/**
  * Add the Annotated Method to the Navigation
  *
  * @param \TYPO3\FLOW3\AOP\JoinPointInterface $joinPoint
  * @FLOW3\Before("method(protected TYPO3\Fluid\View\TemplateView->getLayoutPathAndFilename(.*))")
  * @return void
  */
 public function addNavigationitem(\TYPO3\FLOW3\AOP\JoinPointInterface $joinPoint)
 {
     $layout = $joinPoint->getMethodArgument("layoutName");
     if (stristr($layout, "resource://")) {
         $joinPoint->getProxy()->setLayoutPathAndFilename($layout);
     }
 }
Beispiel #2
0
 /**
  * Add the Annotated Method to the Navigation
  *
  * @param \TYPO3\FLOW3\AOP\JoinPointInterface $joinPoint
  * @FLOW3\Before("method(public .*\Controller\.*Controller->.*Action(.*))")
  * @return void
  */
 public function addNavigationitem(\TYPO3\FLOW3\AOP\JoinPointInterface $joinPoint)
 {
     $currentClassName = $joinPoint->getClassName();
     $currentMethodName = $joinPoint->getMethodName();
     $controllers = $this->reflectionService->getAllSubClassNamesForClass("\\TYPO3\\FLOW3\\MVC\\Controller\\ActionController");
     foreach ($controllers as $className) {
         $methods = get_class_methods($className);
         if (is_array($methods)) {
             foreach ($methods as $methodName) {
                 if ($this->reflectionService->isMethodAnnotatedWith($className, $methodName, "Admin\\Annotations\\Navigation")) {
                     $annotations = $this->reflectionService->getMethodAnnotations($className, $methodName, "Admin\\Annotations\\Navigation");
                     foreach ($annotations as $annotation) {
                         $action = str_replace("Action", "", $methodName);
                         $controller = $this->helper->getControllerByClassName($className);
                         $package = $this->objectManager->getPackageKeyByObjectName($className);
                         $arguments = array("action" => $action, "controller" => $controller, "package" => $package);
                         $title = !is_null($annotation->title) ? $annotation->title : sprintf("%s (%s)", $controller, $action);
                         \Admin\Core\API::addNavigationitem($title, $annotation->position, $arguments, $annotation->priority, $annotation->parent);
                     }
                 }
             }
         }
     }
     $settings = $this->helper->getSettings("Admin.Navigation");
     foreach ($settings as $position => $items) {
         foreach ($items as $title => $conf) {
             $priority = isset($conf["priority"]) ? $conf["priority"] : 100;
             $arguments = $conf["Arguments"];
             \Admin\Core\API::addNavigationitem($title, strtolower($position), $arguments, $priority);
         }
     }
 }
 /**
  * Logs exceptional results of the NodeService's getNodeByContextNodePath() method which is called by FrontendNodeRoutePartHandler::matchValue()
  *
  * @FLOW3\AfterThrowing("method(TYPO3\TYPO3\Service\NodeService->getNodeByContextNodePath())")
  * @param \TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint The current join point
  * @return void
  */
 public function logFailedMatch(\TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint)
 {
     $relativeContextNodePath = $joinPoint->getMethodArgument('relativeContextNodePath');
     $exception = $joinPoint->getException();
     if ($exception !== NULL) {
         $this->systemLogger->log(sprintf('%s failed to retrieve a node for path "%s" with message: %s', $joinPoint->getClassName(), $relativeContextNodePath, $exception->getMessage()), LOG_INFO);
     }
 }
 /**
  * Before advice, making sure we initialize before use.
  *
  * This expects $proxy->FLOW3_Persistence_LazyLoadingObject_thawProperties
  * to be a Closure that populates the object. That variable is unset after
  * initializing the object!
  *
  * @param \TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint The current join point
  * @return void
  * @FLOW3\Before("TYPO3\FLOW3\Persistence\Generic\Aspect\LazyLoadingObjectAspect->needsLazyLoadingObjectAspect && !method(.*->__construct())")
  */
 public function initialize(\TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint)
 {
     $proxy = $joinPoint->getProxy();
     if (property_exists($proxy, 'FLOW3_Persistence_LazyLoadingObject_thawProperties') && $proxy->FLOW3_Persistence_LazyLoadingObject_thawProperties instanceof \Closure) {
         $proxy->FLOW3_Persistence_LazyLoadingObject_thawProperties->__invoke($proxy);
         unset($proxy->FLOW3_Persistence_LazyLoadingObject_thawProperties);
     }
 }
 /**
  * Convert the object to its context path, if we deal with TYPO3CR nodes.
