TYPO3 CMS  TYPO3_7-6
PermissionAjaxController.php
Go to the documentation of this file.
1 <?php
2 namespace TYPO3\CMS\Beuser\Controller;
3 
4 /*
5  * This file is part of the TYPO3 CMS project.
6  *
7  * It is free software; you can redistribute it and/or modify it under
8  * the terms of the GNU General Public License, either version 2
9  * of the License, or any later version.
10  *
11  * For the full copyright and license information, please read the
12  * LICENSE.txt file that was distributed with this source code.
13  *
14  * The TYPO3 project - inspiring people to share!
15  */
16 
17 use Psr\Http\Message\ResponseInterface;
18 use Psr\Http\Message\ServerRequestInterface;
19 use TYPO3\CMS\Backend\Utility\BackendUtility;
20 use TYPO3\CMS\Core\DataHandling\DataHandler;
21 use TYPO3\CMS\Core\Imaging\Icon;
22 use TYPO3\CMS\Core\Imaging\IconFactory;
23 use TYPO3\CMS\Core\Utility\ExtensionManagementUtility;
24 use TYPO3\CMS\Core\Utility\GeneralUtility;
25 use TYPO3\CMS\Fluid\View\StandaloneView;
26 
32 class PermissionAjaxController
33 {
39  protected $conf = [];
40 
44  protected $iconFactory;
45 
49  public function __construct()
50  {
51  $this->iconFactory = GeneralUtility::makeInstance(IconFactory::class);
52  $this->getLanguageService()->includeLLFile('EXT:lang/locallang_mod_web_perm.xlf');
53  // Configuration, variable assignment
54  $this->conf['page'] = GeneralUtility::_POST('page');
55  $this->conf['who'] = GeneralUtility::_POST('who');
56  $this->conf['mode'] = GeneralUtility::_POST('mode');
57  $this->conf['bits'] = (int)GeneralUtility::_POST('bits');
58  $this->conf['permissions'] = (int)GeneralUtility::_POST('permissions');
59  $this->conf['action'] = GeneralUtility::_POST('action');
60  $this->conf['ownerUid'] = (int)GeneralUtility::_POST('ownerUid');
61  $this->conf['username'] = GeneralUtility::_POST('username');
62  $this->conf['groupUid'] = (int)GeneralUtility::_POST('groupUid');
63  $this->conf['groupname'] = GeneralUtility::_POST('groupname');
64  $this->conf['editLockState'] = (int)GeneralUtility::_POST('editLockState');
65  $this->conf['new_owner_uid'] = (int)GeneralUtility::_POST('newOwnerUid');
66  $this->conf['new_group_uid'] = (int)GeneralUtility::_POST('newGroupUid');
67  }
68 
76  public function dispatch(ServerRequestInterface $request, ResponseInterface $response)
77  {
78  $extPath = ExtensionManagementUtility::extPath('beuser');
79 
80  $view = GeneralUtility::makeInstance(StandaloneView::class);
81  $view->setPartialRootPaths(['default' => ExtensionManagementUtility::extPath('beuser') . 'Resources/Private/Partials']);
82  $view->assign('pageId', $this->conf['page']);
83 
84  $response = $response->withHeader('Content-Type', 'text/html; charset=utf-8');
85 
86  // Basic test for required value
87  if ($this->conf['page'] <= 0) {
88  $response->getBody()->write('This script cannot be called directly');
89  $response = $response->withStatus(500);
90  return $response;
91  }
92 
93  $content = '';
94  // Init TCE for execution of update
96  $tce = GeneralUtility::makeInstance(DataHandler::class);
97  $tce->stripslashes_values = false;// Determine the scripts to execute
98  switch ($this->conf['action']) {
99  case 'show_change_owner_selector':
100  $content = $this->renderUserSelector($this->conf['page'], $this->conf['ownerUid'], $this->conf['username']);
101  break;
102  case 'change_owner':
103  $userId = $this->conf['new_owner_uid'];
104  if (is_int($userId)) {
105  // Prepare data to change
106  $data = [];
107  $data['pages'][$this->conf['page']]['perms_userid'] = $userId;
108  // Execute TCE Update
109  $tce->start($data, []);
110  $tce->process_datamap();
111 
112  $view->setTemplatePathAndFilename($extPath . 'Resources/Private/Templates/PermissionAjax/ChangeOwner.html');
113  $view->assign('userId', $userId);
114  $usernameArray = BackendUtility::getUserNames('username', ' AND uid = ' . $userId);
115  $view->assign('username', $usernameArray[$userId]['username']);
116  $content = $view->render();
