Esempio n. 1
0
 /**
  * This is the default Policy voter, it votes for the access privilege for the given resource
  *
  * @param \TYPO3\FLOW3\Security\Context $securityContext The current securit context
  * @param string $resource The resource to vote for
  * @return integer One of: VOTE_GRANT, VOTE_ABSTAIN, VOTE_DENY
  */
 public function voteForResource(\TYPO3\FLOW3\Security\Context $securityContext, $resource)
 {
     $accessGrants = 0;
     $accessDenies = 0;
     foreach ($securityContext->getRoles() as $role) {
         try {
             $privilege = $this->policyService->getPrivilegeForResource($role, $resource);
         } catch (\TYPO3\FLOW3\Security\Exception\NoEntryInPolicyException $e) {
             return self::VOTE_ABSTAIN;
         }
         if ($privilege === NULL) {
             continue;
         }
         if ($privilege === \TYPO3\FLOW3\Security\Policy\PolicyService::PRIVILEGE_GRANT) {
             $accessGrants++;
         } elseif ($privilege === \TYPO3\FLOW3\Security\Policy\PolicyService::PRIVILEGE_DENY) {
             $accessDenies++;
         }
     }
     if ($accessDenies > 0) {
         return self::VOTE_DENY;
     }
     if ($accessGrants > 0) {
         return self::VOTE_GRANT;
     }
     return self::VOTE_ABSTAIN;
 }
 /**
  * Checks, if the current policy allows the retrieval of the object fetched by getObjectDataByIdentifier()
  *
  * @FLOW3\Around("within(TYPO3\FLOW3\Persistence\PersistenceManagerInterface) && method(.*->getObjectByIdentifier()) && setting(TYPO3.FLOW3.security.enable)")
  * @param \TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint The current joinpoint
  * @return array The object data of the original object, or NULL if access is not permitted
  */
 public function checkAccessAfterFetchingAnObjectByIdentifier(\TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint)
 {
     $result = $joinPoint->getAdviceChain()->proceed($joinPoint);
     if ($this->securityContext->isInitialized() === FALSE) {
         return $result;
     }
     $authenticatedRoles = $this->securityContext->getRoles();
     if ($result instanceof \Doctrine\ORM\Proxy\Proxy) {
         $entityType = get_parent_class($result);
     } else {
         $entityType = get_class($result);
     }
     if ($this->policyService->hasPolicyEntryForEntityType($entityType, $authenticatedRoles)) {
         if ($this->policyService->isGeneralAccessForEntityTypeGranted($entityType, $authenticatedRoles) === FALSE) {
             return NULL;
         }
         $policyConstraintsDefinition = $this->policyService->getResourcesConstraintsForEntityTypeAndRoles($entityType, $authenticatedRoles);
         if ($this->checkConstraintDefinitionsOnResultObject($policyConstraintsDefinition, $result) === FALSE) {
             return NULL;
         }
     }
     return $result;
 }
 /**
  * Returns the publish path and filename to be used to publish the specified persistent resource
  *
  * @FLOW3\Around("method(TYPO3\FLOW3\Resource\Publishing\FileSystemPublishingTarget->buildPersistentResourcePublishPathAndFilename()) && setting(TYPO3.FLOW3.security.enable)")
  * @param \TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint The current join point
  * @return mixed Result of the target method
  */
 public function rewritePersistentResourcePublishPathAndFilenameForPrivateResources(\TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint)
 {
     $resource = $joinPoint->getMethodArgument('resource');
     $configuration = $resource->getPublishingConfiguration();
     $returnFilename = $joinPoint->getMethodArgument('returnFilename');
     if ($configuration === NULL || $configuration instanceof \TYPO3\FLOW3\Security\Authorization\Resource\SecurityPublishingConfiguration === FALSE) {
         return $joinPoint->getAdviceChain()->proceed($joinPoint);
     }
     $publishingPath = FALSE;
     $allowedRoles = $configuration->getAllowedRoles();
     if (count(array_intersect($allowedRoles, $this->securityContext->getRoles())) > 0) {
         $publishingPath = \TYPO3\FLOW3\Utility\Files::concatenatePaths(array($joinPoint->getProxy()->getResourcesPublishingPath(), 'Persistent/', $this->session->getID())) . '/';
         $filename = $resource->getResourcePointer()->getHash() . '.' . $resource->getFileExtension();
         \TYPO3\FLOW3\Utility\Files::createDirectoryRecursively($publishingPath);
         $this->accessRestrictionPublisher->publishAccessRestrictionsForPath($publishingPath);
         if ($this->settings['resource']['publishing']['fileSystem']['mirrorMode'] === 'link') {
             foreach ($allowedRoles as $role) {
                 $roleDirectory = \TYPO3\FLOW3\Utility\Files::concatenatePaths(array($this->environment->getPathToTemporaryDirectory(), 'PrivateResourcePublishing/', $role));
                 \TYPO3\FLOW3\Utility\Files::createDirectoryRecursively($roleDirectory);
                 if (file_exists($publishingPath . $role)) {
                     if (\TYPO3\FLOW3\Utility\Files::is_link(\TYPO3\FLOW3\Utility\Files::concatenatePaths(array($publishingPath, $role))) && realpath(\TYPO3\FLOW3\Utility\Files::concatenatePaths(array($publishingPath, $role))) === $roleDirectory) {
                         continue;
                     }
                     unlink($publishingPath . $role);
                     symlink($roleDirectory, \TYPO3\FLOW3\Utility\Files::concatenatePaths(array($publishingPath, $role)));
                 } else {
                     symlink($roleDirectory, \TYPO3\FLOW3\Utility\Files::concatenatePaths(array($publishingPath, $role)));
                 }
             }
             $publishingPath = \TYPO3\FLOW3\Utility\Files::concatenatePaths(array($publishingPath, $allowedRoles[0])) . '/';
         }
         if ($returnFilename === TRUE) {
             $publishingPath = \TYPO3\FLOW3\Utility\Files::concatenatePaths(array($publishingPath, $filename));
         }
     }
     return $publishingPath;
 }