/**
* Log a message if a post is deleted
*
* @param \TYPO3\Flow\Aop\JoinPointInterface $joinPoint
* @Flow\Around("method(TYPO3\Neos\View\TypoScriptView->render())")
* @return void
*/
public function replacePlaceholdersIfNecessary(\TYPO3\Flow\Aop\JoinPointInterface $joinPoint)
{
$result = $joinPoint->getAdviceChain()->proceed($joinPoint);
/* @var $typoScriptView TypoScriptView */
$typoScriptView = $joinPoint->getProxy();
$viewVariables = ObjectAccess::getProperty($typoScriptView, 'variables', TRUE);
if (!isset($viewVariables['value']) || !$viewVariables['value']->getNodeType()->isOfType('Sandstorm.Newsletter:Newsletter')) {
// No newsletter, so logic does not apply
return $result;
}
/* @var $httpRequest Request */
$httpRequest = $this->controllerContext->getRequest()->getHttpRequest();
$arguments = $httpRequest->getUri()->getArguments();
if (!isset($arguments['hmac'])) {
if ($this->securityContext->isInitialized() && $this->securityContext->hasRole('TYPO3.Neos:Editor')) {
// Logged into backend, so we don't need to do anything.
return $result;
} else {
// No HMAC sent -- so we return the email INCLUDING placeholders (as per customer's request)
return $result;
//return '<h1>Error: HMAC not included in the link.</h1>';
}
}
$actualHmac = $arguments['hmac'];
$uriWithoutHmac = str_replace('&hmac=' . $actualHmac, '', (string) $httpRequest->getUri());
$expectedHmac = hash_hmac('sha1', urldecode($uriWithoutHmac), $this->hmacUrlSecret);
if ($expectedHmac !== $actualHmac) {
return '<h1>Error: Wrong link clicked.</h1>Please contact your administrator for help';
}
$result = preg_replace_callback(ReplacePlaceholdersInLiveImplementation::PLACEHOLDER_REGEX, function ($element) use($arguments) {
return ObjectAccess::getPropertyPath($arguments, $element[1]);
}, $result);
return $result;
}
/**
* Returns TRUE, if at least one of the currently authenticated accounts holds
* a role with the given identifier, also recursively.
*
* @param string $roleIdentifier The string representation of the role to search for
* @return boolean TRUE, if a role with the given string representation was found
*/
public function hasRole($roleIdentifier)
{
if ($roleIdentifier === 'TYPO3.Flow:Everybody') {
return true;
}
if ($this->securityContext->canBeInitialized()) {
return $this->securityContext->hasRole($roleIdentifier);
}
return false;
}
/**
* @param Participant $participant
*/
public function updateAction(Participant $participant)
{
$participantEntity = $participant->getPayload();
if ($participantEntity->getAccount() !== NULL && $participantEntity->getAccount() !== $this->securityContext->getAccount() && !$this->securityContext->hasRole('T3DD.Backend:Administrator')) {
$this->response->setStatus(403);
return;
}
if (!$participantEntity->isCompleted()) {
$participantEntity->setCompleted(TRUE);
$participantEntity->setAccount($this->securityContext->getAccount());
}
$this->participantRepository->update($participantEntity);
$this->view->assign('value', $participant);
}
/**
* renders <f:then> child if the role could be found in the security context,
* otherwise renders <f:else> child.
*
* @param string $role The role
* @param string $packageKey PackageKey of the package defining the role
* @return string the rendered string
* @api
*/
public function render($role, $packageKey = NULL)
{
if ($role !== 'Everybody' && $role !== 'Anonymous' && $role !== 'AuthenticatedUser' && strpos($role, '.') === FALSE && strpos($role, ':') === FALSE) {
if ($packageKey === NULL) {
$request = $this->controllerContext->getRequest();
$role = $request->getControllerPackageKey() . ':' . $role;
} else {
$role = $packageKey . ':' . $role;
}
}
if ($this->securityContext->hasRole($role)) {
return $this->renderThenChild();
} else {
return $this->renderElseChild();
}
}
/**
* renders <f:then> child if the role could be found in the security context,
* otherwise renders <f:else> child.
