TYPO3 CMS  TYPO3_7-6
Public Member Functions | Protected Member Functions | List of all members
TYPO3\CMS\Core\Resource\Security\FileMetadataPermissionsAspect Class Reference
Inheritance diagram for TYPO3\CMS\Core\Resource\Security\FileMetadataPermissionsAspect:
TYPO3\CMS\Core\DataHandling\DataHandlerCheckModifyAccessListHookInterface TYPO3\CMS\Core\SingletonInterface

Public Member Functions

 checkRecordUpdateAccess ($table, $id, $fileMetadataRecord, $otherHookGrantedAccess, DataHandler $dataHandler)
 
 checkModifyAccessList (&$accessAllowed, $table, DataHandler $parent)
 
 isAllowedToShowEditForm (array $parameters)
 
- Public Member Functions inherited from TYPO3\CMS\Core\DataHandling\DataHandlerCheckModifyAccessListHookInterface
 checkModifyAccessList (&$accessAllowed, $table, \TYPO3\CMS\Core\DataHandling\DataHandler $parent)
 

Protected Member Functions

 checkFileWriteAccessForFileMetaData ($fileMetadataRecord)
 

Detailed Description

We do not have AOP in TYPO3 for now, thus the aspect which deals with file metadata data security is an assembly of hooks to check permissions on files belonging to file meta data records

Definition at line 29 of file FileMetadataPermissionsAspect.php.

Member Function Documentation

◆ checkFileWriteAccessForFileMetaData()

TYPO3\CMS\Core\Resource\Security\FileMetadataPermissionsAspect::checkFileWriteAccessForFileMetaData (   $fileMetadataRecord)
protected

Checks write access to the file belonging to a metadata entry

Parameters
array$fileMetadataRecord
Returns
bool

Definition at line 157 of file FileMetadataPermissionsAspect.php.

References TYPO3\CMS\Core\Resource\ResourceFactory\getInstance().

Referenced by TYPO3\CMS\Core\Resource\Security\FileMetadataPermissionsAspect\checkModifyAccessList(), TYPO3\CMS\Core\Resource\Security\FileMetadataPermissionsAspect\checkRecordUpdateAccess(), and TYPO3\CMS\Core\Resource\Security\FileMetadataPermissionsAspect\isAllowedToShowEditForm().

◆ checkModifyAccessList()

TYPO3\CMS\Core\Resource\Security\FileMetadataPermissionsAspect::checkModifyAccessList ( $accessAllowed,
  $table,
DataHandler  $parent 
)

Hook that determines whether a user has access to modify a table. We "abuse" it here to actually check if access is allowed to sys_file_metadata.

Parameters
int&$accessAllowedWhether the user has access to modify a table
string$tableThe name of the table to be modified
DataHandler$parentThe calling parent object
Exceptions

Definition at line 66 of file FileMetadataPermissionsAspect.php.

References TYPO3\CMS\Core\Utility\MathUtility\canBeInterpretedAsInteger(), TYPO3\CMS\Core\Resource\Security\FileMetadataPermissionsAspect\checkFileWriteAccessForFileMetaData(), and TYPO3\CMS\Backend\Utility\BackendUtility\getRecord().

◆ checkRecordUpdateAccess()

TYPO3\CMS\Core\Resource\Security\FileMetadataPermissionsAspect::checkRecordUpdateAccess (   $table,
  $id,
  $fileMetadataRecord,
  $otherHookGrantedAccess,
DataHandler  $dataHandler 
)

This hook is called before any write operation by DataHandler

Parameters
string$table
int$id
array$fileMetadataRecord
int | NULL$otherHookGrantedAccess
\TYPO3\CMS\Core\DataHandling\DataHandler$dataHandler
Returns
int|null

Definition at line 41 of file FileMetadataPermissionsAspect.php.

References TYPO3\CMS\Core\Resource\Security\FileMetadataPermissionsAspect\checkFileWriteAccessForFileMetaData(), and TYPO3\CMS\Backend\Utility\BackendUtility\getRecord().

◆ isAllowedToShowEditForm()

TYPO3\CMS\Core\Resource\Security\FileMetadataPermissionsAspect::isAllowedToShowEditForm ( array  $parameters)

Deny access to the edit form. This is not mandatory, but better to show this right away that access is denied.

Parameters
array$parameters
Returns
bool

Definition at line 137 of file FileMetadataPermissionsAspect.php.

References $uid, TYPO3\CMS\Core\Resource\Security\FileMetadataPermissionsAspect\checkFileWriteAccessForFileMetaData(), and TYPO3\CMS\Backend\Utility\BackendUtility\getRecord().