/** * The slot for the signal in DatabaseTreeDataProvider. * * @param DatabaseTreeDataProvider $dataProvider * @param TreeNode $treeData * @return void */ public function addUserPermissionsToCategoryTreeData(DatabaseTreeDataProvider $dataProvider, $treeData) { if (!$this->backendUserAuthentication->isAdmin() && $dataProvider->getTableName() === $this->categoryTableName) { // Get User permissions related to category $categoryMountPoints = $this->backendUserAuthentication->getCategoryMountPoints(); // Backup child nodes to be processed. $treeNodeCollection = $treeData->getChildNodes(); if (!empty($categoryMountPoints) && !empty($treeNodeCollection)) { // First, remove all child nodes which must be analysed to be considered as "secure". // The nodes were backed up in variable $treeNodeCollection beforehand. $treeData->removeChildNodes(); // Create an empty tree node collection to receive the secured nodes. /** @var TreeNodeCollection $securedTreeNodeCollection */ $securedTreeNodeCollection = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Backend\\Tree\\TreeNodeCollection'); foreach ($categoryMountPoints as $categoryMountPoint) { $treeNode = $this->lookUpCategoryMountPointInTreeNodes((int) $categoryMountPoint, $treeNodeCollection); if (!is_null($treeNode)) { $securedTreeNodeCollection->append($treeNode); } } // Reset child nodes. $treeData->setChildNodes($securedTreeNodeCollection); } } }
/** * The slot for the signal in ResourceFactory where storage objects are created * * @param ResourceFactory $resourceFactory * @param ResourceStorage $storage * @return void */ public function addUserPermissionsToStorage(ResourceFactory $resourceFactory, ResourceStorage $storage) { if (!$this->backendUserAuthentication->isAdmin()) { $storage->setEvaluatePermissions(true); if ($storage->getUid() > 0) { $storage->setUserPermissions($this->backendUserAuthentication->getFilePermissionsForStorage($storage)); } else { $storage->setEvaluatePermissions(false); } $this->addFileMountsToStorage($storage); } }
/** * Returns TRUE if the internal BE_USER has access to the module $name with $MCONF (based on security level set for that module) * * @param string $name Module name * @param array $MCONF MCONF array (module configuration array) from the modules conf.php file (contains settings about what access level the module has) * @return boolean TRUE if access is granted for $this->BE_USER * @todo Define visibility */ public function checkModAccess($name, $MCONF) { if ($MCONF['access']) { $access = strtolower($MCONF['access']); // Checking if admin-access is required // If admin-permissions is required then return TRUE if user is admin if (strstr($access, 'admin')) { if ($this->BE_USER->isAdmin()) { return TRUE; } } // This will add modules to the select-lists of user and groups if (strstr($access, 'user')) { $this->modListUser[] = $name; } if (strstr($access, 'group')) { $this->modListGroup[] = $name; } // This checks if a user is permitted to access the module if ($this->BE_USER->isAdmin() || $this->BE_USER->check('modules', $name)) { return TRUE; } } else { return TRUE; } }