117  } else {
118  $response->getBody()->write('An error occurred: No page owner uid specified');
119  $response = $response->withStatus(500);
120  }
121  break;
122  case 'show_change_group_selector':
123  $content = $this->renderGroupSelector($this->conf['page'], $this->conf['groupUid'], $this->conf['groupname']);
124  break;
125  case 'change_group':
126  $groupId = $this->conf['new_group_uid'];
127  if (is_int($groupId)) {
128  // Prepare data to change
129  $data = [];
130  $data['pages'][$this->conf['page']]['perms_groupid'] = $groupId;
131  // Execute TCE Update
132  $tce->start($data, []);
133  $tce->process_datamap();
134 
135  $view->setTemplatePathAndFilename($extPath . 'Resources/Private/Templates/PermissionAjax/ChangeGroup.html');
136  $view->assign('groupId', $groupId);
137  $groupnameArray = BackendUtility::getGroupNames('title', ' AND uid = ' . $groupId);
138  $view->assign('groupname', $groupnameArray[$groupId]['title']);
139  $content = $view->render();
140  } else {
141  $response->getBody()->write('An error occurred: No page group uid specified');
142  $response = $response->withStatus(500);
143  }
144  break;
145  case 'toggle_edit_lock':
146  // Prepare data to change
147  $data = [];
148  $data['pages'][$this->conf['page']]['editlock'] = $this->conf['editLockState'] === 1 ? 0 : 1;
149  // Execute TCE Update
150  $tce->start($data, []);
151  $tce->process_datamap();
152  $content = $this->renderToggleEditLock($this->conf['page'], $data['pages'][$this->conf['page']]['editlock']);
153  break;
154  default:
155  if ($this->conf['mode'] === 'delete') {
156  $this->conf['permissions'] = (int)($this->conf['permissions'] - $this->conf['bits']);
157  } else {
158  $this->conf['permissions'] = (int)($this->conf['permissions'] + $this->conf['bits']);
159  }
160  // Prepare data to change
161  $data = [];
162  $data['pages'][$this->conf['page']]['perms_' . $this->conf['who']] = $this->conf['permissions'];
163  // Execute TCE Update
164  $tce->start($data, []);
165  $tce->process_datamap();
166 
167  $view->setTemplatePathAndFilename($extPath . 'Resources/Private/Templates/PermissionAjax/ChangePermission.html');
168  $view->assign('permission', $this->conf['permissions']);
169  $view->assign('scope', $this->conf['who']);
170  $content = $view->render();
171  }
172  $response->getBody()->write($content);
173  return $response;
174  }
175 
184  protected function renderUserSelector($page, $ownerUid, $username = '')
185  {
186  $page = (int)$page;
187  $ownerUid = (int)$ownerUid;
188  // Get usernames
189  $beUsers = BackendUtility::getUserNames();
190  // Owner selector:
191  $options = '';
192  // Loop through the users
193  foreach ($beUsers as $uid => $row) {
194  $uid = (int)$uid;
195  $selected = $uid === $ownerUid ? ' selected="selected"' : '';
196  $options .= '<option value="' . $uid . '"' . $selected . '>' . htmlspecialchars($row['username']) . '</option>';
197  }
198  $elementId = 'o_' . $page;
199  $options = '<option value="0"></option>' . $options;
200  $selector = '<select name="new_page_owner" id="new_page_owner">' . $options . '</select>';
201  $saveButton = '<a class="saveowner btn btn-default" data-page="' . $page . '" data-owner="' . $ownerUid
202  . '" data-element-id="' . $elementId . '" title="Change owner">'
203  . $this->iconFactory->getIcon('actions-document-save', Icon::SIZE_SMALL)->render()
204  . '</a>';
205  $cancelButton = '<a class="restoreowner btn btn-default" data-page="' . $page . '" data-owner="' . $ownerUid
206  . '" data-element-id="' . $elementId . '"'
207  . (!empty($username) ? ' data-username="' . htmlspecialchars($username) . '"' : '')
208  . ' title="Cancel">'
209  . $this->iconFactory->getIcon('actions-document-close', Icon::SIZE_SMALL)->render()
210  . '</a>';
211  return '<span id="' . $elementId . '">'
212  . $selector
213  . '<span class="btn-group">'
214  . $saveButton
215  . $cancelButton
216  . '</span>'
217  . '</span>';
218  }
219 
