/** * This method walks through the view configuration and applies * matching configurations in the order of their specifity score. * Possible options are currently the viewObjectName to specify * a different class that will be used to create the view and * an array of options that will be set on the view object. * * @param \TYPO3\Flow\Mvc\ActionRequest $request * @return array */ public function getViewConfiguration(ActionRequest $request) { $cacheIdentifier = $this->createCacheIdentifier($request); $viewConfiguration = $this->cache->get($cacheIdentifier); if ($viewConfiguration === false) { $configurations = $this->configurationManager->getConfiguration('Views'); $requestMatcher = new RequestMatcher($request); $context = new Context($requestMatcher); $matchingConfigurations = array(); foreach ($configurations as $order => $configuration) { $requestMatcher->resetWeight(); if (!isset($configuration['requestFilter'])) { $matchingConfigurations[$order]['configuration'] = $configuration; $matchingConfigurations[$order]['weight'] = $order; } else { $result = $this->eelEvaluator->evaluate($configuration['requestFilter'], $context); if ($result === false) { continue; } $matchingConfigurations[$order]['configuration'] = $configuration; $matchingConfigurations[$order]['weight'] = $requestMatcher->getWeight() + $order; } } usort($matchingConfigurations, function ($configuration1, $configuration2) { return $configuration1['weight'] > $configuration2['weight']; }); $viewConfiguration = array(); foreach ($matchingConfigurations as $key => $matchingConfiguration) { $viewConfiguration = Arrays::arrayMergeRecursiveOverrule($viewConfiguration, $matchingConfiguration['configuration']); } $this->cache->set($cacheIdentifier, $viewConfiguration); } return $viewConfiguration; }
/** * @param PrivilegeSubjectInterface $subject * @return boolean * @throws InvalidPrivilegeTypeException */ public function matchesSubject(PrivilegeSubjectInterface $subject) { if (!$subject instanceof NodePrivilegeSubject) { throw new InvalidPrivilegeTypeException(sprintf('Privileges of type "%s" only support subjects of type "%s", but we got a subject of type: "%s".', static::class, NodePrivilegeSubject::class, get_class($subject)), 1465979693); } $nodeContext = new NodePrivilegeContext($subject->getNode()); $eelContext = new Context($nodeContext); $eelCompilingEvaluator = new CompilingEvaluator(); $eelCompilingEvaluator->evaluate($this->getParsedMatcher(), $eelContext); return $eelCompilingEvaluator->evaluate($this->getParsedMatcher(), $eelContext); }
/** * @test */ public function loopedExpressions() { $this->markTestSkipped('Enable for benchmark'); $evaluator = new CompilingEvaluator(); $expression = 'foo.bar=="Test"||foo.baz=="Test"||reverse(foo).bar=="Test"'; $context = new Context(array('foo' => array('bar' => 'Test1', 'baz' => 'Test2'), 'reverse' => function ($array) { return array_reverse($array, true); })); for ($i = 0; $i < 10000; $i++) { $evaluator->evaluate($expression, $context); } }
/** * @param PrivilegeSubjectInterface|NodePrivilegeSubject|MethodPrivilegeSubject $subject (one of NodePrivilegeSubject or MethodPrivilegeSubject) * @return boolean * @throws InvalidPrivilegeTypeException */ public function matchesSubject(PrivilegeSubjectInterface $subject) { if ($subject instanceof NodePrivilegeSubject === false && $subject instanceof MethodPrivilegeSubject === false) { throw new InvalidPrivilegeTypeException(sprintf('Privileges of type "TYPO3\\TYPO3CR\\Security\\Authorization\\Privilege\\Node\\AbstractNodePrivilege" only support subjects of type "TYPO3\\TYPO3CR\\Security\\Authorization\\Privilege\\Node\\NodePrivilegeSubject" or "TYPO3\\Flow\\Security\\Method\\MethodPrivilegeSubject", but we got a subject of type: "%s".', get_class($subject)), 1417014368); } $this->initialize(); if ($subject instanceof MethodPrivilegeSubject) { return $this->methodPrivilege->matchesSubject($subject); } $nodeContext = new $this->nodeContextClassName($subject->getNode()); $eelContext = new Context($nodeContext); return $this->eelCompilingEvaluator->evaluate($this->getParsedMatcher(), $eelContext); }