/** * Returns a comma-separeted list of mounts. * * @return string item1, item2, ..., itemN */ protected function getMounts() { $mounts = ''; // Set mount to 0 if the User is a admin if (!$this->byGroup && $this->user->isAdmin()) { $mounts = '0'; } else { $database = $this->getDatabaseConnection(); // Read usermounts - if none are set, mounts are set to NULL if (!$this->byGroup) { $result = $database->exec_SELECTquery($this->field . ',' . $this->usergroupField, $this->table, 'uid = ' . $this->user_uid, $this->where); $row = $database->sql_fetch_assoc($result); $mounts = $row[$this->field]; // Read Usergroup mounts $groups = \TYPO3\CMS\Core\Utility\GeneralUtility::uniqueList($row[$this->usergroupField]); } else { $groups = $this->group; } if (trim($groups)) { $result = $database->exec_SELECTquery($this->field, $this->grouptable, 'uid IN (' . $groups . ')'); // Walk the groups and add the mounts while ($row = $database->sql_fetch_assoc($result)) { $mounts .= ',' . $row[$this->field]; } // Make nicely formated list $mounts = \TYPO3\CMS\Core\Utility\GeneralUtility::uniqueList($mounts); } } return $mounts; }
/** * @test */ public function addDataThrowsExceptionForNewRecordsOnRootLevelWithoutAdminPermissions() { $input = ['tableName' => 'pages', 'command' => 'new', 'vanillaUid' => 123, 'parentPageRow' => null]; $this->beUserProphecy->isAdmin()->willReturn(false); $this->beUserProphecy->check('tables_modify', $input['tableName'])->willReturn(true); $this->setExpectedException(\RuntimeException::class, $this->anything(), 1437745221); $this->subject->addData($input); }
/** * @test */ public function addDataSetsValuesAndStructureForSectionContainerElements() { $input = ['tableName' => 'aTable', 'databaseRow' => ['aField' => ['data' => ['sDEF' => ['lDEF' => ['section_1' => ['el' => ['1' => ['container_1' => ['el' => []]], '2' => ['container_1' => ['el' => ['aFlexField' => ['vDEF' => 'dbValue']]]]]]], 'lEN' => ['section_1' => ['el' => ['1' => ['container_1' => []]]]]]], 'meta' => []]], 'processedTca' => ['columns' => ['aField' => ['config' => ['type' => 'flex', 'ds' => ['sheets' => ['sDEF' => ['ROOT' => ['type' => 'array', 'el' => ['section_1' => ['section' => '1', 'type' => 'array', 'el' => ['container_1' => ['type' => 'array', 'el' => ['aFlexField' => ['label' => 'aFlexFieldLabel', 'config' => ['type' => 'input', 'default' => 'defaultValue']]]]]]]]]]]]]]], 'pageTsConfig' => []]; $GLOBALS['TYPO3_CONF_VARS']['SYS']['formEngine']['formDataGroup']['flexFormSegment'] = [\TYPO3\CMS\Backend\Form\FormDataProvider\DatabaseRowDefaultValues::class => []]; /** @var LanguageService|ObjectProphecy $languageService */ $languageService = $this->prophesize(LanguageService::class); $GLOBALS['LANG'] = $languageService->reveal(); $languageService->sL(Argument::cetera())->willReturnArgument(0); $this->backendUserProphecy->isAdmin()->willReturn(true); $this->backendUserProphecy->checkLanguageAccess(Argument::cetera())->willReturn(true); $expected = $input; // A default value for existing container field aFlexField should have been set $expected['databaseRow']['aField']['data']['sDEF']['lDEF']['section_1']['el']['1']['container_1']['el']['aFlexField']['vDEF'] = 'defaultValue'; // Dummy row values for container_1 on lDEF sheet $expected['databaseRow']['aField']['data']['sDEF']['lDEF']['section_1']['templateRows']['container_1']['el']['aFlexField']['vDEF'] = 'defaultValue'; $this->assertEquals($expected, $this->subject->addData($input)); }
/** * @test */ public function addDataSetsValuesAndStructureForSectionContainerElementsWithLangChildren() { $input = ['tableName' => 'aTable', 'databaseRow' => ['aField' => ['data' => ['sDEF' => ['lDEF' => ['section_1' => ['el' => ['1' => ['container_1' => ['el' => []]], '2' => ['container_1' => ['el' => ['aFlexField' => ['vDEF' => 'dbValue']]]]]]]]], 'meta' => []]], 'systemLanguageRows' => [0 => ['uid' => 0, 'iso' => 'DEF'], 1 => ['uid' => 1, 'iso' => 'EN']], 'processedTca' => ['columns' => ['aField' => ['config' => ['type' => 'flex', 'ds' => ['meta' => ['langChildren' => 