  *
  * @FLOW3\Around("method(TYPO3\FLOW3\Persistence\AbstractPersistenceManager->convertObjectToIdentityArray())")
  * @param \TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint the joinpoint
  * @return string|array the context path to be used for routing
  */
 public function convertNodeToContextPathForRouting(\TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint)
 {
     $objectArgument = $joinPoint->getMethodArgument('object');
     if ($objectArgument instanceof NodeInterface) {
         return $objectArgument->getContextPath();
     } else {
         return $joinPoint->getAdviceChain()->proceed($joinPoint);
     }
 }
Beispiel #6
0
 /**
  * Logs calls of renewId()
  *
  * @FLOW3\Around("within(TYPO3\FLOW3\Session\SessionInterface) && method(.*->renewId())")
  * @param \TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint The current joinpoint
  * @return mixed The result of the target method if it has not been intercepted
  */
 public function logRenewId(\TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint)
 {
     $session = $joinPoint->getProxy();
     $newId = $joinPoint->getAdviceChain()->proceed($joinPoint);
     if ($session->isStarted()) {
         $oldId = $session->getId();
         $this->systemLogger->log(sprintf('Changed session id from %s to %s', $oldId, $newId), LOG_DEBUG);
     }
     return $newId;
 }
Beispiel #7
0
 /**
  * Around advice, wrapping every method of a scope session object. It redirects
  * all method calls to the session object once there is one.
  *
  * @param \TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint The current join point
  * @return mixed
  * @FLOW3\Around("filter(TYPO3\FLOW3\Session\Aspect\SessionObjectMethodsPointcutFilter)")
  */
 public function callMethodOnOriginalSessionObject(\TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint)
 {
     $objectName = $this->objectManager->getObjectNameByClassName(get_class($joinPoint->getProxy()));
     $methodName = $joinPoint->getMethodName();
     $proxy = $joinPoint->getProxy();
     if (!isset($this->sessionOriginalInstances[$objectName])) {
         $this->sessionOriginalInstances[$objectName] = $this->objectManager->get($objectName);
     }
     if ($this->sessionOriginalInstances[$objectName] === $proxy) {
         return $joinPoint->getAdviceChain()->proceed($joinPoint);
     } else {
         return call_user_func_array(array($this->sessionOriginalInstances[$objectName], $methodName), $joinPoint->getMethodArguments());
     }
 }
Beispiel #8
0
 /**
  * This is the default Policy voter, it votes for the access privilege for the given join point
  *
  * @param TYPO3\FLOW3\Security\Context $securityContext The current securit context
  * @param TYPO3\FLOW3\AOP\JoinPointInterface $joinPoint The joinpoint to vote for
  * @return integer One of: VOTE_GRANT, VOTE_ABSTAIN, VOTE_DENY
  */
 public function voteForJoinPoint(\TYPO3\FLOW3\Security\Context $securityContext, \TYPO3\FLOW3\AOP\JoinPointInterface $joinPoint)
 {
     $proxy = $joinPoint->getProxy();
     if ($proxy instanceof \Admin\Controller\StandardController) {
         $arguments = $joinPoint->getMethodArguments();
         if (isset($arguments["being"])) {
             $arguments["action"] = $proxy->getAction();
             if ($arguments["action"] == "list") {
                 $arguments["action"] = "view";
             }
             #\dump($arguments, __FILE__ . ":" . __LINE__);
             $accessGrants = 0;
             $accessDenies = 0;
             foreach ($securityContext->getAuthenticationTokens() as $token) {
                 if (is_callable(array($token, "getUser"))) {
                     $user = $token->getUser();
                     if ($user->getAdmin()) {
                         return self::VOTE_GRANT;
                     }
                     foreach ($user->getRoles() as $role) {
                         foreach ($role->getGrant() as $policy) {
                             if ($this->comparePolicy($arguments, $policy)) {
                                 $accessGrants++;
                             }
                         }
                         #foreach ($role->getDeny() as $policy) {
                         #    if($this->comparePolicy($arguments, $policy)) $accessDenies++;
                         #}
                     }
                 }
             }
             if ($accessDenies > 0) {
                 return self::VOTE_DENY;
             }
             if ($accessGrants > 0) {
                 return self::VOTE_GRANT;
             }
         } else {
             return self::VOTE_ABSTAIN;
         }
     }
     return self::VOTE_ABSTAIN;
 }
 /**
  * @test
  */
 public function cacheResolveCallSkipsCacheIfRouteValuesContainObjectsThatCantBeConvertedToHashes()
 {
     $mockObject = new \stdClass();
     $routeValues = array('b' => 'route values', 'someObject' => $mockObject);
     $this->mockJoinPoint->expects($this->once())->method('getMethodArgument')->with('routeValues')->will($this->returnValue($routeValues));