*
* @param string $role The role or role identifier
* @param string $packageKey PackageKey of the package defining the role
* @param Account $account If specified, this subject of this check is the given Account instead of the currently authenticated account
* @return string the rendered string
* @api
*/
public function render($role, $packageKey = null, Account $account = null)
{
if (is_string($role)) {
$roleIdentifier = $role;
if (in_array($roleIdentifier, array('Everybody', 'Anonymous', 'AuthenticatedUser'))) {
$roleIdentifier = 'TYPO3.Flow:' . $roleIdentifier;
}
if (strpos($roleIdentifier, '.') === false && strpos($roleIdentifier, ':') === false) {
if ($packageKey === null) {
$request = $this->controllerContext->getRequest();
$roleIdentifier = $request->getControllerPackageKey() . ':' . $roleIdentifier;
} else {
$roleIdentifier = $packageKey . ':' . $roleIdentifier;
}
}
$role = $this->policyService->getRole($roleIdentifier);
}
if ($account instanceof Account) {
$hasRole = $account->hasRole($role);
} else {
$hasRole = $this->securityContext->hasRole($role->getIdentifier());
}
if ($hasRole) {
return $this->renderThenChild();
} else {
return $this->renderElseChild();
}
}
/**
* @param \T3DD\Backend\Domain\Model\Registration\Registration $registration
*/
public function deleteAction(\T3DD\Backend\Domain\Model\Registration\Registration $registration)
{
if (!$this->securityContext->hasRole('T3DD.Backend:Administrator') && (!$registration->getSecondsToExpiration() || $registration->getAccount() !== $this->securityContext->getAccount())) {
$this->response->setStatus(403);
return;
}
$this->registrationRepository->remove($registration);
$this->view->assign('value', NULL);
}
/**
* @return boolean
*/
protected function shouldIncludeSecurityContext()
{
if (!isset($this->options['whitelistRoles'])) {
return TRUE;
}
foreach ($this->options['whitelistRoles'] as $roleIdentifier) {
if ($this->securityContext->hasRole($roleIdentifier)) {
return FALSE;
}
}
return TRUE;
}
/**
* @param Session $session
*/
public function deleteAction(Session $session)
{
if ($session->getAccount() !== $this->securityContext->getAccount() && !$this->securityContext->hasRole('T3DD.Backend:Administrator')) {
$this->response->setStatus(403);
return;
}
foreach ($this->voteRepository->findBySession($session) as $vote) {
$this->voteRepository->remove($vote);
}
$this->sessionRepository->remove($session);
// TODO Fix redirect
$this->redirect('index');
}
/**
* @param NodeInterface $referenceNode
* @param string $action
* @throws AccessDeniedException
*/
protected function checkNodeEditAccess(NodeInterface $referenceNode, $action = 'remove')
{
$nodeType = $referenceNode->getNodeType()->getName();
if ($this->securityContext->hasRole('SimplyAdmire.Cap.Api:Editor')) {
return;
}
if ($nodeType === 'SimplyAdmire.Cap.PersonBundle:Person') {
$identifier = $referenceNode->getIdentifier();
if ($identifier === $this->getActiveProfile()->getIdentifier()) {
return;
}
}
$author = $referenceNode->getProperty('author');
if ($author instanceof NodeInterface) {
$identifier = $referenceNode->getProperty('author')->getIdentifier();
if ($identifier === $this->getActiveProfile()->getIdentifier()) {
return;
}
}
throw new AccessDeniedException('You do not have access to ' . $action . ' this node');
}
/**
* Get the news list by selection
*
* @param \Lelesys\Plugin\News\Domain\Model\Category $category The category
* @param \Lelesys\Plugin\News\Domain\Model\Folder $folder The folder
* @return \TYPO3\Flow\Persistence\QueryResultInterface The query result
*/
public function getNewsAdmin(\Lelesys\Plugin\News\Domain\Model\Category $category = NULL, \Lelesys\Plugin\News\Domain\Model\Folder $folder = NULL)
{
$query = $this->createQuery();
$queryBuilder = ObjectAccess::getProperty($query, 'queryBuilder', TRUE);
$constraints = array();
$user = '';
if ($this->securityContext->hasRole('Lelesys.Plugin.News:NewsAdmin')) {
if (!empty($folder)) {
$constraints[] = 'n.folder = ' . "'" . $folder->getUuid() . "'";
}
} else {
$party = $this->securityContext->getParty();
$user = $this->persistenceManager->getIdentifierByObject($party);
$constraints[] = 'n.createdBy = ' . "'" . $user . "'";
}
if (!empty($category)) {
$constraints[] = 'c.Persistence_Object_Identifier IN (' . "'" . $category->getUuid() . "'" . ')';
}
$newsConstraints = '';
$count = count($constraints);
$newCount = 1;
foreach ($constraints as $contraint) {
if ($count > $newCount) {
$newsConstraints .= $contraint . ' AND ';
} else {
$newsConstraints .= $contraint;
}
$newCount++;
}
$queryBuilder->resetDQLParts()->select('n')->from('Lelesys\\Plugin\\News\\Domain\\Model\\News', 'n');
if (!empty($category)) {
$queryBuilder->leftjoin('n.categories', 'c');
}
if (!empty($category) || !empty($folder) || $user !== '') {
$queryBuilder->where($newsConstraints);
}
$queryBuilder->orderBy('n.dateTime', 'DESC');
return $query->execute();
}
/**
* Tells if this node may be accessed according to the current security context.
*
* @return boolean
*/
public function isAccessible()
{
if ($this->hasAccessRestrictions() === false) {
return true;
}
if ($this->securityContext->canBeInitialized() === false) {
return true;
}
foreach ($this->accessRoles as $roleName) {
if ($this->securityContext->hasRole($roleName)) {
return true;
}
}
return false;
}
/**
* Initializes the view with common variables.