1], 'sheets' => ['sDEF' => ['ROOT' => ['type' => 'array', 'el' => ['section_1' => ['section' => '1', 'type' => 'array', 'el' => ['container_1' => ['type' => 'array', 'el' => ['aFlexField' => ['label' => 'aFlexFieldLabel', 'config' => ['type' => 'input', 'default' => 'defaultValue']]]]]]]]]]]]]]], 'pageTsConfig' => []]; $GLOBALS['TYPO3_CONF_VARS']['SYS']['formEngine']['formDataGroup']['flexFormSegment'] = [\TYPO3\CMS\Backend\Form\FormDataProvider\DatabaseRowDefaultValues::class => []]; /** @var LanguageService|ObjectProphecy $languageService */ $languageService = $this->prophesize(LanguageService::class); $GLOBALS['LANG'] = $languageService->reveal(); $languageService->sL(Argument::cetera())->willReturnArgument(0); $this->backendUserProphecy->isAdmin()->willReturn(true); $this->backendUserProphecy->checkLanguageAccess(Argument::cetera())->willReturn(true); $expected = $input; $expected['processedTca']['columns']['aField']['config']['ds']['meta'] = ['availableLanguageCodes' => [0 => 'DEF', 1 => 'EN'], 'langDisable' => false, 'langChildren' => true, 'languagesOnSheetLevel' => [0 => 'DEF'], 'languagesOnElement' => [0 => 'DEF', 1 => 'EN']]; // A default value for existing container field aFlexField should have been set $expected['databaseRow']['aField']['data']['sDEF']['lDEF']['section_1']['el']['1']['container_1']['el']['aFlexField']['vDEF'] = 'defaultValue'; $expected['databaseRow']['aField']['data']['sDEF']['lDEF']['section_1']['el']['1']['container_1']['el']['aFlexField']['vEN'] = 'defaultValue'; // Also for the other defined language $expected['databaseRow']['aField']['data']['sDEF']['lDEF']['section_1']['el']['2']['container_1']['el']['aFlexField']['vEN'] = 'defaultValue'; // There should be a templateRow for container_1 with defaultValue set for both languages $expected['databaseRow']['aField']['data']['sDEF']['lDEF']['section_1']['templateRows']['container_1']['el']['aFlexField']['vDEF'] = 'defaultValue'; $expected['databaseRow']['aField']['data']['sDEF']['lDEF']['section_1']['templateRows']['container_1']['el']['aFlexField']['vEN'] = 'defaultValue'; $this->assertEquals($expected, $this->subject->addData($input)); }
/** * Make value list * * @param string $fieldName * @param string $fieldValue * @param array $conf * @param string $table * @param string $splitString * @return string */ public function makeValueList($fieldName, $fieldValue, $conf, $table, $splitString) { $fieldSetup = $conf; $out = ''; if ($fieldSetup['type'] == 'files') { $d = dir(PATH_site . $fieldSetup['uploadfolder']); while (false !== ($entry = $d->read())) { if ($entry == '.' || $entry == '..') { continue; } $fileArray[] = $entry; } $d->close(); natcasesort($fileArray); foreach ($fileArray as $fileName) { if (GeneralUtility::inList($fieldValue, $fileName) || $fieldValue == $fileName) { if (!$out) { $out = htmlspecialchars($fileName); } else { $out .= $splitString . htmlspecialchars($fileName); } } } } if ($fieldSetup['type'] == 'multiple') { foreach ($fieldSetup['items'] as $key => $val) { if (substr($val[0], 0, 4) == 'LLL:') { $value = $this->languageService->sL($val[0]); } else { $value = $val[0]; } if (GeneralUtility::inList($fieldValue, $val[1]) || $fieldValue == $val[1]) { if (!$out) { $out = htmlspecialchars($value); } else { $out .= $splitString . htmlspecialchars($value); } } } } if ($fieldSetup['type'] == 'binary') { foreach ($fieldSetup['items'] as $Key => $val) { if (substr($val[0], 0, 4) == 'LLL:') { $value = $this->languageService->sL($val[0]); } else { $value = $val[0]; } if (!