TYPO3 CMS  TYPO3_8-7
CategoryPermissionsAspect.php
Go to the documentation of this file.
1 <?php
2 namespace TYPO3\CMS\Backend\Security;
3 
4 /*
5  * This file is part of the TYPO3 CMS project.
6  *
7  * It is free software; you can redistribute it and/or modify it under
8  * the terms of the GNU General Public License, either version 2
9  * of the License, or any later version.
10  *
11  * For the full copyright and license information, please read the
12  * LICENSE.txt file that was distributed with this source code.
13  *
14  * The TYPO3 project - inspiring people to share!
15  */
16 
17 use TYPO3\CMS\Backend\Tree\TreeNode;
18 use TYPO3\CMS\Backend\Tree\TreeNodeCollection;
19 use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
20 use TYPO3\CMS\Core\Database\ConnectionPool;
21 use TYPO3\CMS\Core\Tree\TableConfiguration\DatabaseTreeDataProvider;
22 use TYPO3\CMS\Core\Utility\GeneralUtility;
23 
31 class CategoryPermissionsAspect
32 {
36  protected $categoryTableName = 'sys_category';
37 
41  protected $backendUserAuthentication;
42 
46  public function __construct($backendUserAuthentication = null)
47  {
48  $this->backendUserAuthentication = $backendUserAuthentication ?: $GLOBALS['BE_USER'];
49  }
50 
57  public function addUserPermissionsToCategoryTreeData(DatabaseTreeDataProvider $dataProvider, $treeData)
58  {
59  if ((TYPO3_REQUESTTYPE & TYPO3_REQUESTTYPE_BE) && !$this->backendUserAuthentication->isAdmin() && $dataProvider->getTableName() === $this->categoryTableName) {
60 
61  // Get User permissions related to category
62  $categoryMountPoints = $this->backendUserAuthentication->getCategoryMountPoints();
63 
64  // Backup child nodes to be processed.
65  $treeNodeCollection = $treeData->getChildNodes();
66 
67  if (!empty($categoryMountPoints) && !empty($treeNodeCollection)) {
68 
69  // Check the rootline against categoryMountPoints when tree was filtered
70  if ($dataProvider->getRootUid() !== null) {
71  if (in_array($dataProvider->getRootUid(), $categoryMountPoints)) {
72  return;
73  }
74  $uidsInRootline = $this->findUidsInRootline($dataProvider->getRootUid());
75  if (!empty(array_intersect($categoryMountPoints, $uidsInRootline))) {
76  // One of the parents was found in categoryMountPoints so all children are secure
77  return;
78  }
79  }
80 
81  // First, remove all child nodes which must be analysed to be considered as "secure".
82  // The nodes were backed up in variable $treeNodeCollection beforehand.
83  $treeData->removeChildNodes();
84 
85  // Create an empty tree node collection to receive the secured nodes.
87  $securedTreeNodeCollection = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance(\TYPO3\CMS\Backend\Tree\TreeNodeCollection::class);
88 
89  foreach ($categoryMountPoints as $categoryMountPoint) {
90  $treeNode = $this->lookUpCategoryMountPointInTreeNodes((int)$categoryMountPoint, $treeNodeCollection);
91  if (!is_null($treeNode)) {
92  $securedTreeNodeCollection->append($treeNode);
93  }
94  }
95 
96  // Reset child nodes.
97  $treeData->setChildNodes($securedTreeNodeCollection);
98  }
99  }
100  }
101 
109  protected function lookUpCategoryMountPointInTreeNodes($categoryMountPoint, TreeNodeCollection $treeNodeCollection)
110  {
111  $result = null;
112 
113  // If any User permission, recursively traverse the tree and set tree part as mount point
114  foreach ($treeNodeCollection as $treeNode) {
115 
117  if ((int)$treeNode->getId() === $categoryMountPoint) {
118  $result = $treeNode;
119  break;
120  }
121 
122  if ($treeNode->hasChildNodes()) {
123 
125  $node = $this->lookUpCategoryMountPointInTreeNodes($categoryMountPoint, $treeNode->getChildNodes());
126  if (! is_null($node)) {
127  $result = $node;
128  break;
129  }
130  }
131  }
132  return $result;
133  }
134 
141  protected function findUidsInRootline($uid)
142  {
144  $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($this->categoryTableName);
145  $row = $queryBuilder
146  ->select('parent')
147  ->from($this->categoryTableName)
148  ->where(
149  $queryBuilder->expr()->eq('uid', $queryBuilder->createNamedParameter($uid, \PDO::PARAM_INT))
150  )
151  ->execute()
152  ->fetch();
153 
154  $parentUids = [];
155  if ($row['parent'] > 0) {
156  $parentUids = $this->findUidsInRootline($row['parent']);
157  $parentUids[] = $row['parent'];
158  }
159  return $parentUids;
160  }
161 }
TYPO3\CMS\Core\Utility\GeneralUtility\makeInstance
static makeInstance($className,... $constructorArguments)
Definition: GeneralUtility.php:3945
$GLOBALS
if(TYPO3_MODE==='BE') $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_tsfebeuserauth.php']['frontendEditingController']['default']
Definition: ext_localconf.php:38