‪TYPO3CMS  10.4
EditableRestriction.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
18 namespace ‪TYPO3\CMS\Linkvalidator\QueryRestrictions;
19 
20 use ‪TYPO3\CMS\Core\Database\Connection;
21 use ‪TYPO3\CMS\Core\Database\Query\Expression\CompositeExpression;
22 use ‪TYPO3\CMS\Core\Database\Query\Expression\ExpressionBuilder;
23 use ‪TYPO3\CMS\Core\Database\Query\QueryBuilder;
24 use ‪TYPO3\CMS\Core\Database\Query\QueryHelper;
25 use ‪TYPO3\CMS\Core\Database\Query\Restriction\QueryRestrictionInterface;
26 use ‪TYPO3\CMS\Core\Type\Bitmask\Permission;
27 use ‪TYPO3\CMS\Core\Utility\GeneralUtility;
28 
29 class ‪EditableRestriction implements ‪QueryRestrictionInterface
30 {
36  protected ‪$allowedFields = [];
37 
43  protected ‪$allowedLanguages = [];
44 
50  protected ‪$explicitAllowFields = [];
51 
55  protected ‪$queryBuilder;
56 
62  public function ‪__construct(array $searchFields, ‪QueryBuilder ‪$queryBuilder)
63  {
64  $this->allowedFields = $this->‪getAllowedFieldsForCurrentUser($searchFields);
65  $this->allowedLanguages = $this->‪getAllowedLanguagesForCurrentUser();
66  foreach ($searchFields as $table => ‪$fields) {
67  if ($table !== 'pages' && (‪$GLOBALS['TCA'][$table]['ctrl']['type'] ?? false)) {
68  $type = ‪$GLOBALS['TCA'][$table]['ctrl']['type'];
69  $fieldConfig = ‪$GLOBALS['TCA'][$table]['columns'][$type]['config'];
70  // Check for items
71  if ($fieldConfig['type'] === 'select'
72  && is_array($fieldConfig['items'] ?? false)
73  && isset($fieldConfig['authMode'])
74  && isset($fieldConfig['authMode_enforce']) && $fieldConfig['authMode_enforce'] === 'strict'
75  ) {
76  $this->explicitAllowFields[$table][$type] = $this->‪getExplicitAllowTypesForCurrentUser(
77  $table,
78  $type
79  );
80  }
81  }
82  }
83  $this->queryBuilder = ‪$queryBuilder;
84  }
85 
91  protected function ‪getAllowedLanguagesForCurrentUser(): array
92  {
93  // Comma-separated list of allowed languages, e.g. "0,1". If empty, user has access to all languages.
94  ‪$allowedLanguages = trim(‪$GLOBALS['BE_USER']->groupData['allowed_languages'] ?? '');
95  if (‪$allowedLanguages === '') {
96  return [];
97  }
98 
99  return ‪GeneralUtility::intExplode(',', ‪$allowedLanguages);
100  }
101 
111  protected function ‪getExplicitAllowTypesForCurrentUser(string $table, string $typeField): array
112  {
113  $allowDenyFieldTypes = [];
114  $fieldConfig = ‪$GLOBALS['TCA'][$table]['columns'][$typeField]['config'];
115  foreach ($fieldConfig['items'] as $iVal) {
116  $itemIdentifier = (string)$iVal[1];
117  if ($itemIdentifier === '--div--') {
118  continue;
119  }
120  if (‪$GLOBALS['BE_USER']->checkAuthMode(
121  $table,
122  $typeField,
123  $itemIdentifier,
124  ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['explicitADmode']
125  )
126  ) {
127  $allowDenyFieldTypes[] = $itemIdentifier;
128  }
129  }
130  return $allowDenyFieldTypes;
131  }
132 
141  protected function ‪getAllowedFieldsForCurrentUser(array $searchFields = []): array
142  {
143  if (!$searchFields) {
144  return [];
145  }
146 
147  ‪$allowedFields = [];
148 
149  foreach ($searchFields as $table => $fieldList) {
150  if (!‪$GLOBALS['BE_USER']->isAdmin() && !‪$GLOBALS['BE_USER']->check('tables_modify', $table)) {
151  // table not allowed
152  continue;
153  }
154  foreach ($fieldList as $field) {
155  $isExcludeField = ‪$GLOBALS['TCA'][$table]['columns'][$field]['exclude'] ?? false;
156  if (!‪$GLOBALS['BE_USER']->isAdmin()
157  && $isExcludeField
158  && !‪$GLOBALS['BE_USER']->check('non_exclude_fields', $table . ':' . $field)) {
159  continue;
160  }
161  ‪$allowedFields[$table][$field] = true;