$out) { $out = htmlspecialchars($value); } else { $out .= $splitString . htmlspecialchars($value); } } } if ($fieldSetup['type'] == 'relation') { $dontPrefixFirstTable = 0; $useTablePrefix = 0; if ($fieldSetup['items']) { foreach ($fieldSetup['items'] as $key => $val) { if (substr($val[0], 0, 4) == 'LLL:') { $value = $this->languageService->sL($val[0]); } else { $value = $val[0]; } if (GeneralUtility::inList($fieldValue, $value) || $fieldValue == $value) { if (!$out) { $out = htmlspecialchars($value); } else { $out .= $splitString . htmlspecialchars($value); } } } } if (stristr($fieldSetup['allowed'], ',')) { $from_table_Arr = explode(',', $fieldSetup['allowed']); $useTablePrefix = 1; if (!$fieldSetup['prepend_tname']) { $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($table); $queryBuilder->getRestrictions()->removeAll()->add(GeneralUtility::makeInstance(DeletedRestriction::class)); $statement = $queryBuilder->select($fieldName)->from($table)->execute(); while ($row = $statement->fetch()) { if (stristr($row[$fieldName], ',')) { $checkContent = explode(',', $row[$fieldName]); foreach ($checkContent as $singleValue) { if (!stristr($singleValue, '_')) { $dontPrefixFirstTable = 1; } } } else { $singleValue = $row[$fieldName]; if ($singleValue !== '' && !stristr($singleValue, '_')) { $dontPrefixFirstTable = 1; } } } } } else { $from_table_Arr[0] = $fieldSetup['allowed']; } if ($fieldSetup['prepend_tname']) { $useTablePrefix = 1; } if ($fieldSetup['foreign_table']) { $from_table_Arr[0] = $fieldSetup['foreign_table']; } $counter = 0; $useSelectLabels = 0; $useAltSelectLabels = 0; $tablePrefix = ''; $labelFieldSelect = []; foreach ($from_table_Arr as $from_table) { if ($useTablePrefix && !$dontPrefixFirstTable && $counter != 1 || $counter == 1) { $tablePrefix = $from_table . '_'; } $counter = 1; if (is_array($GLOBALS['TCA'][$from_table])) { $labelField = $GLOBALS['TCA'][$from_table]['ctrl']['label']; $altLabelField = $GLOBALS['TCA'][$from_table]['ctrl']['label_alt']; if ($GLOBALS['TCA'][$from_table]['columns'][$labelField]['config']['items']) { $items = $GLOBALS['TCA'][$from_table]['columns'][$labelField]['config']['items']; foreach ($items as $labelArray) { if (substr($labelArray[0], 0, 4) == 'LLL:') { $labelFieldSelect[$labelArray[1]] = $this->languageService->sL($labelArray[0]); } else { $labelFieldSelect[$labelArray[1]] = $labelArray[0]; } } $useSelectLabels = 1; } if ($GLOBALS['TCA'][$from_table]['columns'][$altLabelField]['config']['items']) { $items = $GLOBALS['TCA'][$from_table]['columns'][$altLabelField]['config']['items']; foreach ($items as $altLabelArray) { if (substr($altLabelArray[0], 0, 4) == 'LLL:') { $altLabelFieldSelect[$altLabelArray[1]] = $this->languageService->sL($altLabelArray[0]); } else { $altLabelFieldSelect[$altLabelArray[1]] = $altLabelArray[0]; } } $useAltSelectLabels = 1; } if (!$this->tableArray[$from_table]) { $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($from_table); $queryBuilder->getRestrictions()->removeAll()->add(GeneralUtility::makeInstance(DeletedRestriction::class)); $selectFields = ['uid', $labelField]; if ($altLabelField) { $selectFields[] = $altLabelField; } $queryBuilder->select(...$selectFields)->from($from_table)->orderBy('uid'); if (!$this->backendUserAuthentication->isAdmin() && $GLOBALS['TYPO3_CONF_VARS']['BE']['lockBeUserToDBmounts']) { $webMounts = $this->backendUserAuthentication->returnWebmounts(); $perms_clause = $this->backendUserAuthentication->getPagePermsClause(1); $webMountPageTree = ''; $webMountPageTreePrefix = ''; foreach ($webMounts as $webMount) { if ($webMountPageTree) { $webMountPageTreePrefix = ','; } $webMountPageTree .