228  protected function renderGroupSelector($page, $groupUid, $groupname = '')
229  {
230  $page = (int)$page;
231  $groupUid = (int)$groupUid;
232 
233  // Get usernames
234  $beGroupsO = $beGroups = BackendUtility::getGroupNames();
235  // Group selector:
236  $options = '';
237  // flag: is set if the page-groupid equals one from the group-list
238  $userset = 0;
239  // Loop through the groups
240  foreach ($beGroups as $uid => $row) {
241  $uid = (int)$uid;
242  if ($uid === $groupUid) {
243  $userset = 1;
244  $selected = ' selected="selected"';
245  } else {
246  $selected = '';
247  }
248  $options .= '<option value="' . $uid . '"' . $selected . '>' . htmlspecialchars($row['title']) . '</option>';
249  }
250  // If the group was not set AND there is a group for the page
251  if (!$userset && $groupUid) {
252  $options = '<option value="' . $groupUid . '" selected="selected">' .
253  htmlspecialchars($beGroupsO[$groupUid]['title']) . '</option>' . $options;
254  }
255  $elementId = 'g_' . $page;
256  $options = '<option value="0"></option>' . $options;
257  $selector = '<select name="new_page_group" id="new_page_group">' . $options . '</select>';
258  $saveButton = '<a class="savegroup btn btn-default" data-page="' . $page . '" data-group-id="' . $groupUid
259  . '" data-element-id="' . $elementId . '" title="Change group">'
260  . $this->iconFactory->getIcon('actions-document-save', Icon::SIZE_SMALL)->render()
261  . '</a>';
262  $cancelButton = '<a class="restoregroup btn btn-default" data-page="' . $page . '" data-group-id="' . $groupUid
263  . '" data-element-id="' . $elementId . '"'
264  . (!empty($groupname) ? ' data-groupname="' . htmlspecialchars($groupname) . '"' : '')
265  . ' title="Cancel">'
266  . $this->iconFactory->getIcon('actions-document-close', Icon::SIZE_SMALL)->render()
267  . '</a>';
268  return '<span id="' . $elementId . '">'
269  . $selector
270  . '<span class="btn-group">'
271  . $saveButton
272  . $cancelButton
273  . '</span>'
274  . '</span>';
275  }
276 
287  public static function renderOwnername($page, $ownerUid, $username, $validUser = true)
288  {
289  GeneralUtility::logDeprecatedFunction();
290  $elementId = 'o_' . $page;
291  return '<span id="' . $elementId . '"><a class="ug_selector changeowner" data-page="' . $page . '" data-owner="' . $ownerUid . '" data-username="' . htmlspecialchars($username) . '">' . ($validUser ? ($username == '' ? '<span class=not_set>[' . $GLOBALS['LANG']->getLL('notSet') . ']</span>' : htmlspecialchars(GeneralUtility::fixed_lgd_cs($username, 20))) : '<span class=not_set title="' . htmlspecialchars(GeneralUtility::fixed_lgd_cs($username, 20)) . '">[' . $GLOBALS['LANG']->getLL('deleted') . ']</span>') . '</a></span>';
292  }
293 
304  public static function renderGroupname($page, $groupUid, $groupname, $validGroup = true)
305  {
306  GeneralUtility::logDeprecatedFunction();
307  $elementId = 'g_' . $page;
308  return '<span id="' . $elementId . '"><a class="ug_selector changegroup" data-page="' . $page . '" data-group="' . $groupUid . '" data-groupname="' . htmlspecialchars($groupname) . '">' . ($validGroup ? ($groupname == '' ? '<span class=not_set>[' . $GLOBALS['LANG']->getLL('notSet') . ']</span>' : htmlspecialchars(GeneralUtility::fixed_lgd_cs($groupname, 20))) : '<span class=not_set title="' . htmlspecialchars(GeneralUtility::fixed_lgd_cs($groupname, 20)) . '">[' . $GLOBALS['LANG']->getLL('deleted') . ']</span>') . '</a></span>';
309  }
310 
318  protected function renderToggleEditLock($page, $editLockState)
319  {
320  $page = (int)$page;
321  if ($editLockState === 1) {
322  $ret = '<span id="el_' . $page . '"><a class="editlock btn btn-default" data-page="' . $page
323  . '" data-lockstate="1" title="The page and all content is locked for editing by all non-Admin users.">'
324  . $this->iconFactory->getIcon('actions-lock', Icon::SIZE_SMALL)->render() . '</a></span>';
325  } else {
326  $ret = '<span id="el_' . $page . '"><a class="editlock btn btn-default" data-page="' . $page .