     $this->mockPersistenceManager->expects($this->once())->method('getIdentifierByObject')->with($mockObject)->will($this->returnValue(NULL));
     $matchingUri = 'uncached/matching/uri';
     $this->mockAdviceChain->expects($this->once())->method('proceed')->with($this->mockJoinPoint)->will($this->returnValue($matchingUri));
     $this->mockResolveCache->expects($this->never())->method('has');
     $this->mockResolveCache->expects($this->never())->method('set');
     $this->routerCachingAspect->cacheResolveCall($this->mockJoinPoint);
 }
Beispiel #10
0
 /**
  * Adds a CSRF token as argument in the URI builder
  *
  * @FLOW3\Before("setting(TYPO3.FLOW3.security.enable) && method(TYPO3\FLOW3\Mvc\Routing\UriBuilder->build())")
  * @param \TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint The current join point
  * @return void
  */
 public function addCsrfTokenToUri(\TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint)
 {
     $uriBuilder = $joinPoint->getProxy();
     $arguments = $joinPoint->getMethodArgument('arguments');
     $packageKey = isset($arguments['@package']) ? $arguments['@package'] : '';
     $subpackageKey = isset($arguments['@subpackage']) ? $arguments['@subpackage'] : '';
     $controllerName = isset($arguments['@controller']) ? $arguments['@controller'] : 'Standard';
     $actionName = (isset($arguments['@action']) ? $arguments['@action'] : 'index') . 'Action';
     $possibleObjectName = '@package\\@subpackage\\Controller\\@controllerController';
     $possibleObjectName = str_replace('@package', str_replace('.', '\\', $packageKey), $possibleObjectName);
     $possibleObjectName = str_replace('@subpackage', $subpackageKey, $possibleObjectName);
     $possibleObjectName = str_replace('@controller', $controllerName, $possibleObjectName);
     $possibleObjectName = str_replace('\\\\', '\\', $possibleObjectName);
     $lowercaseObjectName = strtolower($possibleObjectName);
     $className = $this->objectManager->getClassNameByObjectName($this->objectManager->getCaseSensitiveObjectName($lowercaseObjectName));
     if ($this->policyService->hasPolicyEntryForMethod($className, $actionName) && !$this->reflectionService->isMethodAnnotatedWith($className, $actionName, 'TYPO3\\FLOW3\\Annotations\\SkipCsrfProtection')) {
         $internalArguments = $uriBuilder->getArguments();
         $internalArguments['__csrfToken'] = $this->securityContext->getCsrfProtectionToken();
         $uriBuilder->setArguments($internalArguments);
     }
 }
Beispiel #11
0
 /**
  * Advices the dispatch method so that illegal requests are blocked before invoking
  * any controller.
  *
  * @FLOW3\Around("method(TYPO3\FLOW3\MVC\Dispatcher->dispatch())")
  * @param \TYPO3\FLOW3\AOP\JoinPointInterface $joinPoint The current joinpoint
  * @return mixed Result of the advice chain
  */
 public function checkAccess(\TYPO3\FLOW3\AOP\JoinPointInterface $joinPoint)
 {
     $this->securityManager->setRequest($joinPoint->getMethodArgument('request'));
     $this->securityManager->setResponse($joinPoint->getMethodArgument('response'));
     $request = $joinPoint->getMethodArgument('request');
     if (is_a($request, "\\TYPO3\\FLOW3\\MVC\\Web\\Request")) {
         $className = $request->getControllerObjectName();
         $methodName = $request->getControllerActionName() . 'Action';
         try {
             if (!empty($className) && $this->reflectionService->isMethodAnnotatedWith($className, $methodName, "Admin\\Annotations\\Access")) {
                 $annotation = $this->reflectionService->getMethodAnnotation($className, $methodName, "Admin\\Annotations\\Access");
                 if (!is_object($user = $this->securityManager->getUser())) {
                     return $this->securityManager->redirectToLogin($joinPoint);
                 }
                 if ($annotation->admin && !$user->isAdmin()) {
                     return $this->securityManager->redirectToLogin($joinPoint);
                 }
                 if ($annotation->role !== null) {
                     $hasRole = false;
                     foreach ($user->getRoles() as $role) {
                         if ($role->getName() == $annotation->role) {
                             $hasRole = true;
                         }
                     }
                     if (!$hasRole) {
                         $message = new \TYPO3\FLOW3\Error\Error("You don't have access to this page!");
                         $this->flashMessageContainer->addMessage($message);
                         return $this->securityManager->redirectToLogin($joinPoint);
                     }
                 }
             }
         } catch (\Exception $e) {
         }
     }
     if (is_object($adviceChain = $joinPoint->getAdviceChain())) {
         $result = $adviceChain->proceed($joinPoint);
         return $result;
     }
 }
 /**
  * Advices the dispatch method so that access denied exceptions are transformed into the correct
  * response status.