= $webMountPageTreePrefix . $this->getTreeList($webMount, 999, $begin = 0, $perms_clause); } if ($from_table === 'pages') { $queryBuilder->where(QueryHelper::stripLogicalOperatorPrefix($perms_clause), $queryBuilder->expr()->in('uid', $queryBuilder->createNamedParameter(GeneralUtility::intExplode(',', $webMountPageTree), Connection::PARAM_INT_ARRAY))); } else { $queryBuilder->where($queryBuilder->expr()->in('pid', $queryBuilder->createNamedParameter(GeneralUtility::intExplode(',', $webMountPageTree), Connection::PARAM_INT_ARRAY))); } } $statement = $queryBuilder->execute(); $this->tableArray[$from_table] = []; while ($row = $statement->fetch()) { $this->tableArray[$from_table][] = $row; } } foreach ($this->tableArray[$from_table] as $key => $val) { $GLOBALS['SOBE']->MOD_SETTINGS['labels_noprefix'] = $GLOBALS['SOBE']->MOD_SETTINGS['labels_noprefix'] == 1 ? 'on' : $GLOBALS['SOBE']->MOD_SETTINGS['labels_noprefix']; $prefixString = $GLOBALS['SOBE']->MOD_SETTINGS['labels_noprefix'] == 'on' ? '' : ' [' . $tablePrefix . $val['uid'] . '] '; if (GeneralUtility::inList($fieldValue, $tablePrefix . $val['uid']) || $fieldValue == $tablePrefix . $val['uid']) { if ($useSelectLabels) { if (!$out) { $out = htmlspecialchars($prefixString . $labelFieldSelect[$val[$labelField]]); } else { $out .= $splitString . htmlspecialchars($prefixString . $labelFieldSelect[$val[$labelField]]); } } elseif ($val[$labelField]) { if (!$out) { $out = htmlspecialchars($prefixString . $val[$labelField]); } else { $out .= $splitString . htmlspecialchars($prefixString . $val[$labelField]); } } elseif ($useAltSelectLabels) { if (!$out) { $out = htmlspecialchars($prefixString . $altLabelFieldSelect[$val[$altLabelField]]); } else { $out .= $splitString . htmlspecialchars($prefixString . $altLabelFieldSelect[$val[$altLabelField]]); } } else { if (!$out) { $out = htmlspecialchars($prefixString . $val[$altLabelField]); } else { $out .= $splitString . htmlspecialchars($prefixString . $val[$altLabelField]); } } } } } } } return $out; }
/** * Adding CM element for Permission setting * * @param string $table Table name * @param int $uid UID for the current record. * @param array $rec The "pages" record with "perms_*" fields inside. * @return array Item array, element in $menuItems * @internal */ public function DB_perms($table, $uid, $rec) { if (!ExtensionManagementUtility::isLoaded('beuser')) { return ''; } $parameters = array('id' => $uid); if ($rec['perms_userid'] == $this->backendUser->user['uid'] || $this->backendUser->isAdmin()) { $parameters['return_id'] = $uid; $parameters['edit'] = '1'; } $url = BackendUtility::getModuleUrl('system_BeuserTxPermission', $parameters); return $this->linkItem(htmlspecialchars($this->languageService->getLL('CM_perms')), $this->iconFactory->getIcon('status-status-locked', Icon::SIZE_SMALL)->render(), $this->urlRefForCM($url)); }
/** * Insert into database * Does not check permissions but expects them to be verified on beforehand * * @param string $table Record table name * @param string $id "NEW...." uid string * @param array $fieldArray Array of field=>value pairs to insert. FIELDS MUST MATCH the database FIELDS. No check is done. "pid" must point to the destination of the record! * @param bool $newVersion Set to TRUE if new version is created. * @param int $suggestedUid Suggested UID value for the inserted record. See the array $this->suggestedInsertUids; Admin-only feature * @param bool $dontSetNewIdIndex If TRUE, the ->substNEWwithIDs array