‪TYPO3CMS  ‪main
AccessStorage.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
18 namespace ‪TYPO3\CMS\Backend\Security\SudoMode\Access;
19 
20 use Psr\Log\LoggerAwareInterface;
21 use Psr\Log\LoggerAwareTrait;
22 use ‪TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
23 
29 class ‪AccessStorage implements LoggerAwareInterface
30 {
31  use LoggerAwareTrait;
32 
33  protected const ‪CLAIM_KEY = 'backend.sudo-mode.claim';
34  protected const ‪GRANT_KEY = 'backend.sudo-mode.grant';
35 
36  protected readonly int ‪$currentTimestamp;
37 
38  public function ‪__construct(
39  protected readonly ‪AccessFactory $factory
40  ) {
41  $this->currentTimestamp = (int)(‪$GLOBALS['EXEC_TIME'] ?? time());
42  }
43 
44  public function ‪findGrantsBySubject(‪AccessSubjectInterface $subject): array
45  {
46  $relevantItems = array_filter(
47  $this->‪fetchGrants(),
48  // either group matches (if given), or subject matches
49  fn(array $item) => $this->‪subjectMatchesItem($subject, $item)
50  );
51  return array_map($this->factory->buildGrantFromArray(...), $relevantItems);
52  }
53 
54  public function ‪addGrant(‪AccessGrant $grant): void
55  {
56  $items = $this->‪fetchGrants();
57  $identity = $grant->subject->getIdentity();
58  if (isset($items[$identity])) {
59  $this->logger->warning(
60  sprintf('Grant %s does already exist', $identity),
61  $grant->‪jsonSerialize()
62  );
63  }
64  $items[$identity] = $grant;
65  $this->‪commitItems(self::GRANT_KEY, $items);
66  }
67 
68  public function ‪findClaimById(string $id): ?‪AccessClaim
69  {
70  $item = $this->‪fetchClaims()[$id] ?? null;
71  return !empty($item) ? $this->factory->buildClaimFromArray($item) : null;
72  }
73 
74  public function ‪findClaimBySubject(‪AccessSubjectInterface $subject): ?‪AccessClaim
75  {
76  foreach ($this->‪fetchClaims() as $item) {
77  if ($this->‪subjectMatchesItem($subject, $item)) {
78  return $this->factory->buildClaimFromArray($item);
79  }
80  }
81  return null;
82  }
83 
84  public function ‪addClaim(‪AccessClaim $claim): void
85  {
86  $items = $this->‪fetchClaims();
87  $items[$claim->id] = $claim;
88  $this->‪commitItems(self::CLAIM_KEY, $items);
89  }
90 
91  public function ‪removeClaim(‪AccessClaim $claim): void
92  {
93  $items = $this->‪fetchClaims();
94  unset($items[$claim->id]);
95  $this->‪commitItems(self::CLAIM_KEY, $items);
96  }
97 
98  protected function ‪fetchGrants(): array
99  {
100  return $this->‪fetchItems(self::GRANT_KEY);
101  }
102 
103  protected function ‪fetchClaims(): array
104  {
105  return $this->‪fetchItems(self::CLAIM_KEY);
106  }
107 
108  protected function ‪fetchItems(string $sessionKey): array
109  {
110  $sessionData = $this->‪getBackendUser()->getSessionData($sessionKey);
111  $items = json_decode((string)$sessionData, true, 16) ?? [];
112  $purgedItems = array_filter(
113  $items,
114  fn(array $item) => ($item['expiration'] ?? 0) >= $this->currentTimestamp
115  );
116  if (count($purgedItems) < count($items)) {
117  $this->‪commitItems($sessionKey, $purgedItems);
118  }
119  return $purgedItems;
120  }
121 
122  protected function ‪commitItems(string $sessionKey, array $items): void
123  {
124  // using `json_encode` here, since `UserSession` still uses PHP `serialize`
125  $this->‪getBackendUser()->setAndSaveSessionData($sessionKey, json_encode($items));
126  }
127 
128  protected function ‪subjectMatchesItem(‪AccessSubjectInterface $subject, array $item): bool
129  {
130  // either group matches (if given), or subject matches
131  return ($item['subject']['identity'] ?? null) === $subject->‪getIdentity()