162  }
163  }
164  return ‪$allowedFields;
165  }
166 
167  public function ‪buildExpression(array $queriedTables, ExpressionBuilder $expressionBuilder): CompositeExpression
168  {
169  $constraints = [];
170 
171  if ($this->allowedFields) {
172  $constraints = [
173  $expressionBuilder->orX(
174  // broken link is in page and page is editable
175  $expressionBuilder->andX(
176  $expressionBuilder->eq(
177  'tx_linkvalidator_link.table_name',
178  $this->queryBuilder->createNamedParameter('pages')
179  ),
180  ‪QueryHelper::stripLogicalOperatorPrefix(‪$GLOBALS['BE_USER']->getPagePermsClause(‪Permission::PAGE_EDIT))
181  ),
182  // OR broken link is in content and content is editable
183  $expressionBuilder->andX(
184  $expressionBuilder->neq(
185  'tx_linkvalidator_link.table_name',
186  $this->queryBuilder->createNamedParameter('pages')
187  ),
188  ‪QueryHelper::stripLogicalOperatorPrefix(‪$GLOBALS['BE_USER']->getPagePermsClause(‪Permission::CONTENT_EDIT))
189  )
190  )
191  ];
192 
193  // check if fields are editable
194  $additionalWhere = [];
195  foreach ($this->allowedFields as $table => ‪$fields) {
196  foreach (‪$fields as $field => $value) {
197  $additionalWhere[] = $expressionBuilder->andX(
198  $expressionBuilder->eq(
199  'tx_linkvalidator_link.table_name',
200  $this->queryBuilder->createNamedParameter($table)
201  ),
202  $expressionBuilder->eq(
203  'tx_linkvalidator_link.field',
204  $this->queryBuilder->createNamedParameter($field)
205  )
206  );
207  }
208  }
209  if ($additionalWhere) {
210  $constraints[] = $expressionBuilder->orX(...$additionalWhere);
211  }
212  } else {
213  // add a constraint that will always return zero records because there are NO allowed fields
214  $constraints[] = $expressionBuilder->isNull('tx_linkvalidator_link.table_name');
215  }
216 
217  foreach ($this->explicitAllowFields as $table => $field) {
218  $additionalWhere = [];
219  $additionalWhere[] = $expressionBuilder->andX(
220  $expressionBuilder->eq(
221  'tx_linkvalidator_link.table_name',
222  $this->queryBuilder->createNamedParameter($table)
223  ),
224  $expressionBuilder->in(
225  'tx_linkvalidator_link.element_type',
226  $this->queryBuilder->createNamedParameter(
227  array_unique(current($field)),
228  Connection::PARAM_STR_ARRAY
229  )
230  )
231  );
232  $additionalWhere[] = $expressionBuilder->neq(
233  'tx_linkvalidator_link.table_name',
234  $this->queryBuilder->createNamedParameter($table)
235  );
236  if ($additionalWhere) {
237  $constraints[] = $expressionBuilder->orX(...$additionalWhere);
238  }
239  }
240 
241  if ($this->allowedLanguages) {
242  $additionalWhere = [];
243  foreach ($this->allowedLanguages as $langId) {
244  $additionalWhere[] = $expressionBuilder->orX(
245  $expressionBuilder->eq(
246  'tx_linkvalidator_link.language',
247  $this->queryBuilder->createNamedParameter($langId, \PDO::PARAM_INT)
248  ),
249  $expressionBuilder->eq(
250  'tx_linkvalidator_link.language',
251  $this->queryBuilder->createNamedParameter(-1, \PDO::PARAM_INT)
252  )
253  );
254  }
255  $constraints[] = $expressionBuilder->orX(...$additionalWhere);
256  }
257  // If allowed languages is empty: all languages are allowed, so no constraint in this case
258 
259  return $expressionBuilder->andX(...$constraints);
260  }
261 }
‪TYPO3\CMS\Core\Database\Query\Expression\ExpressionBuilder
Definition: ExpressionBuilder.php:35
‪TYPO3\CMS\Linkvalidator\QueryRestrictions\EditableRestriction\getAllowedLanguagesForCurrentUser
‪array getAllowedLanguagesForCurrentUser()
Definition: EditableRestriction.php:87
