF . '[GLOBAL]' . LF, $this->TSdataArray); // Imploding with "[global]" will make sure that non-ended confinements with braces are ignored.
|
||
|
if ($GLOBALS['TYPO3_CONF_VARS']['BE']['TSconfigConditions'] && !$this->userTS_dontGetCached) {
|
||
|
// Perform TS-Config parsing with condition matching
|
||
| ... | ... | |
|
$this->userTS = $parseObj->setup;
|
||
|
t3lib_BEfunc::storeHash($hash, serialize($this->userTS), 'BE_USER_TSconfig');
|
||
|
// Update UC:
|
||
|
$this->userTSUpdated=1;
|
||
|
$this->userTSUpdated = 1;
|
||
|
}
|
||
|
}
|
||
|
// Processing webmounts
|
||
|
if ($this->isAdmin() && !$this->getTSConfigVal('options.dontMountAdminMounts')) { // Admin's always have the root mounted
|
||
|
if ($this->isAdmin() && !$this->getTSConfigVal('options.dontMountAdminMounts')) { // Admin's always have the root mounted
|
||
|
$this->dataLists['webmount_list']='0,'.$this->dataLists['webmount_list'];
|
||
|
$this->dataLists['webmount_list'] = '0,' . $this->dataLists['webmount_list'];
|
||
|
}
|
||
|
// Processing filemounts
|
||
|
t3lib_div::loadTCA('sys_filemounts');
|
||
|
$orderBy = $GLOBALS['TCA']['sys_filemounts']['ctrl']['default_sortby'] ? $GLOBALS['TYPO3_DB']->stripOrderBy($GLOBALS['TCA']['sys_filemounts']['ctrl']['default_sortby']) : 'sorting';
|
||
|
$this->dataLists['filemount_list'] = t3lib_div::uniqueList($this->dataLists['filemount_list']);
|
||
|
if ($this->dataLists['filemount_list']) {
|
||
|
if ($this->dataLists['filemount_list']) {
|
||
|
$res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('*', 'sys_filemounts', 'deleted=0 AND hidden=0 AND pid=0 AND uid IN ('.$this->dataLists['filemount_list'].')', '', $orderBy);
|
||
|
$res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('*', 'sys_filemounts', 'deleted=0 AND hidden=0 AND pid=0 AND uid IN (' . $this->dataLists['filemount_list'] . ')', '', $orderBy);
|
||
|
while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
|
||
|
while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
|
||
|
$this->addFileMount($row['title'], $row['path'], $row['path'], $row['base']?1:0, '');
|
||
|
$this->addFileMount($row['title'], $row['path'], $row['path'], $row['base'] ? 1 : 0, '');
|
||
|
}
|
||
|
}
|
||
|
// The lists are cleaned for duplicates
|
||
|
$this->groupData['webmounts'] = t3lib_div::uniqueList($this->dataLists['webmount_list']);
|
||
|
$this->groupData['pagetypes_select'] = t3lib_div::uniqueList($this->dataLists['pagetypes_select']);
|
||
|
$this->groupData['tables_select'] = t3lib_div::uniqueList($this->dataLists['tables_modify'].','.$this->dataLists['tables_select']);
|
||
|
$this->groupData['tables_select'] = t3lib_div::uniqueList($this->dataLists['tables_modify'] . ',' . $this->dataLists['tables_select']);
|
||
|
$this->groupData['tables_modify'] = t3lib_div::uniqueList($this->dataLists['tables_modify']);
|
||
|
$this->groupData['non_exclude_fields'] = t3lib_div::uniqueList($this->dataLists['non_exclude_fields']);
|
||
|
$this->groupData['explicit_allowdeny'] = t3lib_div::uniqueList($this->dataLists['explicit_allowdeny']);
|
||
| ... | ... | |
|
$this->userGroupsUID = array_reverse(array_unique(array_reverse($this->includeGroupArray)));
|
||
|
// Finally this is the list of group_uid's in the order they are parsed (including subgroups!) and without duplicates (duplicates are presented with their last entrance in the list, which thus reflects the order of the TypoScript in TSconfig)
|
||
|
$this->groupList = implode(',',$this->userGroupsUID);
|
||
|
$this->groupList = implode(',', $this->userGroupsUID);
|
||
|
$this->setCachedList($this->groupList);
|
||
|
// Checking read access to webmounts:
|
||
|
if (trim($this->groupData['webmounts'])!=='') {
|
||
|
if (trim($this->groupData['webmounts']) !== '') {
|
||
|
$webmounts = explode(',',$this->groupData['webmounts']); // Explode mounts
|
||
|
$webmounts = explode(',', $this->groupData['webmounts']); // Explode mounts
|
||
|
$MProws = $GLOBALS['TYPO3_DB']->exec_SELECTgetRows('uid', 'pages', 'deleted=0 AND uid IN ('.$this->groupData['webmounts'].') AND '.$this->getPagePermsClause(1),'','','','uid'); // Selecting all webmounts with permission clause for reading
|
||
|
$MProws = $GLOBALS['TYPO3_DB']->exec_SELECTgetRows('uid', 'pages', 'deleted=0 AND uid IN (' . $this->groupData['webmounts'] . ') AND ' . $this->getPagePermsClause(1), '', '', '', 'uid'); // Selecting all webmounts with permission clause for reading
|
||
|
foreach($webmounts as $idx => $mountPointUid) {
|
||
|
foreach ($webmounts as $idx => $mountPointUid) {
|
||
|
if ($mountPointUid>0 && !isset($MProws[$mountPointUid])) { // If the mount ID is NOT found among selected pages, unset it:
|
||
|
if ($mountPointUid > 0 && !isset($MProws[$mountPointUid])) { // If the mount ID is NOT found among selected pages, unset it:
|
||
|
unset($webmounts[$idx]);
|
||
|
}
|
||
|
}
|
||
|
$this->groupData['webmounts'] = implode(',',$webmounts); // Implode mounts in the end.
|
||
|
$this->groupData['webmounts'] = implode(',', $webmounts); // Implode mounts in the end.
|
||
|
}
|
||
|
// Setting up workspace situation (after webmounts are processed!):
|
||
| ... | ... | |
|
* @return void
|
||
|
* @access private
|
||
|
*/
|
||
|
function fetchGroups($grList,$idList='') {
|
||
|
function fetchGroups($grList, $idList = '') {
|
||
|
global $TYPO3_CONF_VARS;
|
||
|
// Fetching records of the groups in $grList (which are not blocked by lockedToDomain either):
|
||
|
$lockToDomain_SQL = ' AND (lockToDomain=\'\' OR lockToDomain IS NULL OR lockToDomain=\''.t3lib_div::getIndpEnv('HTTP_HOST').'\')';
|
||
|
$lockToDomain_SQL = ' AND (lockToDomain=\'\' OR lockToDomain IS NULL OR lockToDomain=\'' . t3lib_div::getIndpEnv('HTTP_HOST') . '\')';
|
||
|
$whereSQL = 'deleted=0 AND hidden=0 AND pid=0 AND uid IN ('.$grList.')'.$lockToDomain_SQL;
|
||
|
$whereSQL = 'deleted=0 AND hidden=0 AND pid=0 AND uid IN (' . $grList . ')' . $lockToDomain_SQL;
|
||