SuggestWizardController.php

Go to the documentation of this file.

<?php
namespace ‪TYPO3\CMS\Backend\Controller\Wizard;
 
/*
 * This file is part of the TYPO3 CMS project.
 *
 * It is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License, either version 2
 * of the License, or any later version.
 *
 * For the full copyright and license information, please read the
 * LICENSE.txt file that was distributed with this source code.
 *
 * The TYPO3 project - inspiring people to share!
 */
 
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use ‪TYPO3\CMS\Backend\Form\Wizard\SuggestWizardDefaultReceiver;
use ‪TYPO3\CMS\Backend\Utility\BackendUtility;
use ‪TYPO3\CMS\Core\Configuration\FlexForm\FlexFormTools;
use ‪TYPO3\CMS\Core\Database\ConnectionPool;
use ‪TYPO3\CMS\Core\Http\JsonResponse;
use ‪TYPO3\CMS\Core\Utility\ArrayUtility;
use ‪TYPO3\CMS\Core\Utility\GeneralUtility;
 
class ‪SuggestWizardController
{
    public function ‪searchAction(ServerRequestInterface $request): ResponseInterface
    {
        $parsedBody = $request->getParsedBody();
 
        $search = $parsedBody['value'] ?? null;
        $tableName = $parsedBody['tableName'] ?? null;
        $fieldName = $parsedBody['fieldName'] ?? null;
        $uid = $parsedBody['uid'] ?? null;
        $pid = isset($parsedBody['pid']) ? (int)$parsedBody['pid'] : 0;
        $dataStructureIdentifier = '' ?? null;
        if (!empty($parsedBody['dataStructureIdentifier'])) {
            $dataStructureIdentifier = $parsedBody['dataStructureIdentifier'];
        }
        $flexFormSheetName = $parsedBody['flexFormSheetName'] ?? null;
        $flexFormFieldName = $parsedBody['flexFormFieldName'] ?? null;
        $flexFormContainerName = $parsedBody['flexFormContainerName'] ?? null;
        $flexFormContainerFieldName = $parsedBody['flexFormContainerFieldName'] ?? null;
 
        // Determine TCA config of field
        if (empty($dataStructureIdentifier)) {
            // Normal columns field
            $fieldConfig = ‪$GLOBALS['TCA'][$tableName]['columns'][$fieldName]['config'];
            $fieldNameInPageTsConfig = $fieldName;
        } else {
            // A flex flex form field
            $flexFormTools = GeneralUtility::makeInstance(FlexFormTools::class);
            $dataStructure = $flexFormTools->parseDataStructureByIdentifier($dataStructureIdentifier);
            if (empty($flexFormContainerFieldName)) {
                // @todo: See if a path in pageTsConfig like "TCEForm.tableName.theContainerFieldName =" is useful and works with other pageTs, too.
                $fieldNameInPageTsConfig = $flexFormFieldName;
                if (!isset($dataStructure['sheets'][$flexFormSheetName]['ROOT']
                    ['el'][$flexFormFieldName]['TCEforms']['config'])
                ) {
                    throw new \RuntimeException(
                        'Specified path ' . $flexFormFieldName . ' not found in flex form data structure',
                        1480609491
                    );
                }
                $fieldConfig = $dataStructure['sheets'][$flexFormSheetName]['ROOT']
                    ['el'][$flexFormFieldName]['TCEforms']['config'];
            } else {
                $fieldNameInPageTsConfig = $flexFormContainerFieldName;
                if (!isset($dataStructure['sheets'][$flexFormSheetName]['ROOT']
                        ['el'][$flexFormFieldName]
                        ['el'][$flexFormContainerName]
                        ['el'][$flexFormContainerFieldName]['TCEforms']['config'])
                ) {
                    throw new \RuntimeException(
                        'Specified path ' . $flexFormContainerName . ' not found in flex form section container data structure',
                        1480611208
                    );
                }
                $fieldConfig = $dataStructure['sheets'][$flexFormSheetName]['ROOT']
                    ['el'][$flexFormFieldName]
                    ['el'][$flexFormContainerName]
                    ['el'][$flexFormContainerFieldName]['TCEforms']['config'];
            }
        }
 
        $pageTsConfig = ‪BackendUtility::getPagesTSconfig($pid);
 
        $wizardConfig = $fieldConfig['suggestOptions'] ?? [];
 
        $queryTables = $this->‪getTablesToQueryFromFieldConfiguration($fieldConfig);
        $whereClause = $this->‪getWhereClause($fieldConfig);
 
        $resultRows = [];
 
        // fetch the records for each query table. A query table is a table from which records are allowed to
        // be added to the TCEForm selector, originally fetched from the "allowed" config option in the TCA
        foreach ($queryTables as $queryTable) {
            // if the table does not exist, skip it
            if (!is_array(‪$GLOBALS['TCA'][$queryTable]) || empty(‪$GLOBALS['TCA'][$queryTable])) {
                continue;
            }
 
            $config = $this->‪getConfigurationForTable($queryTable, $wizardConfig, $pageTsConfig, $tableName, $fieldNameInPageTsConfig);
 