327  '" data-lockstate="0" title="Enable the &raquo;Admin-only&laquo; edit lock for this page">'
328  . $this->iconFactory->getIcon('actions-unlock', Icon::SIZE_SMALL)->render() . '</a></span>';
329  }
330  return $ret;
331  }
332 
342  public static function renderPermissions($int, $pageId = 0, $who = 'user')
343  {
344  GeneralUtility::logDeprecatedFunction();
345  $str = '';
346  $permissions = [1, 16, 2, 4, 8];
348  $iconFactory = GeneralUtility::makeInstance(IconFactory::class);
349  foreach ($permissions as $permission) {
350  if ($int & $permission) {
351  $str .= '<span title="' . $GLOBALS['LANG']->getLL($permission, true)
352  . ' class="change-permission text-success"'
353  . ' data-page="' . (int)$pageId . '"'
354  . ' data-permissions="' . (int)$int . '"'
355  . ' data-mode="delete"'
356  . ' data-who="' . htmlspecialchars($who) . '"'
357  . ' data-bits="' . $permission . '"'
358  . ' style="cursor:pointer">'
359  . $iconFactory->getIcon('status-status-permission-granted', Icon::SIZE_SMALL)->render()
360  . '</span>';
361  } else {
362  $str .= '<span title="' . $GLOBALS['LANG']->getLL($permission, true) . '"'
363  . ' class="change-permission text-danger"'
364  . ' data-page="' . (int)$pageId . '"'
365  . ' data-permissions="' . (int)$int . '"'
366  . ' data-mode="add"'
367  . ' data-who="' . htmlspecialchars($who) . '"'
368  . ' data-bits="' . $permission . '"'
369  . ' style="cursor:pointer">'
370  . $iconFactory->getIcon('status-status-permission-denied', Icon::SIZE_SMALL)->render()
371  . '</span>';
372  }
373  }
374  return '<span id="' . $pageId . '_' . $who . '">' . $str . '</span>';
375  }
376 
380  protected function getLanguageService()
381  {
382  return $GLOBALS['LANG'];
383  }
384 
388  protected function getBackendUser()
389  {
390  return $GLOBALS['BE_USER'];
391  }
392 }
TYPO3\CMS\Beuser\Controller\PermissionAjaxController\renderOwnername
static renderOwnername($page, $ownerUid, $username, $validUser=true)
Definition: PermissionAjaxController.php:287
TYPO3\CMS\Backend\Utility\BackendUtility\getGroupNames
static getGroupNames($fields='title, uid', $where='')
Definition: BackendUtility.php:1417
TYPO3\CMS\Beuser\Controller\PermissionAjaxController\renderGroupname
static renderGroupname($page, $groupUid, $groupname, $validGroup=true)
Definition: PermissionAjaxController.php:304
TYPO3\CMS\Backend\Utility\BackendUtility\getUserNames
static getUserNames($fields='username, usergroup, usergroup_cached_list, uid', $where='')
Definition: BackendUtility.php:1400
TYPO3\CMS\Core\Utility\GeneralUtility\fixed_lgd_cs
static fixed_lgd_cs($string, $chars, $appendString='...')
Definition: GeneralUtility.php:331
$uid
$uid
Definition: server.php:38
$GLOBALS
if(TYPO3_MODE==='BE') $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_tsfebeuserauth.php']['frontendEditingController']['default']
Definition: ext_localconf.php:31