‪TYPO3\CMS\Linkvalidator\QueryRestrictions\EditableRestriction\getExplicitAllowTypesForCurrentUser
‪string[] getExplicitAllowTypesForCurrentUser(string $table, string $typeField)
Definition: EditableRestriction.php:107
‪TYPO3\CMS\Core\Database\Query\Restriction\QueryRestrictionInterface
Definition: QueryRestrictionInterface.php:27
‪TYPO3\CMS\Core\Database\Query\Expression\ExpressionBuilder\eq
‪string eq(string $fieldName, $value)
Definition: ExpressionBuilder.php:109
‪TYPO3\CMS\Core\Database\Query\Expression\ExpressionBuilder\neq
‪string neq(string $fieldName, $value)
Definition: ExpressionBuilder.php:128
‪$fields
‪$fields
Definition: pages.php:5
‪TYPO3\CMS\Linkvalidator\QueryRestrictions
Definition: EditableRestriction.php:18
‪TYPO3\CMS\Core\Type\Bitmask\Permission
Definition: Permission.php:24
‪TYPO3\CMS\Core\Database\Query\QueryBuilder
Definition: QueryBuilder.php:52
‪TYPO3\CMS\Core\Database\Query\Expression\CompositeExpression
Definition: CompositeExpression.php:25
‪TYPO3\CMS\Core\Database\Query\Expression\ExpressionBuilder\in
‪string in(string $fieldName, $value)
Definition: ExpressionBuilder.php:244
‪TYPO3\CMS\Linkvalidator\QueryRestrictions\EditableRestriction\$allowedLanguages
‪array $allowedLanguages
Definition: EditableRestriction.php:41
‪TYPO3\CMS\Linkvalidator\QueryRestrictions\EditableRestriction\buildExpression
‪buildExpression(array $queriedTables, ExpressionBuilder $expressionBuilder)
Definition: EditableRestriction.php:163
‪TYPO3\CMS\Core\Database\Query\Expression\ExpressionBuilder\andX
‪CompositeExpression andX(... $expressions)
Definition: ExpressionBuilder.php:70
‪TYPO3\CMS\Core\Database\Query\QueryHelper
Definition: QueryHelper.php:32
‪TYPO3\CMS\Core\Database\Query\Expression\ExpressionBuilder\orX
‪CompositeExpression orX(... $expressions)
Definition: ExpressionBuilder.php:82
‪TYPO3\CMS\Linkvalidator\QueryRestrictions\EditableRestriction
Definition: EditableRestriction.php:30
‪TYPO3\CMS\Linkvalidator\QueryRestrictions\EditableRestriction\getAllowedFieldsForCurrentUser
‪array getAllowedFieldsForCurrentUser(array $searchFields=[])
Definition: EditableRestriction.php:137
‪TYPO3\CMS\Core\Database\Connection
Definition: Connection.php:36
‪TYPO3\CMS\Core\Type\Bitmask\Permission\CONTENT_EDIT
‪const CONTENT_EDIT
Definition: Permission.php:53
‪TYPO3\CMS\Core\Database\Query\QueryHelper\stripLogicalOperatorPrefix
‪static string stripLogicalOperatorPrefix(string $constraint)
Definition: QueryHelper.php:165
‪$GLOBALS
‪$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['adminpanel']['modules']
Definition: ext_localconf.php:5
‪TYPO3\CMS\Core\Type\Bitmask\Permission\PAGE_EDIT
‪const PAGE_EDIT
Definition: Permission.php:38
‪TYPO3\CMS\Core\Database\Query\Expression\ExpressionBuilder\isNull
‪string isNull(string $fieldName)
Definition: ExpressionBuilder.php:192
‪TYPO3\CMS\Core\Utility\GeneralUtility\intExplode
‪static int[] intExplode($delimiter, $string, $removeEmptyValues=false, $limit=0)
Definition: GeneralUtility.php:988
‪TYPO3\CMS\Linkvalidator\QueryRestrictions\EditableRestriction\$queryBuilder
‪QueryBuilder $queryBuilder
Definition: EditableRestriction.php:51
‪TYPO3\CMS\Linkvalidator\QueryRestrictions\EditableRestriction\__construct
‪__construct(array $searchFields, QueryBuilder $queryBuilder)
Definition: EditableRestriction.php:58
‪TYPO3\CMS\Core\Utility\GeneralUtility
Definition: GeneralUtility.php:46
‪TYPO3\CMS\Linkvalidator\QueryRestrictions\EditableRestriction\$allowedFields
‪array $allowedFields
Definition: EditableRestriction.php:35
‪TYPO3\CMS\Linkvalidator\QueryRestrictions\EditableRestriction\$explicitAllowFields
‪array $explicitAllowFields
Definition: EditableRestriction.php:47