  *
  * @FLOW3\Around("setting(TYPO3.FLOW3.security.enable) && method(TYPO3\FLOW3\Mvc\Dispatcher->dispatch())")
  * @param \TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint The current joinpoint
  * @return mixed Result of the advice chain
  */
 public function setAccessDeniedResponseHeader(\TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint)
 {
     $response = $joinPoint->getMethodArgument('response');
     try {
         return $joinPoint->getAdviceChain()->proceed($joinPoint);
     } catch (\TYPO3\FLOW3\Security\Exception\AccessDeniedException $exception) {
         if ($response instanceof \TYPO3\FLOW3\Http\Response) {
             $response->setStatus(403);
         }
         $response->setContent('Access denied!');
     }
 }
 /**
  * Returns the publish path and filename to be used to publish the specified persistent resource
  *
  * @FLOW3\Around("method(TYPO3\FLOW3\Resource\Publishing\FileSystemPublishingTarget->buildPersistentResourcePublishPathAndFilename()) && setting(TYPO3.FLOW3.security.enable)")
  * @param \TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint The current join point
  * @return mixed Result of the target method
  */
 public function rewritePersistentResourcePublishPathAndFilenameForPrivateResources(\TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint)
 {
     $resource = $joinPoint->getMethodArgument('resource');
     $configuration = $resource->getPublishingConfiguration();
     $returnFilename = $joinPoint->getMethodArgument('returnFilename');
     if ($configuration === NULL || $configuration instanceof \TYPO3\FLOW3\Security\Authorization\Resource\SecurityPublishingConfiguration === FALSE) {
         return $joinPoint->getAdviceChain()->proceed($joinPoint);
     }
     $publishingPath = FALSE;
     $allowedRoles = $configuration->getAllowedRoles();
     if (count(array_intersect($allowedRoles, $this->securityContext->getRoles())) > 0) {
         $publishingPath = \TYPO3\FLOW3\Utility\Files::concatenatePaths(array($joinPoint->getProxy()->getResourcesPublishingPath(), 'Persistent/', $this->session->getID())) . '/';
         $filename = $resource->getResourcePointer()->getHash() . '.' . $resource->getFileExtension();
         \TYPO3\FLOW3\Utility\Files::createDirectoryRecursively($publishingPath);
         $this->accessRestrictionPublisher->publishAccessRestrictionsForPath($publishingPath);
         if ($this->settings['resource']['publishing']['fileSystem']['mirrorMode'] === 'link') {
             foreach ($allowedRoles as $role) {
                 $roleDirectory = \TYPO3\FLOW3\Utility\Files::concatenatePaths(array($this->environment->getPathToTemporaryDirectory(), 'PrivateResourcePublishing/', $role));
                 \TYPO3\FLOW3\Utility\Files::createDirectoryRecursively($roleDirectory);
                 if (file_exists($publishingPath . $role)) {
                     if (\TYPO3\FLOW3\Utility\Files::is_link(\TYPO3\FLOW3\Utility\Files::concatenatePaths(array($publishingPath, $role))) && realpath(\TYPO3\FLOW3\Utility\Files::concatenatePaths(array($publishingPath, $role))) === $roleDirectory) {
                         continue;
                     }
                     unlink($publishingPath . $role);
                     symlink($roleDirectory, \TYPO3\FLOW3\Utility\Files::concatenatePaths(array($publishingPath, $role)));
                 } else {
                     symlink($roleDirectory, \TYPO3\FLOW3\Utility\Files::concatenatePaths(array($publishingPath, $role)));
                 }
             }
             $publishingPath = \TYPO3\FLOW3\Utility\Files::concatenatePaths(array($publishingPath, $allowedRoles[0])) . '/';
         }
         if ($returnFilename === TRUE) {
             $publishingPath = \TYPO3\FLOW3\Utility\Files::concatenatePaths(array($publishingPath, $filename));
         }
     }
     return $publishingPath;
 }
Beispiel #14
0
 /**
  * Mark object as cloned after cloning.
