/**
* Add the Annotated Method to the Navigation
*
* @param \TYPO3\FLOW3\AOP\JoinPointInterface $joinPoint
* @FLOW3\Before("method(public .*\Controller\.*Controller->.*Action(.*))")
* @return void
*/
public function addNavigationitem(\TYPO3\FLOW3\AOP\JoinPointInterface $joinPoint)
{
$currentClassName = $joinPoint->getClassName();
$currentMethodName = $joinPoint->getMethodName();
$controllers = $this->reflectionService->getAllSubClassNamesForClass("\\TYPO3\\FLOW3\\MVC\\Controller\\ActionController");
foreach ($controllers as $className) {
$methods = get_class_methods($className);
if (is_array($methods)) {
foreach ($methods as $methodName) {
if ($this->reflectionService->isMethodAnnotatedWith($className, $methodName, "Admin\\Annotations\\Navigation")) {
$annotations = $this->reflectionService->getMethodAnnotations($className, $methodName, "Admin\\Annotations\\Navigation");
foreach ($annotations as $annotation) {
$action = str_replace("Action", "", $methodName);
$controller = $this->helper->getControllerByClassName($className);
$package = $this->objectManager->getPackageKeyByObjectName($className);
$arguments = array("action" => $action, "controller" => $controller, "package" => $package);
$title = !is_null($annotation->title) ? $annotation->title : sprintf("%s (%s)", $controller, $action);
\Admin\Core\API::addNavigationitem($title, $annotation->position, $arguments, $annotation->priority, $annotation->parent);
}
}
}
}
}
$settings = $this->helper->getSettings("Admin.Navigation");
foreach ($settings as $position => $items) {
foreach ($items as $title => $conf) {
$priority = isset($conf["priority"]) ? $conf["priority"] : 100;
$arguments = $conf["Arguments"];
\Admin\Core\API::addNavigationitem($title, strtolower($position), $arguments, $priority);
}
}
}
/**
* Adds a CSRF token as argument in the URI builder
*
* @FLOW3\Before("setting(TYPO3.FLOW3.security.enable) && method(TYPO3\FLOW3\Mvc\Routing\UriBuilder->build())")
* @param \TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint The current join point
* @return void
*/
public function addCsrfTokenToUri(\TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint)
{
$uriBuilder = $joinPoint->getProxy();
$arguments = $joinPoint->getMethodArgument('arguments');
$packageKey = isset($arguments['@package']) ? $arguments['@package'] : '';
$subpackageKey = isset($arguments['@subpackage']) ? $arguments['@subpackage'] : '';
$controllerName = isset($arguments['@controller']) ? $arguments['@controller'] : 'Standard';
$actionName = (isset($arguments['@action']) ? $arguments['@action'] : 'index') . 'Action';
$possibleObjectName = '@package\\@subpackage\\Controller\\@controllerController';
$possibleObjectName = str_replace('@package', str_replace('.', '\\', $packageKey), $possibleObjectName);
$possibleObjectName = str_replace('@subpackage', $subpackageKey, $possibleObjectName);
$possibleObjectName = str_replace('@controller', $controllerName, $possibleObjectName);
$possibleObjectName = str_replace('\\\\', '\\', $possibleObjectName);
$lowercaseObjectName = strtolower($possibleObjectName);
$className = $this->objectManager->getClassNameByObjectName($this->objectManager->getCaseSensitiveObjectName($lowercaseObjectName));
if ($this->policyService->hasPolicyEntryForMethod($className, $actionName) && !$this->reflectionService->isMethodAnnotatedWith($className, $actionName, 'TYPO3\\FLOW3\\Annotations\\SkipCsrfProtection')) {
$internalArguments = $uriBuilder->getArguments();
$internalArguments['__csrfToken'] = $this->securityContext->getCsrfProtectionToken();
$uriBuilder->setArguments($internalArguments);
}
}
/**
* Advices the dispatch method so that illegal requests are blocked before invoking
* any controller.
*
* @FLOW3\Around("method(TYPO3\FLOW3\MVC\Dispatcher->dispatch())")
* @param \TYPO3\FLOW3\AOP\JoinPointInterface $joinPoint The current joinpoint
* @return mixed Result of the advice chain
*/
public function checkAccess(\TYPO3\FLOW3\AOP\JoinPointInterface $joinPoint)
{
$this->securityManager->setRequest($joinPoint->getMethodArgument('request'));
$this->securityManager->setResponse($joinPoint->getMethodArgument('response'));
$request = $joinPoint->getMethodArgument('request');
if (is_a($request, "\\TYPO3\\FLOW3\\MVC\\Web\\Request")) {
$className = $request->getControllerObjectName();
$methodName = $request->getControllerActionName() . 'Action';
try {
if (!empty($className) && $this->reflectionService->isMethodAnnotatedWith($className, $methodName, "Admin\\Annotations\\Access")) {
$annotation = $this->reflectionService->getMethodAnnotation($className, $methodName, "Admin\\Annotations\\Access");
if (!is_object($user = $this->securityManager->getUser())) {
return $this->securityManager->redirectToLogin($joinPoint);
}
if ($annotation->admin && !$user->isAdmin()) {
return $this->securityManager->redirectToLogin($joinPoint);
}
if ($annotation->role !== null) {
$hasRole = false;
foreach ($user->getRoles() as $role) {
if ($role->getName() == $annotation->role) {
$hasRole = true;
}
}
if (!$hasRole) {
$message = new \TYPO3\FLOW3\Error\Error("You don't have access to this page!");
$this->flashMessageContainer->addMessage($message);
return $this->securityManager->redirectToLogin($joinPoint);
}
}
}
} catch (\Exception $e) {
}
}
if (is_object($adviceChain = $joinPoint->getAdviceChain())) {
$result = $adviceChain->proceed($joinPoint);
return $result;
}
}