is not updated. Only useful in very rare circumstances! * @return int|NULL Returns ID on success. */ public function insertDB($table, $id, $fieldArray, $newVersion = false, $suggestedUid = 0, $dontSetNewIdIndex = false) { if (is_array($fieldArray) && is_array($GLOBALS['TCA'][$table]) && isset($fieldArray['pid'])) { // Do NOT insert the UID field, ever! unset($fieldArray['uid']); if (!empty($fieldArray)) { // Check for "suggestedUid". // This feature is used by the import functionality to force a new record to have a certain UID value. // This is only recommended for use when the destination server is a passive mirror of another server. // As a security measure this feature is available only for Admin Users (for now) $suggestedUid = (int) $suggestedUid; if ($this->BE_USER->isAdmin() && $suggestedUid && $this->suggestedInsertUids[$table . ':' . $suggestedUid]) { // When the value of ->suggestedInsertUids[...] is "DELETE" it will try to remove the previous record if ($this->suggestedInsertUids[$table . ':' . $suggestedUid] === 'DELETE') { // DELETE: $this->databaseConnection->exec_DELETEquery($table, 'uid=' . (int) $suggestedUid); } $fieldArray['uid'] = $suggestedUid; } $fieldArray = $this->insertUpdateDB_preprocessBasedOnFieldType($table, $fieldArray); // Execute the INSERT query: $this->databaseConnection->exec_INSERTquery($table, $fieldArray); // If succees, do...: if (!$this->databaseConnection->sql_error()) { // Set mapping for NEW... -> real uid: // the NEW_id now holds the 'NEW....' -id $NEW_id = $id; $id = $this->databaseConnection->sql_insert_id(); if (!$dontSetNewIdIndex) { $this->substNEWwithIDs[$NEW_id] = $id; $this->substNEWwithIDs_table[$NEW_id] = $table; } $newRow = array(); // Checking the record is properly saved and writing to log if ($this->enableLogging && $this->checkStoredRecords) { $newRow = $this->checkStoredRecord($table, $id, $fieldArray, 1); } // Update reference index: $this->updateRefIndex($table, $id); if ($newVersion) { if ($this->enableLogging) { $propArr = $this->getRecordPropertiesFromRow($table, $newRow); $this->log($table, $id, 1, 0, 0, 'New version created of table \'%s\', uid \'%s\'. UID of new version is \'%s\'', 10, array($table, $fieldArray['t3ver_oid'], $id), $propArr['event_pid'], $NEW_id); } } else { if ($this->enableLogging) { $propArr = $this->getRecordPropertiesFromRow($table, $newRow); $page_propArr = $this->getRecordProperties('pages', $propArr['pid']); $this->log($table, $id, 1, 0, 0, 'Record \'%s\' (%s) was inserted on page \'%s\' (%s)', 10, array($propArr['header'], $table . ':' . $id, $page_propArr['header'], $newRow['pid']), $newRow['pid'], $NEW_id); } // Clear cache for relevant pages: $this->registerRecordIdForPageCacheClearing($table, $id); } return $id; } elseif ($this->enableLogging) { $this->log($table, $id, 1, 0, 2, 'SQL error: \'%s\' (%s)', 12, array($this->databaseConnection->sql_error(), $table . ':' . $id)); } } } return null; }
/** * Make value list * * @param string $fieldName * @param string $fieldValue * @param array $conf * @param string $table * @param string $splitString * @return string */ public function makeValueList($fieldName, $fieldValue, $conf, $table, $splitString) { $fieldSetup = $conf; $out = ''; if ($fieldSetup['type'] == 'files') { $d = dir(PATH_site . $fieldSetup['uploadfolder']); while (false !== ($entry = $d->read())) { if ($entry == '.' || $entry == '..') { continue; } $fileArray[] = $entry; } $d->close(); natcasesort($fileArray); foreach ($fileArray as $fileName) { if (GeneralUtility::inList($fieldValue, $fileName) || $fieldValue == $fileName) { if (!