/**
  * @return User
  */
 public function getBackendUser()
 {
     if ($this->securityContext->canBeInitialized() === TRUE) {
         return $this->securityContext->getPartyByType('TYPO3\\Neos\\Domain\\Model\\User');
     }
     return NULL;
 }
 /**
  * Get the account of the first authenticated token.
  *
  * @return \TYPO3\Flow\Security\Account|NULL
  */
 public function getAccount()
 {
     if ($this->securityContext->canBeInitialized()) {
         return $this->securityContext->getAccount();
     }
     return NULL;
 }
 /**
  * Initializes the controller before invoking an action method.
  *
  */
 public function initializeAction()
 {
     if ($this->securityContext->canBeInitialized()) {
         $account = $this->securityContext->getAccount();
         $this->bearbeiterObj = $this->bearbeiterRepository->findOneByAccount($account);
     }
     $this->cacheInterface = $this->cacheManager->getCache('GermaniaSacra_GermaniaCache');
 }
 /**
  * Try to set the current account identifier emitting the events, if possible
  *
  * @return void
  */
 protected function initializeAccountIdentifier()
 {
     if ($this->securityContext->canBeInitialized()) {
         $account = $this->securityContext->getAccount();
         if ($account !== NULL) {
             $this->eventEmittingService->setCurrentAccountIdentifier($account->getAccountIdentifier());
         }
     }
 }
 /**
  * Returns TRUE, if at least one of the currently authenticated accounts holds
  * a role with the given identifier, also recursively.
  *
  * @param string $roleIdentifier The string representation of the role to search for
  * @return boolean TRUE, if a role with the given string representation was found
  */
 public function hasRole($roleIdentifier)
 {
     if ($roleIdentifier === 'TYPO3.Flow:Everybody') {
         return true;
     }
     if ($this->securityContext->canBeInitialized()) {
         return $this->securityContext->hasRole($roleIdentifier);
     }
     return false;
 }
 /**
  * Gets the SQL query part to add to a query.
  *
  * @param ClassMetaData $targetEntity Metadata object for the target entity to be filtered
  * @param string $targetTableAlias The target table alias used in the current query
  * @return string The constraint SQL if there is available, empty string otherwise
  */
 public function addFilterConstraint(ClassMetadata $targetEntity, $targetTableAlias)
 {
     $this->initializeDependencies();
     /*
      * TODO: Instead of checking for class account we could introduce some interface for white listing entities from entity security checks
      * Problem with checking the Account is, that this filter calls getRoles() on the security context while accounts are not
      * yet fully initialized. By this we get a half built account object that will end up in access denied exception,
      * as it has no roles (and other properties) set
      */
     if ($this->securityContext->areAuthorizationChecksDisabled() || $targetEntity->getName() === \TYPO3\Flow\Security\Account::class) {
         return '';
     }
     if (!$this->securityContext->isInitialized()) {
         if (!$this->securityContext->canBeInitialized()) {
             return '';
         }
         $this->securityContext->initialize();
     }
     // This is needed to include the current context of roles into query cache identifier
     $this->setParameter('__contextHash', $this->securityContext->getContextHash(), 'string');
     $sqlConstraints = array();
     $grantedConstraints = array();
     $deniedConstraints = array();
     foreach ($this->securityContext->getRoles() as $role) {
         $entityPrivileges = $role->getPrivilegesByType(\TYPO3\Flow\Security\Authorization\Privilege\Entity\EntityPrivilegeInterface::class);
         /** @var EntityPrivilegeInterface $privilege */
         foreach ($entityPrivileges as $privilege) {
             if (!$privilege->matchesEntityType($targetEntity->getName())) {
                 continue;
             }
             $sqlConstraint = $privilege->getSqlConstraint($targetEntity, $targetTableAlias);
             if ($sqlConstraint === null) {
                 continue;
             }
             $sqlConstraints[] = ' NOT (' . $sqlConstraint . ')';
             if ($privilege->isGranted()) {
                 $grantedConstraints[] = ' NOT (' . $sqlConstraint . ')';
             } elseif ($privilege->isDenied()) {
                 $deniedConstraints[] = ' NOT (' . $sqlConstraint . ')';
             }
         }
     }
     $grantedConstraints = array_diff($grantedConstraints, $deniedConstraints);
     $effectiveConstraints = array_diff($sqlConstraints, $grantedConstraints);
     if (count($effectiveConstraints) > 0) {
         return ' (' . implode(') AND (', $effectiveConstraints) . ') ';