  *
  * Note: this is not used by anything in the FLOW3 base distribution,
  * but might be needed by custom backends (like TYPO3.CouchDB).
  *
  * @param \TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint
  * @return void
  * @FLOW3\AfterReturning("TYPO3\FLOW3\Persistence\Aspect\PersistenceMagicAspect->isEntityOrValueObject && method(.*->__clone())")
  */
 public function cloneObject(\TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint)
 {
     $joinPoint->getProxy()->FLOW3_Persistence_clone = TRUE;
 }
Beispiel #15
0
 /**
  * Returns the privileges a specific role has for the given joinpoint. The returned array
  * contains the privilege's resource as key of each privilege.
  *
  * @param \TYPO3\FLOW3\Security\Policy\Role $role The role for which the privileges should be returned
  * @param \TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint The joinpoint for which the privileges should be returned
  * @return array Array of privileges
  * @throws \TYPO3\FLOW3\Security\Exception\NoEntryInPolicyException
  */
 public function getPrivilegesForJoinPoint(\TYPO3\FLOW3\Security\Policy\Role $role, \TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint)
 {
     $methodIdentifier = strtolower($joinPoint->getClassName() . '->' . $joinPoint->getMethodName());
     $roleIdentifier = (string) $role;
     if (!isset($this->acls[$methodIdentifier])) {
         throw new \TYPO3\FLOW3\Security\Exception\NoEntryInPolicyException('The given joinpoint was not found in the policy cache. Most likely you have to recreate the AOP proxy classes.', 1222100851);
     }
     if (!isset($this->acls[$methodIdentifier][$roleIdentifier])) {
         return array();
     }
     $privileges = array();
     foreach ($this->acls[$methodIdentifier][$roleIdentifier] as $resource => $privilegeConfiguration) {
         if ($privilegeConfiguration['runtimeEvaluationsClosureCode'] !== FALSE) {
             // Make object manager usable as closure variable
             $objectManager = $this->objectManager;
             eval('$runtimeEvaluator = ' . $privilegeConfiguration['runtimeEvaluationsClosureCode'] . ';');
             if ($runtimeEvaluator->__invoke($joinPoint) === FALSE) {
                 continue;
             }
         }
         $privileges[$resource] = $privilegeConfiguration['privilege'];
     }
     return $privileges;
 }
Beispiel #16
0
 /**
  * Passes the signal over to the Dispatcher
  *
  * @FLOW3\AfterReturning("methodAnnotatedWith(TYPO3\FLOW3\Annotations\Signal)")
  * @param \TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint The current join point
  * @return void
  */
 public function forwardSignalToDispatcher(\TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint)
 {
     $signalName = lcfirst(str_replace('emit', '', $joinPoint->getMethodName()));
     $this->dispatcher->dispatch($joinPoint->getClassName(), $signalName, $joinPoint->getMethodArguments());
 }
Beispiel #17
0
 /**
  * Logs calls and results of decideOnJoinPoint()
  *
  * @FLOW3\AfterThrowing("method(TYPO3\FLOW3\Security\Authorization\AccessDecisionVoterManager->decideOnJoinPoint())")
  *
  * @param \TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint
  * @throws \Exception
  * @return void
  */
 public function logJoinPointAccessDecisions(\TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint)
 {
     $exception = $joinPoint->getException();
     $subjectJoinPoint = $joinPoint->getMethodArgument('joinPoint');
     $message = $exception->getMessage() . ' to method ' . $subjectJoinPoint->getClassName() . '::' . $subjectJoinPoint->getMethodName() . '().';
     $this->securityLogger->log($message, \LOG_INFO);
     throw $exception;
 }
 /**
  * @FLOW3\AfterReturning("method(TYPO3\FLOW3\Tests\Functional\Aop\Fixtures\TargetClass02->publicTargetMethod())")
  * @param \TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint
  * @return string
  */
 public function anAfterReturningAdvice(\TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint)
 {
     $joinPoint->getProxy()->afterReturningAdviceWasInvoked = TRUE;
 }