‪TYPO3CMS  ‪main
Public Member Functions | Protected Member Functions | List of all members
TYPO3\CMS\Core\Resource\Security\FileMetadataPermissionsAspect Class Reference
Inheritance diagram for TYPO3\CMS\Core\Resource\Security\FileMetadataPermissionsAspect:
TYPO3\CMS\Core\DataHandling\DataHandlerCheckModifyAccessListHookInterface TYPO3\CMS\Core\SingletonInterface

Public Member Functions

int null checkRecordUpdateAccess ($table, $id, $fileMetadataRecord, $otherHookGrantedAccess, DataHandler $dataHandler)
 
 checkModifyAccessList (&$accessAllowed, $table, DataHandler $parent)
 
 isAllowedToShowEditForm (ModifyEditFormUserAccessEvent $event)
 

Protected Member Functions

bool checkFileWriteAccessForFileMetaData ($fileMetadataRecord)
 

Detailed Description

We do not have AOP in TYPO3 for now, thus the aspect which deals with file metadata data security is an assembly of hooks to check permissions on files belonging to file meta data records

Definition at line 32 of file FileMetadataPermissionsAspect.php.

Member Function Documentation

◆ checkFileWriteAccessForFileMetaData()

bool TYPO3\CMS\Core\Resource\Security\FileMetadataPermissionsAspect::checkFileWriteAccessForFileMetaData (   $fileMetadataRecord)
protected

Checks write access to the file belonging to a metadata entry

Parameters
array$fileMetadataRecord
Returns
‪bool

Definition at line 145 of file FileMetadataPermissionsAspect.php.

Referenced by TYPO3\CMS\Core\Resource\Security\FileMetadataPermissionsAspect\checkModifyAccessList(), TYPO3\CMS\Core\Resource\Security\FileMetadataPermissionsAspect\checkRecordUpdateAccess(), and TYPO3\CMS\Core\Resource\Security\FileMetadataPermissionsAspect\isAllowedToShowEditForm().

◆ checkModifyAccessList()

TYPO3\CMS\Core\Resource\Security\FileMetadataPermissionsAspect::checkModifyAccessList ( $accessAllowed,
  $table,
DataHandler  $parent 
)

Hook that determines whether a user has access to modify a table. We "abuse" it here to actually check if access is allowed to sys_file_metadata.

Parameters
bool$accessAllowed‪Whether the user has access to modify a table
string$table‪The name of the table to be modified
DataHandler$parent‪The calling parent object
Exceptions

Implements TYPO3\CMS\Core\DataHandling\DataHandlerCheckModifyAccessListHookInterface.

Definition at line 67 of file FileMetadataPermissionsAspect.php.

References TYPO3\CMS\Core\Resource\Security\FileMetadataPermissionsAspect\checkFileWriteAccessForFileMetaData().

◆ checkRecordUpdateAccess()

int null TYPO3\CMS\Core\Resource\Security\FileMetadataPermissionsAspect::checkRecordUpdateAccess (   $table,
  $id,
  $fileMetadataRecord,
  $otherHookGrantedAccess,
DataHandler  $dataHandler 
)

This hook is called before any write operation by DataHandler

Parameters
string$table
int$id
array$fileMetadataRecord
int | null$otherHookGrantedAccess
Returns
‪int|null

Definition at line 43 of file FileMetadataPermissionsAspect.php.

References TYPO3\CMS\Core\Resource\Security\FileMetadataPermissionsAspect\checkFileWriteAccessForFileMetaData().

◆ isAllowedToShowEditForm()

TYPO3\CMS\Core\Resource\Security\FileMetadataPermissionsAspect::isAllowedToShowEditForm ( ModifyEditFormUserAccessEvent  $event)

Deny access to the edit form. This is not mandatory, but better to show this right away that access is denied.

Definition at line 125 of file FileMetadataPermissionsAspect.php.

References TYPO3\CMS\Backend\Form\Event\ModifyEditFormUserAccessEvent\allowUserAccess(), TYPO3\CMS\Core\Resource\Security\FileMetadataPermissionsAspect\checkFileWriteAccessForFileMetaData(), TYPO3\CMS\Backend\Form\Event\ModifyEditFormUserAccessEvent\denyUserAccess(), TYPO3\CMS\Backend\Form\Event\ModifyEditFormUserAccessEvent\doesUserHaveAccess(), TYPO3\CMS\Backend\Form\Event\ModifyEditFormUserAccessEvent\getCommand(), TYPO3\CMS\Backend\Form\Event\ModifyEditFormUserAccessEvent\getDatabaseRow(), and TYPO3\CMS\Backend\Form\Event\ModifyEditFormUserAccessEvent\getTableName().