     }
     return '';
 }
 /**
  * Creats a file to be checked be cronjob before exporting the data
  */
 public function dataexportAction()
 {
     $dumpDirectory = $this->dataImport->dumpDirectory;
     $executeDumpExportFile = $dumpDirectory . self::executeExportDump;
     if (!file_exists($executeDumpExportFile) && ($fileHandle = fopen($executeDumpExportFile, "w"))) {
         $txt = '';
         if ($this->securityContext->canBeInitialized()) {
             if ($account = $this->securityContext->getAccount()) {
                 $jobOwner = $this->bearbeiterRepository->findOneByAccount($account);
                 $txt = 'Dieser Export wurde angelegt von ' . $jobOwner;
             }
         }
         fwrite($fileHandle, $txt);
         fclose($fileHandle);
         $currentTimeMinutes = date('i');
         $minutesFraction = substr($currentTimeMinutes, 1, 1);
         $nextImportDumpExecution = 10 - $minutesFraction;
         echo 'Die nächste Veröffentlichung wird in ' . $nextImportDumpExecution . ' Minuten durchgeführt.' . '<br>';
         echo 'Sie dauert ca. 5 Minuten.' . '<br>';
     } elseif (file_exists($executeDumpExportFile)) {
         echo "Die Veröffentlichung ist bereits vorgemerkt.";
     } else {
         echo "Der Veröffentlichung-Job konnte leider nicht angelegt werden.";
     }
     exit;
 }
 /**
  * Checks, if the current policy allows the retrieval of the object fetched by getObjectDataByIdentifier()
  *
  * @Flow\Around("within(TYPO3\Flow\Persistence\PersistenceManagerInterface) && method(.*->getObjectByIdentifier()) && setting(TYPO3.Flow.security.enable)")
  * @param \TYPO3\Flow\Aop\JoinPointInterface $joinPoint The current joinpoint
  * @return array The object data of the original object, or NULL if access is not permitted
  */
 public function checkAccessAfterFetchingAnObjectByIdentifier(JoinPointInterface $joinPoint)
 {
     $result = $joinPoint->getAdviceChain()->proceed($joinPoint);
     if ($this->securityContext->areAuthorizationChecksDisabled() === TRUE || $this->policyService->hasPolicyEntriesForEntities() === FALSE) {
         return $result;
     }
     if ($this->securityContext->isInitialized() === FALSE) {
         if ($this->securityContext->canBeInitialized() === TRUE) {
             $this->securityContext->initialize();
         } else {
             return $result;
         }
     }
     $authenticatedRoles = $this->securityContext->getRoles();
     $entityType = $this->reflectionService->getClassNameByObject($result);
     if ($this->policyService->hasPolicyEntryForEntityType($entityType, $authenticatedRoles)) {
         if ($this->policyService->isGeneralAccessForEntityTypeGranted($entityType, $authenticatedRoles) === FALSE) {
             return NULL;
         }
         $policyConstraintsDefinition = $this->policyService->getResourcesConstraintsForEntityTypeAndRoles($entityType, $authenticatedRoles);
         if ($this->checkConstraintDefinitionsOnResultObject($policyConstraintsDefinition, $result) === FALSE) {
             return NULL;
         }
     }
     return $result;
 }
 /**
  * Returns the processed Configuration
  *
  * @param \TYPO3\TYPO3CR\Domain\Model\NodeType $nodeType (uninitialized) The node type to process
  * @param array $configuration input configuration
  * @param array $options The processor options
  * @return void
  */
 public function process(NodeType $nodeType, array &$configuration, array $options)
 {
     if ($this->securityContext->canBeInitialized()) {
         /* Check if user is logged in */
         if ($this->securityContext->getAccount()) {
             $admin = false;
             $role = $this->policyService->getRole('TYPO3.Neos:Administrator');
             if ($role && $this->securityContext->getAccount()->hasRole($role)) {
                 $admin = true;
             }
             if (!$admin) {
                 //                foreach ($configuration['properties']['departmentName']['ui']['inspector']['editorOptions']['values'] as $key => $val) {
                 //                    $configuration['properties']['departmentName']['ui']['inspector']['editorOptions']['values'][$key]['disabled'] = TRUE;
                 //                }
                 //                    if ($nodeType->getName() == 'TYPO3.Neos.NodeTypes:Page') {
                 //                        $configuration['constraints']['nodeTypes']['TYPO3.Neos.NodeTypes:Page'] = FALSE;
                 //                    }
                 unset($configuration['properties']['departmentName']);
             }
         }
     }
 }
 /**
  * Render user initials or an abbreviated name for a given username. If the account was deleted, use the username as fallback.
