1 <?php

2 namespace TYPO3\CMS\SysAction;

3 

17 use TYPO3\CMS\Core\Utility\GeneralUtility;

18 use TYPO3\CMS\Backend\Utility\BackendUtility;

19 

26 class ActionTask implements \TYPO3\CMS\Taskcenter\TaskInterface {

27 

31  protected $taskObject;

32 

37  public $t3lib_TCEforms;

38 

44  protected $hookObjects = array();

45 

51  protected $moduleUrl;

52 

56  public function __construct(\TYPO3\CMS\Taskcenter\Controller\TaskModuleController $taskObject) {

57  $this->moduleUrl = BackendUtility::getModuleUrl('user_task');

58  $this->taskObject = $taskObject;

59  $GLOBALS['LANG']->includeLLFile('EXT:sys_action/locallang.xlf');

60  if (is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['sys_action']['tx_sysaction_task'])) {

61  foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['sys_action']['tx_sysaction_task'] as $classRef) {

62  $this->hookObjects[] = GeneralUtility::getUserObj($classRef);

63  }

64  }

65  }

66 

72  public function getTask() {

73  $content = '';

74  $show = (int)GeneralUtility::_GP('show');

75  foreach ($this->hookObjects as $hookObject) {

76  if (method_exists($hookObject, 'getTask')) {

77  $show = $hookObject->getTask($show, $this);

78  }

79  }

80  // If no task selected, render the menu

81  if ($show == 0) {

82  $content .= $this->taskObject->description($GLOBALS['LANG']->getLL('sys_action'), $GLOBALS['LANG']->getLL('description'));

83  $content .= $this->renderActionList();

84  } else {

85  $record = BackendUtility::getRecord('sys_action', $show);

86  // If the action is not found

87  if (count($record) == 0) {

88  $flashMessage = GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Messaging\\FlashMessage', $GLOBALS['LANG']->getLL('action_error-not-found', TRUE), $GLOBALS['LANG']->getLL('action_error'), \TYPO3\CMS\Core\Messaging\FlashMessage::ERROR);

89  $content .= $flashMessage->render();

90  } else {

91  // Render the task

92  $content .= $this->taskObject->description($record['title'], $record['description']);

93  // Output depends on the type

94  switch ($record['type']) {

95  case 1:

96  $content .= $this->viewNewBackendUser($record);

97  break;

98  case 2:

99  $content .= $this->viewSqlQuery($record);

100  break;

101  case 3:

102  $content .= $this->viewRecordList($record);

103  break;

104  case 4:

105  $content .= $this->viewEditRecord($record);

106  break;

107  case 5:

108  $content .= $this->viewNewRecord($record);

109  break;

110  default:

111  $flashMessage = GeneralUtility::makeInstance(

112  'TYPO3\\CMS\\Core\\Messaging\\FlashMessage',

113  $GLOBALS['LANG']->getLL('action_noType', TRUE),

114  $GLOBALS['LANG']->getLL('action_error'),

115  \TYPO3\CMS\Core\Messaging\FlashMessage::ERROR

116  );

117  $content .= '<br />' . $flashMessage->render();

118  }

119  }

120  }

121  return $content;

122  }

123 

129  public function getOverview() {

130  $content = '<p>' . $GLOBALS['LANG']->getLL('description') . '</p>';

131  // Get the actions

132  $actionList = $this->getActions();

133  if (count($actionList) > 0) {

134  $items = '';

135  // Render a single action menu item

136  foreach ($actionList as $action) {

137  $active = GeneralUtility::_GP('show') === $action['uid'] ? ' class="active" ' : '';

138  $items .= '<li' . $active . '>

139  <a href="' . $action['link'] . '" title="' . htmlspecialchars($action['description']) . '">' . htmlspecialchars($action['title']) . '</a>

140  </li>';

141  }

142  $content .= '<ul>' . $items . '</ul>';

143  }

144  return $content;

145  }

146 

153  protected function getActions() {

154  $actionList = array();

155  // admins can see any record

156  if ($GLOBALS['BE_USER']->isAdmin()) {

157  $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('*', 'sys_action', '', '', 'sys_action.sorting');

158  } else {

159  // Editors can only see the actions which are assigned to a usergroup they belong to

160  $additionalWhere = 'be_groups.uid IN (' . ($GLOBALS['BE_USER']->groupList ?: 0) . ')';

161  $res = $GLOBALS['TYPO3_DB']->exec_SELECT_mm_query('sys_action.*', 'sys_action', 'sys_action_asgr_mm', 'be_groups', ' AND sys_action.hidden=0 AND ' . $additionalWhere, 'sys_action.uid', 'sys_action.sorting');

162  }

163  while ($actionRow = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {

164  $editActionLink = '';