$out) { $out = htmlspecialchars($fileName); } else { $out .= $splitString . htmlspecialchars($fileName); } } } } if ($fieldSetup['type'] == 'multiple') { foreach ($fieldSetup['items'] as $key => $val) { if (substr($val[0], 0, 4) == 'LLL:') { $value = $this->languageService->sL($val[0]); } else { $value = $val[0]; } if (GeneralUtility::inList($fieldValue, $val[1]) || $fieldValue == $val[1]) { if (!$out) { $out = htmlspecialchars($value); } else { $out .= $splitString . htmlspecialchars($value); } } } } if ($fieldSetup['type'] == 'binary') { foreach ($fieldSetup['items'] as $Key => $val) { if (substr($val[0], 0, 4) == 'LLL:') { $value = $this->languageService->sL($val[0]); } else { $value = $val[0]; } if (!$out) { $out = htmlspecialchars($value); } else { $out .= $splitString . htmlspecialchars($value); } } } if ($fieldSetup['type'] == 'relation') { $dontPrefixFirstTable = 0; $useTablePrefix = 0; if ($fieldSetup['items']) { foreach ($fieldSetup['items'] as $key => $val) { if (substr($val[0], 0, 4) == 'LLL:') { $value = $this->languageService->sL($val[0]); } else { $value = $val[0]; } if (GeneralUtility::inList($fieldValue, $value) || $fieldValue == $value) { if (!$out) { $out = htmlspecialchars($value); } else { $out .= $splitString . htmlspecialchars($value); } } } } if (stristr($fieldSetup['allowed'], ',')) { $from_table_Arr = explode(',', $fieldSetup['allowed']); $useTablePrefix = 1; if (!$fieldSetup['prepend_tname']) { $checkres = $this->databaseConnection->exec_SELECTquery($fieldName, $table, 'uid ' . BackendUtility::deleteClause($table)); if ($checkres) { while ($row = $this->databaseConnection->sql_fetch_assoc($checkres)) { if (stristr($row[$fieldName], ',')) { $checkContent = explode(',', $row[$fieldName]); foreach ($checkContent as $singleValue) { if (!stristr($singleValue, '_')) { $dontPrefixFirstTable = 1; } } } else { $singleValue = $row[$fieldName]; if ($singleValue !== '' && !stristr($singleValue, '_')) { $dontPrefixFirstTable = 1; } } } $this->databaseConnection->sql_free_result($checkres); } } } else { $from_table_Arr[0] = $fieldSetup['allowed']; } if ($fieldSetup['prepend_tname']) { $useTablePrefix = 1; } if ($fieldSetup['foreign_table']) { $from_table_Arr[0] = $fieldSetup['foreign_table']; } $counter = 0; $useSelectLabels = 0; $useAltSelectLabels = 0; $tablePrefix = ''; $labelFieldSelect = []; foreach ($from_table_Arr as $from_table) { if ($useTablePrefix && !$dontPrefixFirstTable && $counter != 1 || $counter == 1) { $tablePrefix = $from_table . '_'; } $counter = 1; if (is_array($GLOBALS['TCA'][$from_table])) { $labelField = $GLOBALS['TCA'][$from_table]['ctrl']['label']; $altLabelField = $GLOBALS['TCA'][$from_table]['ctrl']['label_alt']; if ($GLOBALS['TCA'][$from_table]['columns'][$labelField]['config']['items']) { $items = $GLOBALS['TCA'][$from_table]['columns'][$labelField]['config']['items']; foreach ($items as $labelArray) { if (substr($labelArray[0], 0, 4) == 'LLL:') { $labelFieldSelect[$labelArray[1]] = $this->languageService->sL($labelArray[0]); } else { $labelFieldSelect[$labelArray[1]] = $labelArray[0]; } } $useSelectLabels = 1; } if ($GLOBALS['TCA'][$from_table]['columns'][$altLabelField]['config']['items']) { $items = $GLOBALS['TCA'][$from_table]['columns'][$altLabelField]['config']['items']; foreach ($items as $altLabelArray) { if (substr($altLabelArray[0], 0, 4) == 'LLL:') { $altLabelFieldSelect[$altLabelArray[1]] = $this->languageService->sL($altLabelArray[0]); } else { $altLabelFieldSelect[$altLabelArray[1]] = $altLabelArray[0]; } } $useAltSelectLabels = 1; } $altLabelFieldSelect = $altLabelField ? ',' . $altLabelField : ''; $select_fields = 'uid,' . $labelField . $altLabelFieldSelect; if (!