  *
  * @param string $format Supported are "fullFirstName" and "initials"
  * @return string
  */
 public function render($format = 'initials')
 {
     if (!in_array($format, array('fullFirstName', 'initials', 'fullName'))) {
         throw new \InvalidArgumentException(sprintf('Format "%s" given to history:userInitials(), only supporting "fullFirstName", "initials" and "fullName".', $format), 1415705861);
     }
     $accountIdentifier = $this->renderChildren();
     // TODO: search by credential source is still needed
     /* @var $account \TYPO3\Flow\Security\Account */
     $account = $this->accountRepository->findOneByAccountIdentifier($accountIdentifier);
     if ($account === null) {
         return $accountIdentifier;
     }
     /* @var $requestedUser Person */
     $requestedUser = $account->getParty();
     if ($requestedUser === null || $requestedUser->getName() === null) {
         return $accountIdentifier;
     }
     if ($this->securityContext->canBeInitialized()) {
         if ($this->securityContext->getAccount()) {
             /** @var User $currentUser */
             $currentUser = $this->securityContext->getAccount()->getParty();
             if ($currentUser === $requestedUser) {
                 $languageIdentifier = $currentUser->getPreferences()->get('interfaceLanguage') ? $currentUser->getPreferences()->get('interfaceLanguage') : $this->defaultLanguageIdentifier;
                 $you = $translation = $this->translator->translateById('you', array(), 1, new Locale($languageIdentifier), 'Main', 'TYPO3.Neos');
             }
         }
     }
     switch ($format) {
         case 'initials':
             return mb_substr($requestedUser->getName()->getFirstName(), 0, 1) . mb_substr($requestedUser->getName()->getLastName(), 0, 1);
         case 'fullFirstName':
             return isset($you) ? $you : $requestedUser->getName()->getFirstName() . ' ' . mb_substr($requestedUser->getName()->getLastName(), 0, 1) . '.';
         case 'fullName':
             return isset($you) ? $you : $requestedUser->getName()->getFullName();
     }
 }
 /**
  * Tells if this node may be accessed according to the current security context.
  *
  * @return boolean
  */
 public function isAccessible()
 {
     if ($this->hasAccessRestrictions() === false) {
         return true;
     }
     if ($this->securityContext->canBeInitialized() === false) {
         return true;
     }
     foreach ($this->accessRoles as $roleName) {
         if ($this->securityContext->hasRole($roleName)) {
             return true;
         }
     }
     return false;
 }
 /**
  * Creats a file to be checked be cronjob before importing the data
  */
 public function dataimportAction()
 {
     $executeDumpImportFile = $this->dumpDirectory . self::executeImportDump;
     if (!file_exists($executeDumpImportFile) && ($fileHandle = fopen($executeDumpImportFile, "w"))) {
         $txt = '';
         if ($this->securityContext->canBeInitialized()) {
             if ($account = $this->securityContext->getAccount()) {
                 $jobOwner = $this->bearbeiterRepository->findOneByAccount($account);
                 $txt = 'Dieser Import wurde angelegt von ' . $jobOwner;
             }
         }
         fwrite($fileHandle, $txt);
         fclose($fileHandle);
         $currentTimeMinutes = date('i');
         $nextImportDumpExecution = 60 - $currentTimeMinutes;
         echo 'Der nächste Import wird in ' . $nextImportDumpExecution . ' Minuten durchgeführt.' . '<br>';
         echo 'Er dauert ca. 1 Stunde.' . '<br>';
     } elseif (file_exists($executeDumpImportFile)) {
         echo "Der Import ist bereits vorgemerkt.";
     } else {
         echo "Der Import-Job konnte leider nicht angelegt werden.";
     }
     exit;
 }
 /**
  * Returns the currently logged in user, if any
  *
  * @return User The currently logged in user, or null
  * @api
  */
 public function getCurrentUser()
 {
     if ($this->securityContext->canBeInitialized() === true) {
         $account = $this->securityContext->getAccount();
         if ($account !== null) {
             return $this->getUser($account->getAccountIdentifier());
         }
     }
     return null;
 }