165  // Admins are allowed to edit sys_action records

166  if ($GLOBALS['BE_USER']->isAdmin()) {

167  $returnUrl = rawurlencode(GeneralUtility::getIndpEnv('REQUEST_URI'));

168  $link = GeneralUtility::getIndpEnv('TYPO3_REQUEST_DIR') . $GLOBALS['BACK_PATH'] . 'alt_doc.php?returnUrl=' . $returnUrl . '&edit[sys_action][' . $actionRow['uid'] . ']=edit';

169  $editActionLink = '<a class="edit" href="' . $link . '">' . '<img class="icon"' . \TYPO3\CMS\Backend\Utility\IconUtility::skinImg($GLOBALS['BACK_PATH'], 'gfx/edit2.gif') . ' title="' . $GLOBALS['LANG']->getLL('edit-sys_action') . '" alt="" />' . $GLOBALS['LANG']->getLL('edit-sys_action') . '</a>';

170  }

171  $actionList[] = array(

172  'uid' => $actionRow['uid'],

173  'title' => $actionRow['title'],

174  'description' => $actionRow['description'],

175  'descriptionHtml' => nl2br(htmlspecialchars($actionRow['description'])) . $editActionLink,

176  'link' => $this->moduleUrl . '&SET[function]=sys_action.tx_sysaction_task&show=' . $actionRow['uid'],

177  'icon' => 'EXT:sys_action/sys_action.gif'

178  );

179  }

180  $GLOBALS['TYPO3_DB']->sql_free_result($res);

181  return $actionList;

182  }

183 

189  protected function renderActionList() {

190  $content = '';

191  // Get the sys_action records

192  $actionList = $this->getActions();

193  // If any actions are found for the current users

194  if (count($actionList) > 0) {

195  $content .= $this->taskObject->renderListMenu($actionList);

196  } else {

197  $flashMessage = GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Messaging\\FlashMessage', $GLOBALS['LANG']->getLL('action_not-found-description', TRUE), $GLOBALS['LANG']->getLL('action_not-found'), \TYPO3\CMS\Core\Messaging\FlashMessage::INFO);

198  $content .= $flashMessage->render();

199  }

200  // Admin users can create a new action

201  if ($GLOBALS['BE_USER']->isAdmin()) {

202  $returnUrl = rawurlencode($this->moduleUrl);

203  $link = GeneralUtility::getIndpEnv('TYPO3_REQUEST_DIR') . $GLOBALS['BACK_PATH'] . 'alt_doc.php?returnUrl=' . $returnUrl . '&edit[sys_action][0]=new';

204  $content .= '<br />

205  <a href="' . $link . '" title="' . $GLOBALS['LANG']->getLL('new-sys_action') . '">' . '<img class="icon"' . \TYPO3\CMS\Backend\Utility\IconUtility::skinImg($GLOBALS['BACK_PATH'], 'gfx/new_record.gif') . ' title="' . $GLOBALS['LANG']->getLL('new-sys_action') . '" alt="" /> ' . $GLOBALS['LANG']->getLL('new-sys_action') . '</a>';

206  }

207  return $content;

208  }

209 

216  protected function viewNewBackendUser($record) {

217  $content = '';

218  $beRec = BackendUtility::getRecord('be_users', (int)$record['t1_copy_of_user']);

219  // A record is need which is used as copy for the new user

220  if (!is_array($beRec)) {

221  $flashMessage = GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Messaging\\FlashMessage', $GLOBALS['LANG']->getLL('action_notReady', TRUE), $GLOBALS['LANG']->getLL('action_error'), \TYPO3\CMS\Core\Messaging\FlashMessage::ERROR);

222  $content .= $flashMessage->render();

223  return $content;

224  }

225  $vars = GeneralUtility::_POST('data');

226  $key = 'NEW';

227  if ($vars['sent'] == 1) {

228  $errors = array();

229  // Basic error checks

230  if (!empty($vars['email']) && !GeneralUtility::validEmail($vars['email'])) {

231  $errors[] = $GLOBALS['LANG']->getLL('error-wrong-email');

232  }

233  if (empty($vars['username'])) {

234  $errors[] = $GLOBALS['LANG']->getLL('error-username-empty');

235  }

236  if ($vars['key'] === 'NEW' && empty($vars['password'])) {

237  $errors[] = $GLOBALS['LANG']->getLL('error-password-empty');

238  }

239  if ($vars['key'] !== 'NEW' && !$this->isCreatedByUser($vars['key'], $record)) {

240  $errors[] = $GLOBALS['LANG']->getLL('error-wrong-user');

241  }

242  foreach ($this->hookObjects as $hookObject) {

243  if (method_exists($hookObject, 'viewNewBackendUser_Error')) {

244  $errors = $hookObject->viewNewBackendUser_Error($vars, $errors, $this);