            // process addWhere
            if (!isset($config['addWhere']) && $whereClause) {
                $config['addWhere'] = $whereClause;
            }
            if (isset($config['addWhere'])) {
                $replacement = [
                    '###THIS_UID###' => (int)$uid,
                    '###CURRENT_PID###' => (int)$pid
                ];
                if (isset($pageTsConfig['TCEFORM.'][$tableName . '.'][$fieldNameInPageTsConfig . '.'])) {
                    $fieldTSconfig = $pageTsConfig['TCEFORM.'][$tableName . '.'][$fieldNameInPageTsConfig . '.'];
                    if (isset($fieldTSconfig['PAGE_TSCONFIG_ID'])) {
                        $replacement['###PAGE_TSCONFIG_ID###'] = (int)$fieldTSconfig['PAGE_TSCONFIG_ID'];
                    }
                    if (isset($fieldTSconfig['PAGE_TSCONFIG_IDLIST'])) {
                        $replacement['###PAGE_TSCONFIG_IDLIST###'] = implode(',', GeneralUtility::intExplode(',', $fieldTSconfig['PAGE_TSCONFIG_IDLIST']));
                    }
                    if (isset($fieldTSconfig['PAGE_TSCONFIG_STR'])) {
                        $connection = GeneralUtility::makeInstance(ConnectionPool::class)->getConnectionForTable($fieldConfig['foreign_table']);
                        // nasty hack, but it's currently not possible to just quote anything "inside" the value but not escaping
                        // the whole field as it is not known where it is used in the WHERE clause
                        $replacement['###PAGE_TSCONFIG_STR###'] = trim($connection->quote($fieldTSconfig['PAGE_TSCONFIG_STR']), '\'');
                    }
                }
                $config['addWhere'] = strtr(' ' . $config['addWhere'], $replacement);
            }
 
            // instantiate the class that should fetch the records for this $queryTable
            $receiverClassName = $config['receiverClass'];
            if (!class_exists($receiverClassName)) {
                $receiverClassName = SuggestWizardDefaultReceiver::class;
            }
            $receiverObj = GeneralUtility::makeInstance($receiverClassName, $queryTable, $config);
            $params = [
                'value' => $search,
                'uid' => $uid,
            ];
            $rows = $receiverObj->queryTable($params);
            if (empty($rows)) {
                continue;
            }
            $resultRows = $rows + $resultRows;
            unset($rows);
        }
 
        // Limit the number of items in the result list
        $maxItems = $config['maxItemsInResultList'] ?? 10;
        $maxItems = min(count($resultRows), $maxItems);
 
        array_splice($resultRows, $maxItems);
        return (new ‪JsonResponse())->setPayload(array_values($resultRows));
    }
 
    protected function ‪isTableHidden(array $tableConfig)
    {
        return (bool)$tableConfig['ctrl']['hideTable'];
    }
 
    protected function ‪currentBackendUserMayAccessTable(array $tableConfig)
    {
        if ($this->‪getBackendUser()->isAdmin()) {
            return true;
        }
 
        // If the user is no admin, they may not access admin-only tables
        if ($tableConfig['ctrl']['adminOnly']) {
            return false;
        }
 
        // allow access to root level pages if security restrictions should be bypassed
        return !$tableConfig['ctrl']['rootLevel'] || $tableConfig['ctrl']['security']['ignoreRootLevelRestriction'];
    }
 
    protected function ‪getConfigurationForTable($queryTable, array $wizardConfig, array $TSconfig, $table, $field)
    {
        $config = (array)$wizardConfig['default'];
 
        if (is_array($wizardConfig[$queryTable])) {
            ‪ArrayUtility::mergeRecursiveWithOverrule($config, $wizardConfig[$queryTable]);
        }
        $globalSuggestTsConfig = $TSconfig['TCEFORM.']['suggest.'];
        $currentFieldSuggestTsConfig = $TSconfig['TCEFORM.'][$table . '.'][$field . '.']['suggest.'];
 
        // merge the configurations of different "levels" to get the working configuration for this table and
        // field (i.e., go from the most general to the most special configuration)
        if (is_array($globalSuggestTsConfig['default.'])) {
            ‪ArrayUtility::mergeRecursiveWithOverrule($config, $globalSuggestTsConfig['default.']);
        }
 
        if (is_array($globalSuggestTsConfig[$queryTable . '.'])) {
            ‪ArrayUtility::mergeRecursiveWithOverrule($config, $globalSuggestTsConfig[$queryTable . '.']);
        }
 
        // use $table instead of $queryTable here because we overlay a config
        // for the input-field here, not for the queried table
        if (is_array($currentFieldSuggestTsConfig['default.'])) {
            ‪ArrayUtility::mergeRecursiveWithOverrule($config, $currentFieldSuggestTsConfig['default.']);
        }
 
        if (is_array($currentFieldSuggestTsConfig[$queryTable . '.'])) {
            ‪ArrayUtility::mergeRecursiveWithOverrule($config, $currentFieldSuggestTsConfig[$queryTable . '.']);
        }
 
        return $config;
    }
 
    protected function ‪getTablesToQueryFromFieldConfiguration(array $fieldConfig)
    {
        $queryTables = [];
 
        if (isset($fieldConfig['allowed'])) {
            if ($fieldConfig['allowed'] !== '*') {
                // list of allowed tables
                $queryTables = GeneralUtility::trimExplode(',', $fieldConfig['allowed']);
            } else {
                // all tables are allowed, if the user can access them
                foreach (‪$GLOBALS['TCA'] as $tableName => $tableConfig) {
                    if (!$this->‪isTableHidden($tableConfig) && $this->‪currentBackendUserMayAccessTable($tableConfig)) {
                        $queryTables[] = $tableName;
                    }
                }
                unset($tableName, $tableConfig);
            }
        } elseif (isset($fieldConfig['foreign_table'])) {
            // use the foreign table
            $queryTables = [$fieldConfig['foreign_table']];
        }
 
        return $queryTables;
    }
 
    protected function ‪getWhereClause(array $fieldConfig)
    {
        if (!isset($fieldConfig['foreign_table'])) {
            return '';
        }
 
        // strip ORDER BY clause
        return trim(preg_replace('/ORDER[[:space:]]+BY.*/i', '', $fieldConfig['foreign_table_where']));
    }
 
    protected function ‪getBackendUser()
    {
        return ‪$GLOBALS['BE_USER'];
    }
}