/** * Pre-processing of the whole TCEform * * @param string $table * @param array $row * @param \TYPO3\CMS\Backend\Form\FormEngine $parentObject * @todo this hook won't work, do we need it? */ public function getMainFields_preProcess($table, $row, $parentObject) { if ($table !== 'tx_news_domain_model_news') { return; } if (!AccessControlService::userHasCategoryPermissionsForRecord($row)) { if (method_exists($parentObject, 'setRenderReadonly')) { $parentObject->setRenderReadonly(true); } else { $parentObject->renderReadonly = true; } $flashMessageContent = $GLOBALS['LANG']->sL(self::LLPATH . 'record.savingdisabled.content', true); $flashMessageContent .= '<ul>'; $accessDeniedCategories = AccessControlService::getAccessDeniedCategories($row); foreach ($accessDeniedCategories as $accessDeniedCategory) { $flashMessageContent .= '<li>' . htmlspecialchars($accessDeniedCategory['title']) . ' [' . $accessDeniedCategory['uid'] . ']</li>'; } $flashMessageContent .= '</ul>'; /** @var FlashMessage $flashMessage */ $flashMessage = GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Messaging\\FlashMessage', $flashMessageContent, $GLOBALS['LANG']->sL(self::LLPATH . 'record.savingdisabled.header', true), FlashMessage::WARNING); /** @var FlashMessageService $flashMessageService */ $flashMessageService = GeneralUtility::makeInstance(FlashMessageService::class); /** @var $defaultFlashMessageQueue \TYPO3\CMS\Core\Messaging\FlashMessageQueue */ $defaultFlashMessageQueue = $flashMessageService->getMessageQueueByIdentifier(); $defaultFlashMessageQueue->enqueue($flashMessage); } }
/** * Prevent saving of a news record if the editor doesn't have access to all categories of the news record * * @param array $fieldArray * @param string $table * @param int $id * @param $parentObject \TYPO3\CMS\Core\DataHandling\DataHandler */ public function processDatamap_preProcessFieldArray(&$fieldArray, $table, $id, $parentObject) { if ($table === 'tx_news_domain_model_news') { // check permissions of assigned categories if (is_int($id) && !$this->getBackendUser()->isAdmin()) { $newsRecord = BackendUtilityCore::getRecord($table, $id); if (!AccessControlService::userHasCategoryPermissionsForRecord($newsRecord)) { $parentObject->log($table, $id, 2, 0, 1, "processDatamap: Attempt to modify a record from table '%s' without permission. Reason: the record has one or more categories assigned that are not defined in your BE usergroup.", 1, [$table]); // unset fieldArray to prevent saving of the record $fieldArray = []; } else { // If the category relation has been modified, no | is found anymore if (strpos($fieldArray['categories'], '|') === false) { $deniedCategories = AccessControlService::getAccessDeniedCategories($newsRecord); if (is_array($deniedCategories)) { foreach ($deniedCategories as $deniedCategory) { $fieldArray['categories'] .= ',' . $deniedCategory['uid']; } // Check if the categories are not empty, if (!empty($fieldArray['categories'])) { $fieldArray['categories'] = trim($fieldArray['categories'], ','); } } } } } } }