245  }

246  }

247  // Show errors if there are any

248  if (count($errors) > 0) {

249  $flashMessage = GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Messaging\\FlashMessage', implode('<br />', $errors), $GLOBALS['LANG']->getLL('action_error'), \TYPO3\CMS\Core\Messaging\FlashMessage::ERROR);

250  $content .= $flashMessage->render() . '<br />';

251  } else {

252  // Save user

253  $key = $this->saveNewBackendUser($record, $vars);

254  // Success message

255  $flashMessage = GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Messaging\\FlashMessage', $vars['key'] === 'NEW' ? $GLOBALS['LANG']->getLL('success-user-created') : $GLOBALS['LANG']->getLL('success-user-updated'), $GLOBALS['LANG']->getLL('success'), \TYPO3\CMS\Core\Messaging\FlashMessage::OK);

256  $content .= $flashMessage->render() . '<br />';

257  }

258  }

259  // Load BE user to edit

260  if ((int)GeneralUtility::_GP('be_users_uid') > 0) {

261  $tmpUserId = (int)GeneralUtility::_GP('be_users_uid');

262  // Check if the selected user is created by the current user

263  $rawRecord = $this->isCreatedByUser($tmpUserId, $record);

264  if ($rawRecord) {

265  // Delete user

266  if (GeneralUtility::_GP('delete') == 1) {

267  $this->deleteUser($tmpUserId, $record['uid']);

268  }

269  $key = $tmpUserId;

270  $vars = $rawRecord;

271  }

272  }

273  $this->JScode();

274  $loadDB = GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Database\\RelationHandler');

275  $loadDB->start($vars['db_mountpoints'], 'pages');

276  $this->t3lib_TCEforms->printNeededJSFunctions();

277  $content .= '<form action="" method="post" enctype="multipart/form-data" name="' . $this->t3lib_TCEforms->formName . '">

278  <fieldset class="fields">

279  <legend>' . $GLOBALS['LANG']->getLL('action_t1_legend_generalFields') . '</legend>

280  <div class="row">

281  <label for="field_disable">' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_general.xlf:LGL.disable') . '</label>

282  <input type="checkbox" id="field_disable" name="data[disable]" value="1" class="checkbox" ' . ($vars['disable'] == 1 ? ' checked="checked" ' : '') . ' />

283  </div>

284  <div class="row">

285  <label for="field_realname">' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_general.xlf:LGL.name') . '</label>

286  <input type="text" id="field_realname" name="data[realName]" value="' . htmlspecialchars($vars['realName']) . '" />

287  </div>

288  <div class="row">

289  <label for="field_username">' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_tca.xlf:be_users.username') . '</label>

290  <input type="text" id="field_username" name="data[username]" value="' . htmlspecialchars($vars['username']) . '" />

291  </div>

292  <div class="row">

293  <label for="field_password">' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_tca.xlf:be_users.password') . '</label>

294  <input type="password" id="field_password" name="data[password]" value="" />

295  </div>

296  <div class="row">

297  <label for="field_email">' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_general.xlf:LGL.email') . '</label>

298  <input type="text" id="field_email" name="data[email]" value="' . htmlspecialchars($vars['email']) . '" />

299  </div>

300  </fieldset>

301  <fieldset class="fields">

302  <legend>' . $GLOBALS['LANG']->getLL('action_t1_legend_configuration') . '</legend>

303 

304  <div class="row">

305  <label for="field_usergroup">' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_tca.xlf:be_users.usergroup') . '</label>

306  <select id="field_usergroup" name="data[usergroup][]" multiple="multiple">

307  ' . $this->getUsergroups($record, $vars) . '

308  </select>

309  </div>

310  <div class="row">

311  <label for="field_db_mountpoints">' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_tca.xlf:be_users.options_db_mounts') . '</label>

312  ' . $this->t3lib_TCEforms->dbFileIcons('data[db_mountpoints]', 'db', 'pages', $loadDB->itemArray, '', array('size' => 3)) . '

313  </div>

314  <div class="row">

315  <input type="hidden" name="data[key]" value="' . $key . '" />

316  <input type="hidden" name="data[sent]" value="1" />

317  <input type="submit" value="' . ($key === 'NEW' ? $GLOBALS['LANG']->getLL('action_Create') : $GLOBALS['LANG']->getLL('action_Update')) . '" />

318  </div>

319  </fieldset>

320  </form>';

321  $content .= $this->getCreatedUsers($record, $key);

322  return $content;

323  }

324 

332  protected function deleteUser($userId, $actionId) {

333  $GLOBALS['TYPO3_DB']->exec_UPDATEquery('be_users', 'uid=' . $userId, array(

334  'deleted' => 1,

335  'tstamp' => $GLOBALS['ACCESS_TIME']