*
* @param \TYPO3\Flow\Mvc\View\ViewInterface $view
* @return void
*/
protected function initializeView(\TYPO3\Flow\Mvc\View\ViewInterface $view)
{
// We don't need to do all this for json responses.
if ($this->request->hasArgument('json')) {
return;
}
// Are user an Editor?
$isEditor = 0;
if ($this->securityContext->hasRole('_OurBrand_.Business:worker')) {
$isEditor = 1;
}
// Are user an Admin?
$isAdmin = 0;
if ($this->currentUser->isAdministrator()) {
$isAdmin = 1;
}
$inDev = 0;
if (strstr($_SERVER['HTTP_HOST'], '.local')) {
$inDev = 1;
}
// Get file stamp
$fileStamp = time();
if ($this->environment->getContext() == 'Production' && file_exists(FLOW_PATH_ROOT . 'Data/Temporary/Production/Configuration/ProductionConfigurations.php')) {
$fileStamp = @filemtime(FLOW_PATH_ROOT . 'Data/Temporary/Production/Configuration/ProductionConfigurations.php');
}
// Exercise categories
$exerciseCategoryRepository = new \_OurBrand_\Quiz\Domain\Repository\ExerciseCategoryRepository();
$exerciseCategories = $exerciseCategoryRepository->findAll();
$subjectRepository = new \_OurBrand_\Quiz\Domain\Repository\SubjectRepository();
$this->view->assign('archiveUri', $this->getArchiveUri());
$this->view->assign('UIPath', $this->settings['UIPath']);
$this->view->assign('isEditor', $isEditor);
$this->view->assign('isAdmin', $isAdmin);
$this->view->assign('inDev', $inDev);
$this->view->assign('logintime', $fileStamp);
// When was system updated?
$this->view->assign('exerciseCategories', $exerciseCategories);
$this->view->assign('user', $this->currentUser);
if ($this->request->hasArgument('exercise') || $this->request->hasArgument('currentExercise')) {
$exercise = $this->getExerciseFromArgument();
if (is_a($exercise, '\\_OurBrand_\\Quiz\\Domain\\Model\\Exercise')) {
// Set type
$objectName = explode('\\', get_class($exercise));
$exerciseType = $this->exerciseTypeRepository->findOneByObjectName(array_pop($objectName));
$exercise->setType($exerciseType);
$durations = $this->getDurationsForExercise($this->settings['exercise']['durations']);
$this->view->assign('editExerciseDurations', $durations);
$this->view->assign('editExerciseCategories', $this->getExerciseCategories($exercise));
$this->view->assign('editExerciseDifficulties', $this->getDifficultiesForExercise());
$this->view->assign('previewExerciseDuration', $this->getExerciseDurationLabel($exercise));
$this->view->assign('previewExerciseSkill', $this->getExerciseSkillLabel($exercise));
$this->view->assign('previewExerciseDifficulty', $this->getExerciseDifficultyLabel($exercise));
$this->view->assign('previewExerciseIsHintSet', $exercise->getHint() != '' ? 1 : 0);
$this->view->assign('previewExerciseIsExplanationSet', $exercise->getExplanation() != '' ? 1 : 0);
$this->view->assign('subjectOptions', $subjectRepository->findAll());
$this->view->assign('subjectPlaceholder', $this->translateById('quiz.placeholder.subject'));
}
$quiz = $exercise->getQuiz();
} else {
if ($this->request->hasArgument('quiz')) {
$quiz = $this->getQuizFromArgument();
}
}
// Get/Set duration.
$duration = 0;
if (isset($quiz) && is_a($quiz, '\\_OurBrand_\\Quiz\\Domain\\Model\\Quiz')) {
$duration = $quiz->getDuration();
}
$this->view->assign('duration', gmdate("H:i", $duration));
}
/**
* Checks if the current user may publish to the given workspace according to one the roles of the user's accounts
*
* In future versions, this logic may be implemented in Neos in a more generic way (for example, by means of an
* ACL object), but for now, this method exists in order to at least centralize and encapsulate the required logic.
*
* @param Workspace $workspace The workspace
* @return boolean
*/
public function currentUserCanPublishToWorkspace(Workspace $workspace)
{
if ($workspace->getName() === 'live') {
return $this->securityContext->hasRole('TYPO3.Neos:LivePublisher');
}
if ($workspace->getOwner() === $this->getCurrentUser() || $workspace->getOwner() === null) {
return true;
}
return false;
}
/**
* Tells if this node may be accessed according to the current security context.
*
* @return boolean
*/
public function isAccessible()
{
// TODO: if security context can not be initialized (because too early), we return TRUE.
if ($this->hasAccessRestrictions() === FALSE) {
return TRUE;
}
foreach ($this->accessRoles as $roleName) {
if ($this->securityContext->hasRole($roleName)) {
return TRUE;
}
}
return FALSE;
}
