Returns TRUE if access is granted on the given privilege target in the current security context
| public isPrivilegeTargetGranted ( string $privilegeTargetIdentifier, array $privilegeParameters = [] ) : boolean | ||
| $privilegeTargetIdentifier | string | The identifier of the privilege target to decide on |
| $privilegeParameters | array | Optional array of privilege parameters (simple key => value array) |
| return | boolean | TRUE if access is granted, FALSE otherwise |
/**
* Handle an exception by displaying an error message inside the Neos backend, if logged in and not displaying the live workspace.
*
* @param array $typoScriptPath path causing the exception
* @param \Exception $exception exception to handle
* @param integer $referenceCode
* @return string
*/
protected function handle($typoScriptPath, \Exception $exception, $referenceCode)
{
$handler = new ContextDependentHandler();
$handler->setRuntime($this->runtime);
$output = $handler->handleRenderingException($typoScriptPath, $exception);
$currentContext = $this->runtime->getCurrentContext();
/** @var NodeInterface $documentNode */
$documentNode = isset($currentContext['documentNode']) ? $currentContext['documentNode'] : null;
/** @var NodeInterface $node */
$node = isset($currentContext['node']) ? $currentContext['node'] : null;
$fluidView = $this->prepareFluidView();
$isBackend = false;
/** @var NodeInterface $siteNode */
$siteNode = isset($currentContext['site']) ? $currentContext['site'] : null;
if ($documentNode === null) {
// Actually we cannot be sure that $node is a document. But for fallback purposes this should be safe.
$documentNode = $siteNode ? $siteNode : $node;
}
if ($documentNode !== null && $documentNode->getContext()->getWorkspace()->getName() !== 'live' && $this->privilegeManager->isPrivilegeTargetGranted('Neos.Neos:Backend.GeneralAccess')) {
$isBackend = true;
$fluidView->assign('metaData', $this->contentElementWrappingService->wrapCurrentDocumentMetadata($documentNode, '<div id="neos-document-metadata"></div>', $typoScriptPath));
}
$fluidView->assignMultiple(array('isBackend' => $isBackend, 'message' => $output, 'node' => $node));
return $fluidView->render();
}
/**
* Get the current rendering mode (editPreviewMode).
* Will return a live mode when not in backend.
*
* @return UserInterfaceMode
*/
public function findModeByCurrentUser()
{
if ($this->userService->getBackendUser() === null || !$this->privilegeManager->isPrivilegeTargetGranted('Neos.Neos:Backend.GeneralAccess')) {
return $this->findModeByName('live');
}
/** @var \Neos\Neos\Domain\Model\User $user */
$editPreviewMode = $this->userService->getUserPreference('contentEditing.editPreviewMode');
if ($editPreviewMode === null) {
$editPreviewMode = $this->defaultEditPreviewMode;
}
$mode = $this->findModeByName($editPreviewMode);
return $mode;
}
/**
* @param NodeInterface $node
* @return string
* @throws NeosException
*/
public function render(NodeInterface $node)
{
if ($this->privilegeManager->isPrivilegeTargetGranted('Neos.Neos:Backend.GeneralAccess') === false) {
return '';
}
/** @var $actionRequest ActionRequest */
$actionRequest = $this->controllerContext->getRequest();
$innerView = new StandaloneView($actionRequest);
$innerView->setTemplatePathAndFilename('resource://Neos.Neos/Private/Templates/Backend/Content/Container.html');
$innerView->setFormat('html');
$innerView->setPartialRootPath('resource://Neos.Neos/Private/Partials');
$user = $this->partyService->getAssignedPartyOfAccount($this->securityContext->getAccount());
$innerView->assignMultiple(array('node' => $node, 'modules' => $this->menuHelper->buildModuleList($this->controllerContext), 'sites' => $this->menuHelper->buildSiteList($this->controllerContext), 'user' => $user));
return $innerView->render();
}
/**
* Wrap the $content identified by $node with the needed markup for the backend.