336  ));

337  // redirect to the original task

338  $redirectUrl = $this->moduleUrl . '&show=' . $actionId;

339  \TYPO3\CMS\Core\Utility\HttpUtility::redirect($redirectUrl);

340  }

341 

349  protected function isCreatedByUser($id, $action) {

350  $record = BackendUtility::getRecord('be_users', $id, '*', ' AND cruser_id=' . $GLOBALS['BE_USER']->user['uid'] . ' AND createdByAction=' . $action['uid']);

351  if (is_array($record)) {

352  return $record;

353  } else {

354  return FALSE;

355  }

356  }

357 

365  protected function getCreatedUsers($action, $selectedUser) {

366  $content = '';

367  $userList = array();

368  // List of users

369  $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('*', 'be_users', 'cruser_id=' . $GLOBALS['BE_USER']->user['uid'] . ' AND createdByAction=' . (int)$action['uid'] . BackendUtility::deleteClause('be_users'), '', 'username');

370  // Render the user records

371  while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {

372  $icon = \TYPO3\CMS\Backend\Utility\IconUtility::getSpriteIconForRecord('be_users', $row, array('title' => 'uid=' . $row['uid']));

373  $line = $icon . $this->action_linkUserName($row['username'], $row['realName'], $action['uid'], $row['uid']);

374  // Selected user

375  if ($row['uid'] == $selectedUser) {

376  $line = '<strong>' . $line . '</strong>';

377  }

378  $userList[] = $line;

379  }

380  $GLOBALS['TYPO3_DB']->sql_free_result($res);

381  // If any records found

382  if (count($userList)) {

383  $content .= '<br />' . $this->taskObject->doc->section($GLOBALS['LANG']->getLL('action_t1_listOfUsers'), implode('<br />', $userList));

384  }

385  return $content;

386  }

387 

397  protected function action_linkUserName($username, $realName, $sysActionUid, $userId) {

398  if (!empty($realName)) {

399  $username .= ' (' . $realName . ')';

400  }

401  // Link to update the user record

402  $href = $this->moduleUrl . '&SET[function]=sys_action.tx_sysaction_task&show=' . (int)$sysActionUid . '&be_users_uid=' . (int)$userId;

403  $link = '<a href="' . htmlspecialchars($href) . '">' . htmlspecialchars($username) . '</a>';

404  // Link to delete the user record

405  $onClick = ' onClick="return confirm(' . GeneralUtility::quoteJSvalue($GLOBALS['LANG']->getLL('lDelete_warning')) . ');"';

406  $link .= '

407  <a href="' . htmlspecialchars(($href . '&delete=1')) . '" ' . $onClick . '>'

408  . \TYPO3\CMS\Backend\Utility\IconUtility::getSpriteIcon('actions-edit-delete') .

409  '</a>';

410  return $link;

411  }

412 

420  protected function saveNewBackendUser($record, $vars) {

421  // Check if the db mount is a page the current user is allowed to.);

422  $vars['db_mountpoints'] = $this->fixDbMount($vars['db_mountpoints']);

423  // Check if the usergroup is allowed

424  $vars['usergroup'] = $this->fixUserGroup($vars['usergroup'], $record);

425  $key = $vars['key'];

426  $vars['password'] = trim($vars['password']);

427  // Check if md5 is used as password encryption

428  if ($vars['password'] !== '' && strpos($GLOBALS['TCA']['be_users']['columns']['password']['config']['eval'], 'md5') !== FALSE) {

429  $vars['password'] = md5($vars['password']);

430  }

431  $data = '';

432  $newUserId = 0;

433  if ($key === 'NEW') {

434  $beRec = BackendUtility::getRecord('be_users', (int)$record['t1_copy_of_user']);

435  if (is_array($beRec)) {

436  $data = array();

437  $data['be_users'][$key] = $beRec;

438  $data['be_users'][$key]['username'] = $this->fixUsername($vars['username'], $record['t1_userprefix']);

439  $data['be_users'][$key]['password'] = $vars['password'];

440  $data['be_users'][$key]['realName'] = $vars['realName'];

441  $data['be_users'][$key]['email'] = $vars['email'];

442  $data['be_users'][$key]['disable'] = (int)$vars['disable'];

443  $data['be_users'][$key]['admin'] = 0;

444  $data['be_users'][$key]['usergroup'] = $vars['usergroup'];

445  $data['be_users'][$key]['db_mountpoints'] = $vars['db_mountpoints'];

446  $data['be_users'][$key]['createdByAction'] = $record['uid'];

447  }

448  } else {

449  // Check ownership

450  $beRec = BackendUtility::getRecord('be_users', (int)$key);