$this->backendUserAuthentication->isAdmin() && $GLOBALS['TYPO3_CONF_VARS']['BE']['lockBeUserToDBmounts']) { $webMounts = $this->backendUserAuthentication->returnWebmounts(); $perms_clause = $this->backendUserAuthentication->getPagePermsClause(1); $webMountPageTree = ''; $webMountPageTreePrefix = ''; foreach ($webMounts as $key => $val) { if ($webMountPageTree) { $webMountPageTreePrefix = ','; } $webMountPageTree .= $webMountPageTreePrefix . $this->getTreeList($val, 999, $begin = 0, $perms_clause); } if ($from_table == 'pages') { $where_clause = 'uid IN (' . $webMountPageTree . ') ' . BackendUtility::deleteClause($from_table) . ' AND ' . $perms_clause; } else { $where_clause = 'pid IN (' . $webMountPageTree . ') ' . BackendUtility::deleteClause($from_table); } } else { $where_clause = 'uid' . BackendUtility::deleteClause($from_table); } $orderBy = 'uid'; $res = null; if (!$this->tableArray[$from_table]) { $res = $this->databaseConnection->exec_SELECTquery($select_fields, $from_table, $where_clause, $groupBy = '', $orderBy); $this->tableArray[$from_table] = array(); } if ($res) { while ($row = $this->databaseConnection->sql_fetch_assoc($res)) { $this->tableArray[$from_table][] = $row; } $this->databaseConnection->sql_free_result($res); } foreach ($this->tableArray[$from_table] as $key => $val) { $GLOBALS['SOBE']->MOD_SETTINGS['labels_noprefix'] = $GLOBALS['SOBE']->MOD_SETTINGS['labels_noprefix'] == 1 ? 'on' : $GLOBALS['SOBE']->MOD_SETTINGS['labels_noprefix']; $prefixString = $GLOBALS['SOBE']->MOD_SETTINGS['labels_noprefix'] == 'on' ? '' : ' [' . $tablePrefix . $val['uid'] . '] '; if (GeneralUtility::inList($fieldValue, $tablePrefix . $val['uid']) || $fieldValue == $tablePrefix . $val['uid']) { if ($useSelectLabels) { if (!$out) { $out = htmlspecialchars($prefixString . $labelFieldSelect[$val[$labelField]]); } else { $out .= $splitString . htmlspecialchars($prefixString . $labelFieldSelect[$val[$labelField]]); } } elseif ($val[$labelField]) { if (!$out) { $out = htmlspecialchars($prefixString . $val[$labelField]); } else { $out .= $splitString . htmlspecialchars($prefixString . $val[$labelField]); } } elseif ($useAltSelectLabels) { if (!$out) { $out = htmlspecialchars($prefixString . $altLabelFieldSelect[$val[$altLabelField]]); } else { $out .= $splitString . htmlspecialchars($prefixString . $altLabelFieldSelect[$val[$altLabelField]]); } } else { if (!$out) { $out = htmlspecialchars($prefixString . $val[$altLabelField]); } else { $out .= $splitString . htmlspecialchars($prefixString . $val[$altLabelField]); } } } } } } } return $out; }
/** * Adding CM element for Permission setting * * @param string $table Table name * @param int $uid UID for the current record. * @param array $rec The "pages" record with "perms_*" fields inside. * @return array Item array, element in $menuItems * @internal */ public function DB_perms($table, $uid, $rec) { if (!ExtensionManagementUtility::isLoaded('beuser')) { return ''; } $parameters = array('id' => $uid); if ($rec['perms_userid'] == $this->backendUser->user['uid'] || $this->backendUser->isAdmin()) { $parameters['return_id'] = $uid; $parameters['edit'] = '1'; } $url = BackendUtility::getModuleUrl('system_BeuserTxPermission', $parameters); return $this->linkItem($this->languageService->makeEntities($this->languageService->getLL('CM_perms')), IconUtility::getSpriteIcon('status-status-locked'), $this->urlRefForCM($url), 0); }