*
* @param NodeInterface $node
* @param string $property
* @param string $content
* @return string
*/
public function wrapContentProperty(NodeInterface $node, $property, $content)
{
/** @var $contentContext ContentContext */
$contentContext = $node->getContext();
if ($contentContext->getWorkspaceName() === 'live' || !$this->privilegeManager->isPrivilegeTargetGranted('Neos.Neos:Backend.GeneralAccess')) {
return $content;
}
if (!$this->nodeAuthorizationService->isGrantedToEditNode($node)) {
return $content;
}
$attributes = array();
$attributes['class'] = 'neos-inline-editable';
$attributes['property'] = 'typo3:' . $property;
$attributes['data-neos-node-type'] = $node->getNodeType()->getName();
return $this->htmlAugmenter->addAttributes($content, $attributes, 'span');
}
/**
* @param ControllerContext $controllerContext
* @return array
*/
public function buildModuleList(ControllerContext $controllerContext)
{
$modules = array();
foreach ($this->settings['modules'] as $module => $moduleConfiguration) {
if (!$this->isModuleEnabled($module)) {
continue;
}
if (isset($moduleConfiguration['privilegeTarget']) && !$this->privilegeManager->isPrivilegeTargetGranted($moduleConfiguration['privilegeTarget'])) {
continue;
}
$submodules = array();
if (isset($moduleConfiguration['submodules'])) {
foreach ($moduleConfiguration['submodules'] as $submodule => $submoduleConfiguration) {
if (!$this->isModuleEnabled($module . '/' . $submodule)) {
continue;
}
if (isset($submoduleConfiguration['privilegeTarget']) && !$this->privilegeManager->isPrivilegeTargetGranted($submoduleConfiguration['privilegeTarget'])) {
continue;
}
$submodules[] = $this->collectModuleData($controllerContext, $submodule, $submoduleConfiguration, $module . '/' . $submodule);
}
}
$modules[] = array_merge($this->collectModuleData($controllerContext, $module, $moduleConfiguration, $module), array('group' => $module, 'submodules' => $submodules));
}
return $modules;
}
/**
* renders the exception to nice html content element to display, edit, remove, ...
*
* @param string $typoScriptPath - path causing the exception
* @param \Exception $exception - exception to handle
* @param integer $referenceCode - might be unset
* @return string
*/
protected function handle($typoScriptPath, \Exception $exception, $referenceCode)
{
$handler = new ContextDependentHandler();
$handler->setRuntime($this->runtime);
$output = $handler->handleRenderingException($typoScriptPath, $exception);
$currentContext = $this->getRuntime()->getCurrentContext();
if (isset($currentContext['node'])) {
/** @var NodeInterface $node */
$node = $currentContext['node'];
$applicationContext = $this->environment->getContext();
if ($applicationContext->isProduction() && $this->privilegeManager->isPrivilegeTargetGranted('Neos.Neos:Backend.GeneralAccess') && $node->getContext()->getWorkspaceName() !== 'live') {
$output = '<div class="neos-rendering-exception"><div class="neos-rendering-exception-title">Failed to render element' . $output . '</div></div>';
}
return $this->contentElementWrappingService->wrapContentObject($node, $output, $typoScriptPath);
}
return $output;
}
/**
* Is access to the neos backend granted by current authentications.
*
* @return boolean
*/
protected function hasAccessToBackend()
{
try {
return $this->privilegeManager->isPrivilegeTargetGranted('Neos.Neos:Backend.GeneralAccess');
} catch (Exception $exception) {
return false;
}
}
/**
* Evaluate this TypoScript object and return the result
*
* @return mixed
*/
public function evaluate()
{
$content = $this->getValue();
/** @var $node NodeInterface */
$node = $this->tsValue('node');
if (!$node instanceof NodeInterface) {
return $content;
}
/** @var $property string */
$property = $this->tsValue('property');
/** @var $contentContext ContentContext */
$contentContext = $node->getContext();
if ($contentContext->getWorkspaceName() === 'live') {
return $content;
}
if (!$this->privilegeManager->isPrivilegeTargetGranted('Neos.Neos:Backend.GeneralAccess')) {
return $content;
}
if ($node->isRemoved()) {
$content = '';
}
return $this->contentElementEditableService->wrapContentProperty($node, $property, $content);
}
/**
* Evaluate this TypoScript object and return the result
*
* @return mixed
*/
public function evaluate()
{
$content = $this->getValue();
/** @var $node NodeInterface */
$node = $this->tsValue('node');
if (!$node instanceof NodeInterface) {
return $content;
}
/** @var $contentContext ContentContext */
$contentContext = $node->getContext();
if ($contentContext->getWorkspaceName() === 'live') {
return $content;
}
if (!$this->privilegeManager->isPrivilegeTargetGranted('Neos.Neos:Backend.GeneralAccess')) {
return $content;
}
if ($node->isRemoved()) {
$content = '';
}
if ($this->tsValue('renderCurrentDocumentMetadata')) {
return $this->contentElementWrappingService->wrapCurrentDocumentMetadata($node, $content, $this->getContentElementTypoScriptPath());
}
return $this->contentElementWrappingService->wrapContentObject($node, $content, $this->getContentElementTypoScriptPath());
}
/**
* Checks if the current user may transfer ownership of the given workspace
*
* In future versions, this logic may be implemented in Neos in a more generic way (for example, by means of an
* ACL object), but for now, this method exists in order to at least centralize and encapsulate the required logic.
*
* @param Workspace $workspace The workspace
* @return boolean
*/
public function currentUserCanTransferOwnershipOfWorkspace(Workspace $workspace)
{
if ($workspace->isPersonalWorkspace()) {
return false;
}
// The privilege to manage shared workspaces is needed, because regular editors should not change ownerships
// of their internal workspaces, even if it was technically possible, because they wouldn't be able to change
// ownership back to themselves.
return $this->privilegeManager->isPrivilegeTargetGranted('Neos.Neos:Backend.Module.Management.Workspaces.ManageInternalWorkspaces');
}