451  if (is_array($beRec) && $beRec['cruser_id'] == $GLOBALS['BE_USER']->user['uid']) {

452  $data = array();

453  $data['be_users'][$key]['username'] = $this->fixUsername($vars['username'], $record['t1_userprefix']);

454  if ($vars['password'] !== '') {

455  $data['be_users'][$key]['password'] = $vars['password'];

456  }

457  $data['be_users'][$key]['realName'] = $vars['realName'];

458  $data['be_users'][$key]['email'] = $vars['email'];

459  $data['be_users'][$key]['disable'] = (int)$vars['disable'];

460  $data['be_users'][$key]['admin'] = 0;

461  $data['be_users'][$key]['usergroup'] = $vars['usergroup'];

462  $data['be_users'][$key]['db_mountpoints'] = $vars['db_mountpoints'];

463  $newUserId = $key;

464  }

465  }

466  // Save/update user by using TCEmain

467  if (is_array($data)) {

468  $tce = GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\DataHandling\\DataHandler');

469  $tce->stripslashes_values = 0;

470  $tce->start($data, array(), $GLOBALS['BE_USER']);

471  $tce->admin = 1;

472  $tce->process_datamap();

473  $newUserId = (int)$tce->substNEWwithIDs['NEW'];

474  if ($newUserId) {

475  // Create

476  $this->action_createDir($newUserId);

477  } else {

478  // Update

479  $newUserId = (int)$key;

480  }

481  unset($tce);

482  }

483  return $newUserId;

484  }

485 

493  protected function fixUsername($username, $prefix) {

494  return trim($prefix) . trim($username);

495  }

496 

504  protected function fixUserGroup($appliedUsergroups, $actionRecord) {

505  if (is_array($appliedUsergroups)) {

506  $cleanGroupList = array();

507  // Create an array from the allowed usergroups using the uid as key

508  $allowedUsergroups = array_flip(explode(',', $actionRecord['t1_allowed_groups']));

509  // Walk through the array and check every uid if it is under the allowed ines

510  foreach ($appliedUsergroups as $group) {

511  if (isset($allowedUsergroups[$group])) {

512  $cleanGroupList[] = $group;

513  }

514  }

515  $appliedUsergroups = $cleanGroupList;

516  }

517  return $appliedUsergroups;

518  }

519 

526  protected function fixDbMount($appliedDbMounts) {

527  // Admins can see any page, no need to check there

528  if (!empty($appliedDbMounts) && !$GLOBALS['BE_USER']->isAdmin()) {

529  $cleanDbMountList = array();

530  $dbMounts = GeneralUtility::trimExplode(',', $appliedDbMounts, TRUE);

531  // Walk through every wanted DB-Mount and check if it allowed for the current user

532  foreach ($dbMounts as $dbMount) {

533  $uid = (int)substr($dbMount, strrpos($dbMount, '_') + 1);

534  $page = BackendUtility::getRecord('pages', $uid);

535  // Check rootline and access rights

536  if ($this->checkRootline($uid) && $GLOBALS['BE_USER']->calcPerms($page)) {

537  $cleanDbMountList[] = 'pages_' . $uid;

538  }

539  }

540  // Build the clean list

541  $appliedDbMounts = implode(',', $cleanDbMountList);

542  }

543  return $appliedDbMounts;

544  }

545 

552  protected function checkRootline($pageId) {

553  $access = FALSE;

554  $dbMounts = array_flip(explode(',', trim($GLOBALS['BE_USER']->dataLists['webmount_list'], ',')));

555  $rootline = BackendUtility::BEgetRootLine($pageId);

556  foreach ($rootline as $page) {

557  if (isset($dbMounts[$page['uid']]) && !$access) {

558  $access = TRUE;

559  }

560  }

561  return $access;

562  }

563 

569  protected function JScode() {

570  $this->t3lib_TCEforms = GeneralUtility::makeInstance('TYPO3\\CMS\\Backend\\Form\\FormEngine');

571  $this->t3lib_TCEforms->backPath = $GLOBALS['BACK_PATH'];

572  $js = $this->t3lib_TCEforms->dbFileCon();

573  $this->taskObject->doc->JScodeArray[] = $js;

574  return $js;

575  }

576 

583  protected function action_createDir($uid) {

584  $path = $this->action_getUserMainDir();

585  if ($path) {

586  GeneralUtility::mkdir($path . $uid);

587  GeneralUtility::mkdir($path . $uid . '/_temp_/');

588  }

589  }

590 

596  protected function action_getUserMainDir() {

597  $path = $GLOBALS['TYPO3_CONF_VARS']['BE']['userHomePath'];