132  || ($subject->‪getGroup() !== null && ($item['subject']['group'] ?? null) === $subject->‪getGroup());
133  }
134 
135  protected function ‪getBackendUser(): ‪BackendUserAuthentication
136  {
137  return ‪$GLOBALS['BE_USER'];
138  }
139 }
‪TYPO3\CMS\Backend\Security\SudoMode\Access\AccessSubjectInterface\getIdentity
‪getIdentity()
‪TYPO3\CMS\Backend\Security\SudoMode\Access\AccessStorage\CLAIM_KEY
‪const CLAIM_KEY
Definition: AccessStorage.php:33
‪TYPO3\CMS\Backend\Security\SudoMode\Access\AccessStorage
Definition: AccessStorage.php:30
‪TYPO3\CMS\Backend\Security\SudoMode\Access\AccessStorage\subjectMatchesItem
‪subjectMatchesItem(AccessSubjectInterface $subject, array $item)
Definition: AccessStorage.php:128
‪TYPO3\CMS\Backend\Security\SudoMode\Access\AccessStorage\findClaimById
‪findClaimById(string $id)
Definition: AccessStorage.php:68
‪TYPO3\CMS\Backend\Security\SudoMode\Access\AccessClaim
Definition: AccessClaim.php:27
‪TYPO3\CMS\Backend\Security\SudoMode\Access\AccessStorage\commitItems
‪commitItems(string $sessionKey, array $items)
Definition: AccessStorage.php:122
‪TYPO3\CMS\Backend\Security\SudoMode\Access
Definition: AccessClaim.php:18
‪TYPO3\CMS\Backend\Security\SudoMode\Access\AccessStorage\findGrantsBySubject
‪findGrantsBySubject(AccessSubjectInterface $subject)
Definition: AccessStorage.php:44
‪TYPO3\CMS\Backend\Security\SudoMode\Access\AccessSubjectInterface\getGroup
‪getGroup()
‪TYPO3\CMS\Backend\Security\SudoMode\Access\AccessSubjectInterface
Definition: AccessSubjectInterface.php:26
‪TYPO3\CMS\Backend\Security\SudoMode\Access\AccessStorage\fetchClaims
‪fetchClaims()
Definition: AccessStorage.php:103
‪TYPO3\CMS\Backend\Security\SudoMode\Access\AccessGrant\jsonSerialize
‪jsonSerialize()
Definition: AccessGrant.php:33
‪TYPO3\CMS\Backend\Security\SudoMode\Access\AccessStorage\$currentTimestamp
‪readonly int $currentTimestamp
Definition: AccessStorage.php:36
‪TYPO3\CMS\Backend\Security\SudoMode\Access\AccessStorage\__construct
‪__construct(protected readonly AccessFactory $factory)
Definition: AccessStorage.php:38
‪TYPO3\CMS\Backend\Security\SudoMode\Access\AccessFactory
Definition: AccessFactory.php:30
‪TYPO3\CMS\Backend\Security\SudoMode\Access\AccessStorage\getBackendUser
‪getBackendUser()
Definition: AccessStorage.php:135
‪TYPO3\CMS\Core\Authentication\BackendUserAuthentication
Definition: BackendUserAuthentication.php:62
‪TYPO3\CMS\Backend\Security\SudoMode\Access\AccessStorage\addGrant
‪addGrant(AccessGrant $grant)
Definition: AccessStorage.php:54
‪TYPO3\CMS\Backend\Security\SudoMode\Access\AccessGrant
Definition: AccessGrant.php:27
‪TYPO3\CMS\Backend\Security\SudoMode\Access\AccessStorage\fetchGrants
‪fetchGrants()
Definition: AccessStorage.php:98
‪$GLOBALS
‪$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['adminpanel']['modules']
Definition: ext_localconf.php:25
‪TYPO3\CMS\Backend\Security\SudoMode\Access\AccessStorage\GRANT_KEY
‪const GRANT_KEY
Definition: AccessStorage.php:34
‪TYPO3\CMS\Backend\Security\SudoMode\Access\AccessStorage\findClaimBySubject
‪findClaimBySubject(AccessSubjectInterface $subject)
Definition: AccessStorage.php:74
‪TYPO3\CMS\Backend\Security\SudoMode\Access\AccessStorage\addClaim
‪addClaim(AccessClaim $claim)
Definition: AccessStorage.php:84
‪TYPO3\CMS\Backend\Security\SudoMode\Access\AccessStorage\removeClaim
‪removeClaim(AccessClaim $claim)
Definition: AccessStorage.php:91
‪TYPO3\CMS\Backend\Security\SudoMode\Access\AccessStorage\fetchItems
‪fetchItems(string $sessionKey)
Definition: AccessStorage.php:108