TYPO3 CMS  TYPO3_6-2
Public Member Functions | Protected Member Functions | List of all members
TYPO3\CMS\Core\Resource\Security\FileMetadataPermissionsAspect Class Reference
Inheritance diagram for TYPO3\CMS\Core\Resource\Security\FileMetadataPermissionsAspect:
TYPO3\CMS\Core\DataHandling\DataHandlerCheckModifyAccessListHookInterface TYPO3\CMS\Core\SingletonInterface

Public Member Functions

 checkRecordUpdateAccess ($table, $id, $fileMetadataRecord, $otherHookGrantedAccess, DataHandler $dataHandler)
 
 checkModifyAccessList (&$accessAllowed, $table, DataHandler $parent)
 
 isAllowedToShowEditForm (array $parameters)
 
- Public Member Functions inherited from TYPO3\CMS\Core\DataHandling\DataHandlerCheckModifyAccessListHookInterface
 checkModifyAccessList (&$accessAllowed, $table, \TYPO3\CMS\Core\DataHandling\DataHandler $parent)
 

Protected Member Functions

 checkFileWriteAccessForFileMetaData ($fileMetadataRecord)
 

Detailed Description

We do not have AOP in TYPO3 for now, thus the aspect which deals with file metadata data security is a assembly of hooks to check permissions on files belonging to file meta data records

Definition at line 29 of file FileMetadataPermissionsAspect.php.

Member Function Documentation

◆ checkFileWriteAccessForFileMetaData()

TYPO3\CMS\Core\Resource\Security\FileMetadataPermissionsAspect::checkFileWriteAccessForFileMetaData (   $fileMetadataRecord)
protected

Checks write access to the file belonging to a metadata entry

Parameters
array$fileMetadataRecord
Returns
bool

Definition at line 155 of file FileMetadataPermissionsAspect.php.

References TYPO3\CMS\Core\Resource\ResourceFactory\getInstance().

Referenced by TYPO3\CMS\Core\Resource\Security\FileMetadataPermissionsAspect\checkModifyAccessList(), TYPO3\CMS\Core\Resource\Security\FileMetadataPermissionsAspect\checkRecordUpdateAccess(), and TYPO3\CMS\Core\Resource\Security\FileMetadataPermissionsAspect\isAllowedToShowEditForm().

◆ checkModifyAccessList()

TYPO3\CMS\Core\Resource\Security\FileMetadataPermissionsAspect::checkModifyAccessList ( $accessAllowed,
  $table,
DataHandler  $parent 
)

Hook that determines whether a user has access to modify a table. We "abuse" it here to actually check if access is allowed to sys_file_metadata.

Parameters
int&$accessAllowedWhether the user has access to modify a table
string$tableThe name of the table to be modified
DataHandler$parentThe calling parent object
Exceptions

Definition at line 65 of file FileMetadataPermissionsAspect.php.

References TYPO3\CMS\Core\Utility\MathUtility\canBeInterpretedAsInteger(), and TYPO3\CMS\Core\Resource\Security\FileMetadataPermissionsAspect\checkFileWriteAccessForFileMetaData().

◆ checkRecordUpdateAccess()

TYPO3\CMS\Core\Resource\Security\FileMetadataPermissionsAspect::checkRecordUpdateAccess (   $table,
  $id,
  $fileMetadataRecord,
  $otherHookGrantedAccess,
DataHandler  $dataHandler 
)

This hook is called before any write operation by DataHandler

Parameters
string$table
int$id
array$fileMetadataRecord
int | NULL$otherHookGrantedAccess
\TYPO3\CMS\Core\DataHandling\DataHandler$dataHandler
Returns
int|null

Definition at line 41 of file FileMetadataPermissionsAspect.php.

References TYPO3\CMS\Core\Resource\Security\FileMetadataPermissionsAspect\checkFileWriteAccessForFileMetaData().

◆ isAllowedToShowEditForm()

TYPO3\CMS\Core\Resource\Security\FileMetadataPermissionsAspect::isAllowedToShowEditForm ( array  $parameters)

Deny access to the edit form. This is not mandatory, but better to show this right away that access is denied.

Parameters
array$parameters
Returns
bool

Definition at line 136 of file FileMetadataPermissionsAspect.php.

References $uid, and TYPO3\CMS\Core\Resource\Security\FileMetadataPermissionsAspect\checkFileWriteAccessForFileMetaData().