598  // If path is set and a valid directory

599  if ($path && @is_dir($path) && $GLOBALS['TYPO3_CONF_VARS']['BE']['lockRootPath'] && GeneralUtility::isFirstPartOfStr($path, $GLOBALS['TYPO3_CONF_VARS']['BE']['lockRootPath']) && substr($path, -1) == '/') {

600  return $path;

601  }

602  }

603 

611  protected function getUsergroups($record, $vars) {

612  $content = '';

613  // Do nothing if no groups are allowed

614  if (empty($record['t1_allowed_groups'])) {

615  return $content;

616  }

617  $content .= '<option value=""></option>';

618  $grList = GeneralUtility::trimExplode(',', $record['t1_allowed_groups'], TRUE);

619  foreach ($grList as $group) {

620  $checkGroup = BackendUtility::getRecord('be_groups', $group);

621  if (is_array($checkGroup)) {

622  $selected = GeneralUtility::inList($vars['usergroup'], $checkGroup['uid']) ? ' selected="selected" ' : '';

623  $content .= '<option ' . $selected . 'value="' . $checkGroup['uid'] . '">' . htmlspecialchars($checkGroup['title']) . '</option>';

624  }

625  }

626  return $content;

627  }

628 

635  protected function viewNewRecord($record) {

636  $returnUrl = rawurlencode($this->moduleUrl);

637  $link = GeneralUtility::getIndpEnv('TYPO3_REQUEST_DIR') . $GLOBALS['BACK_PATH'] . 'alt_doc.php?returnUrl=' . $returnUrl . '&edit[' . $record['t3_tables'] . '][' . (int)$record['t3_listPid'] . ']=new';

638  \TYPO3\CMS\Core\Utility\HttpUtility::redirect($link);

639  }

640 

647  protected function viewEditRecord($record) {

648  $content = '';

649  $actionList = array();

650  $dbAnalysis = GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Database\\RelationHandler');

651  $dbAnalysis->setFetchAllFields(TRUE);

652  $dbAnalysis->start($record['t4_recordsToEdit'], '*');

653  $dbAnalysis->getFromDB();

654  // collect the records

655  foreach ($dbAnalysis->itemArray as $el) {

656  $path = BackendUtility::getRecordPath($el['id'], $this->taskObject->perms_clause, $GLOBALS['BE_USER']->uc['titleLen']);

657  $record = BackendUtility::getRecord($el['table'], $dbAnalysis->results[$el['table']][$el['id']]);

658  $title = BackendUtility::getRecordTitle($el['table'], $dbAnalysis->results[$el['table']][$el['id']]);

659  $description = $GLOBALS['LANG']->sL($GLOBALS['TCA'][$el['table']]['ctrl']['title'], TRUE);

660  // @todo: which information could be needful

661  if (isset($record['crdate'])) {

662  $description .= ' - ' . BackendUtility::dateTimeAge($record['crdate']);

663  }

664  $actionList[$el['id']] = array(

665  'title' => $title,

666  'description' => BackendUtility::getRecordTitle($el['table'], $dbAnalysis->results[$el['table']][$el['id']]),

667  'descriptionHtml' => $description,

668  'link' => $GLOBALS['BACK_PATH'] . 'alt_doc.php?returnUrl=' . rawurlencode(GeneralUtility::getIndpEnv('REQUEST_URI')) . '&edit[' . $el['table'] . '][' . $el['id'] . ']=edit',

669  'icon' => \TYPO3\CMS\Backend\Utility\IconUtility::getSpriteIconForRecord($el['table'], $dbAnalysis->results[$el['table']][$el['id']], array('title' => htmlspecialchars($path)))

670  );

671  }

672  // Render the record list

673  $content .= $this->taskObject->renderListMenu($actionList);

674  return $content;

675  }

676 

683  protected function viewSqlQuery($record) {

684  $content = '';

685  if (\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::isLoaded('lowlevel')) {

686  $sql_query = unserialize($record['t2_data']);

687  if (!is_array($sql_query) || is_array($sql_query) && strtoupper(substr(trim($sql_query['qSelect']), 0, 6)) === 'SELECT') {

688  $actionContent = '';

689  $fullsearch = GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Database\\QueryView');

690  $fullsearch->formW = 40;

691  $fullsearch->noDownloadB = 1;

692  $type = $sql_query['qC']['search_query_makeQuery'];

693  if ($sql_query['qC']['labels_noprefix'] === 'on') {

694  $GLOBALS['SOBE']->MOD_SETTINGS['labels_noprefix'] = 'on';

695  }

696  $sqlQuery = $sql_query['qSelect'];

697  $queryIsEmpty = FALSE;

698  if ($sqlQuery) {

699  $res = $GLOBALS['TYPO3_DB']->sql_query($sqlQuery);

700  if (!$GLOBALS['TYPO3_DB']->sql_error()) {

701  $fullsearch->formW = 48;