/** * Evaluate an Eel expression * * @param string $expression The Eel expression to evaluate * @param \TYPO3\TypoScript\TypoScriptObjects\AbstractTypoScriptObject $contextObject An optional object for the "this" value inside the context * @return mixed The result of the evaluated Eel expression * @throws \TYPO3\TypoScript\Exception */ protected function evaluateEelExpression($expression, AbstractTypoScriptObject $contextObject = null) { if ($expression[0] !== '$' || $expression[1] !== '{') { // We still assume this is an EEL expression and wrap the markers for backwards compatibility. $expression = '${' . $expression . '}'; } $contextVariables = array_merge($this->getDefaultContextVariables(), $this->getCurrentContext()); if (isset($contextVariables['this'])) { throw new Exception('Context variable "this" not allowed, as it is already reserved for a pointer to the current TypoScript object.', 1344325044); } $contextVariables['this'] = $contextObject; if ($this->eelEvaluator instanceof \TYPO3\Flow\Object\DependencyInjection\DependencyProxy) { $this->eelEvaluator->_activateDependency(); } return EelUtility::evaluateEelExpression($expression, $this->eelEvaluator, $contextVariables); }
/** * Sets the roles for the LDAP account. * Extend this Provider class and implement this method to update the party * * @param Account $account * @param array $ldapSearchResult * @return void */ protected function setRoles(Account $account, array $ldapSearchResult) { if (is_array($this->rolesConfiguration)) { $contextVariables = array('ldapUser' => $ldapSearchResult); if (isset($this->defaultContext) && is_array($this->defaultContext)) { foreach ($this->defaultContext as $contextVariable => $objectName) { $object = $this->objectManager->get($objectName); $contextVariables[$contextVariable] = $object; } } foreach ($this->rolesConfiguration['default'] as $roleIdentifier) { $role = $this->policyService->getRole($roleIdentifier); $account->addRole($role); } $eelContext = new Context($contextVariables); if (isset($this->partyConfiguration['dn'])) { $dn = $this->eelEvaluator->evaluate($this->partyConfiguration['dn'], $eelContext); foreach ($this->rolesConfiguration['userMapping'] as $roleIdentifier => $userDns) { if (in_array($dn, $userDns)) { $role = $this->policyService->getRole($roleIdentifier); $account->addRole($role); } } } elseif (!empty($this->rolesConfiguration['userMapping'])) { $this->logger->log('User mapping found but no party mapping for dn set', LOG_ALERT); } if (isset($this->partyConfiguration['username'])) { $username = $this->eelEvaluator->evaluate($this->partyConfiguration['username'], $eelContext); $groupMembership = $this->directoryService->getGroupMembership($username); foreach ($this->rolesConfiguration['groupMapping'] as $roleIdentifier => $remoteRoleIdentifiers) { foreach ($remoteRoleIdentifiers as $remoteRoleIdentifier) { $role = $this->policyService->getRole($roleIdentifier); if (isset($groupMembership[$remoteRoleIdentifier])) { $account->addRole($role); } } } } elseif (!empty($this->rolesConfiguration['groupMapping'])) { $this->logger->log('Group mapping found but no party mapping for username set', LOG_ALERT); } } }
/** * @test */ public function methodCallToNullValueDoesNotThrowNotAllowedException() { $context = new ProtectedContext(array()); $evaluator = new CompilingEvaluator(); $result = $evaluator->evaluate('unknown.someMethod()', $context); $this->assertEquals(null, $result); }