702  // Additional configuration

703  $GLOBALS['SOBE']->MOD_SETTINGS['search_result_labels'] = 1;

704  $cP = $fullsearch->getQueryResultCode($type, $res, $sql_query['qC']['queryTable']);

705  $actionContent = $cP['content'];

706  // If the result is rendered as csv or xml, show a download link

707  if ($type === 'csv' || $type === 'xml') {

708  $actionContent .= '<br /><br /><a href="' . GeneralUtility::getIndpEnv('REQUEST_URI') . '&download_file=1"><strong>' . $GLOBALS['LANG']->getLL('action_download_file') . '</strong></a>';

709  }

710  } else {

711  $actionContent .= $GLOBALS['TYPO3_DB']->sql_error();

712  }

713  } else {

714  // Query is empty (not built)

715  $queryIsEmpty = TRUE;

716  $flashMessage = GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Messaging\\FlashMessage', $GLOBALS['LANG']->getLL('action_emptyQuery', TRUE), $GLOBALS['LANG']->getLL('action_error'), \TYPO3\CMS\Core\Messaging\FlashMessage::ERROR);

717  $content .= '<br />' . $flashMessage->render();

718  }

719  // Admin users are allowed to see and edit the query

720  if ($GLOBALS['BE_USER']->isAdmin()) {

721  if (!$queryIsEmpty) {

722  $actionContent .= '<hr /> ' . $fullsearch->tableWrap($sql_query['qSelect']);

723  }

724  $actionContent .= '<br /><a title="' . $GLOBALS['LANG']->getLL('action_editQuery') . '" href="'

725  . htmlspecialchars(BackendUtility::getModuleUrl('system_dbint')

726  . '&id=' . '&SET[function]=search' . '&SET[search]=query'

727  . '&storeControl[STORE]=-' . $record['uid'] . '&storeControl[LOAD]=1')

728  . '">

729  <img class="icon"' . \TYPO3\CMS\Backend\Utility\IconUtility::skinImg($GLOBALS['BACK_PATH'],

730  'gfx/edit2.gif') . ' alt="" />' . $GLOBALS['LANG']->getLL(($queryIsEmpty ? 'action_createQuery'

731  : 'action_editQuery')) . '</a><br /><br />';

732  }

733  $content .= $this->taskObject->doc->section($GLOBALS['LANG']->getLL('action_t2_result'), $actionContent, 0, 1);

734  } else {

735  // Query is not configured

736  $flashMessage = GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Messaging\\FlashMessage', $GLOBALS['LANG']->getLL('action_notReady', TRUE), $GLOBALS['LANG']->getLL('action_error'), \TYPO3\CMS\Core\Messaging\FlashMessage::ERROR);

737  $content .= '<br />' . $flashMessage->render();

738  }

739  } else {

740  // Required sysext lowlevel is not installed

741  $flashMessage = GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Messaging\\FlashMessage', $GLOBALS['LANG']->getLL('action_lowlevelMissing', TRUE), $GLOBALS['LANG']->getLL('action_error'), \TYPO3\CMS\Core\Messaging\FlashMessage::ERROR);

742  $content .= '<br />' . $flashMessage->render();

743  }

744  return $content;

745  }

746 

753  protected function viewRecordList($record) {

754  $content = '';

755  $this->id = (int)$record['t3_listPid'];

756  $this->table = $record['t3_tables'];

757  if ($this->id == 0 || $this->table == '') {

758  $flashMessage = GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Messaging\\FlashMessage', $GLOBALS['LANG']->getLL('action_notReady', TRUE), $GLOBALS['LANG']->getLL('action_error'), \TYPO3\CMS\Core\Messaging\FlashMessage::ERROR);

759  $content .= '<br />' . $flashMessage->render();

760  return $content;

761  }

762  // Loading current page record and checking access:

763  $this->pageinfo = BackendUtility::readPageAccess($this->id, $this->taskObject->perms_clause);

764  $access = is_array($this->pageinfo) ? 1 : 0;

765  // If there is access to the page, then render the list contents and set up the document template object:

766  if ($access) {

767  // Initialize the dblist object:

768  $dblist = GeneralUtility::makeInstance('TYPO3\\CMS\\SysAction\\ActionList');

769  $dblist->script = GeneralUtility::getIndpEnv('REQUEST_URI');

770  $dblist->backPath = $GLOBALS['BACK_PATH'];

771  $dblist->calcPerms = $GLOBALS['BE_USER']->calcPerms($this->pageinfo);

772  $dblist->thumbs = $GLOBALS['BE_USER']->uc['thumbnailsByDefault'];

773  $dblist->returnUrl = $this->taskObject->returnUrl;

774  $dblist->allFields = 1;

775  $dblist->localizationView = 1;

776  $dblist->showClipboard = 0;

777  $dblist->disableSingleTableView = 1;

778  $dblist->pageRow = $this->pageinfo;

779  $dblist->counter++;

780  $dblist->MOD_MENU = array('bigControlPanel' => '', 'clipBoard' => '', 'localization' => '');

781  $dblist->modTSconfig = $this->taskObject->modTSconfig;

782  $dblist->dontShowClipControlPanels = (!$this->taskObject->MOD_SETTINGS['bigControlPanel'] && $dblist->clipObj->current == 'normal' && !$this->modTSconfig['properties']['showClipControlPanelsDespiteOfCMlayers']);

783  // Initialize the listing object, dblist, for rendering the list:

784  $this->pointer = \TYPO3\CMS\Core\Utility\MathUtility::forceIntegerInRange(GeneralUtility::_GP('pointer'), 0, 100000);

785  $dblist->start($this->id, $this->table, $this->pointer, $this->taskObject->search_field, $this->taskObject->search_levels, $this->taskObject->showLimit);

786  $dblist->setDispFields();

787  // Render the list of tables:

788  $dblist->generateList();

789  // Add JavaScript functions to the page:

790  $this->taskObject->doc->JScode = $this->taskObject->doc->wrapScriptTags('

791 

792  function jumpExt(URL,anchor) {

793  var anc = anchor?anchor:"";

794  window.location.href = URL+(T3_THIS_LOCATION?"&returnUrl="+T3_THIS_LOCATION:"")+anc;

795  return false;

796  }

797  function jumpSelf(URL) {

798  window.location.href = URL+(T3_RETURN_URL?"&returnUrl="+T3_RETURN_URL:"");

799  return false;

800  }

801 

802  function setHighlight(id) {

803  top.fsMod.recentIds["web"]=id;

804  top.fsMod.navFrameHighlightedID["web"]="pages"+id+"_"+top.fsMod.currentBank; // For highlighting

805 

806  if (top.content && top.content.nav_frame && top.content.nav_frame.refresh_nav) {

807  top.content.nav_frame.refresh_nav();

808  }

809  }

810 

811  ' . $dblist->CBfunctions() . '

812  function editRecords(table,idList,addParams,CBflag) {

813  window.location.href="' . $GLOBALS['BACK_PATH'] . 'alt_doc.php?returnUrl=' . rawurlencode(GeneralUtility::getIndpEnv('REQUEST_URI')) . '&edit["+table+"]["+idList+"]=edit"+addParams;

814  }

815  function editList(table,idList) {

816  var list="";

817 

818  // Checking how many is checked, how many is not

819  var pointer=0;

820  var pos = idList.indexOf(",");

821  while (pos!=-1) {

822  if (cbValue(table+"|"+idList.substr(pointer,pos-pointer))) {

823  list+=idList.substr(pointer,pos-pointer)+",";

824  }

825  pointer=pos+1;

826  pos = idList.indexOf(",",pointer);

827  }

828  if (cbValue(table+"|"+idList.substr(pointer))) {

829  list+=idList.substr(pointer)+",";

830  }

831 

832  return list ? list : idList;

833  }

834  T3_THIS_LOCATION = "' . rawurlencode(GeneralUtility::getIndpEnv('REQUEST_URI')) . '";

835 

836  if (top.fsMod) top.fsMod.recentIds["web"] = ' . (int)$this->id . ';

837  ');

838  // Setting up the context sensitive menu:

839  $this->taskObject->doc->getContextMenuCode();

840  // Begin to compile the whole page

841  $content .= '<form action="' . htmlspecialchars($dblist->listURL()) . '" method="post" name="dblistForm">' . $dblist->HTMLcode . '<input type="hidden" name="cmd_table" /><input type="hidden" name="cmd" />

842  </form>';

843  // If a listing was produced, create the page footer with search form etc:

844  if ($dblist->HTMLcode) {

845  // Making field select box (when extended view for a single table is enabled):

846  if ($dblist->table) {

847  $tmpBackpath = $GLOBALS['BACK_PATH'];

848  $GLOBALS['BACK_PATH'] = '';

849  $content .= $dblist->fieldSelectBox($dblist->table);

850  $GLOBALS['BACK_PATH'] = $tmpBackpath;

851  }

852  }

853  } else {

854  // Not enough rights to access the list view or the page

855  $flashMessage = GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Messaging\\FlashMessage', $GLOBALS['LANG']->getLL('action_error-access', TRUE), $GLOBALS['LANG']->getLL('action_error'), \TYPO3\CMS\Core\Messaging\FlashMessage::ERROR);

856  $content .= $flashMessage->render();

857  }

858  return $content;

859  }

860 

861 }