/**
* This method walks through the view configuration and applies
* matching configurations in the order of their specifity score.
* Possible options are currently the viewObjectName to specify
* a different class that will be used to create the view and
* an array of options that will be set on the view object.
*
* @param \TYPO3\Flow\Mvc\ActionRequest $request
* @return array
*/
public function getViewConfiguration(ActionRequest $request)
{
$cacheIdentifier = $this->createCacheIdentifier($request);
$viewConfiguration = $this->cache->get($cacheIdentifier);
if ($viewConfiguration === false) {
$configurations = $this->configurationManager->getConfiguration('Views');
$requestMatcher = new RequestMatcher($request);
$context = new Context($requestMatcher);
$matchingConfigurations = array();
foreach ($configurations as $order => $configuration) {
$requestMatcher->resetWeight();
if (!isset($configuration['requestFilter'])) {
$matchingConfigurations[$order]['configuration'] = $configuration;
$matchingConfigurations[$order]['weight'] = $order;
} else {
$result = $this->eelEvaluator->evaluate($configuration['requestFilter'], $context);
if ($result === false) {
continue;
}
$matchingConfigurations[$order]['configuration'] = $configuration;
$matchingConfigurations[$order]['weight'] = $requestMatcher->getWeight() + $order;
}
}
usort($matchingConfigurations, function ($configuration1, $configuration2) {
return $configuration1['weight'] > $configuration2['weight'];
});
$viewConfiguration = array();
foreach ($matchingConfigurations as $key => $matchingConfiguration) {
$viewConfiguration = Arrays::arrayMergeRecursiveOverrule($viewConfiguration, $matchingConfiguration['configuration']);
}
$this->cache->set($cacheIdentifier, $viewConfiguration);
}
return $viewConfiguration;
}
/**
* @param PrivilegeSubjectInterface $subject
* @return boolean
* @throws InvalidPrivilegeTypeException
*/
public function matchesSubject(PrivilegeSubjectInterface $subject)
{
if (!$subject instanceof NodePrivilegeSubject) {
throw new InvalidPrivilegeTypeException(sprintf('Privileges of type "%s" only support subjects of type "%s", but we got a subject of type: "%s".', static::class, NodePrivilegeSubject::class, get_class($subject)), 1465979693);
}
$nodeContext = new NodePrivilegeContext($subject->getNode());
$eelContext = new Context($nodeContext);
$eelCompilingEvaluator = new CompilingEvaluator();
$eelCompilingEvaluator->evaluate($this->getParsedMatcher(), $eelContext);
return $eelCompilingEvaluator->evaluate($this->getParsedMatcher(), $eelContext);
}
/**
* @test
*/
public function loopedExpressions()
{
$this->markTestSkipped('Enable for benchmark');
$evaluator = new CompilingEvaluator();
$expression = 'foo.bar=="Test"||foo.baz=="Test"||reverse(foo).bar=="Test"';
$context = new Context(array('foo' => array('bar' => 'Test1', 'baz' => 'Test2'), 'reverse' => function ($array) {
return array_reverse($array, true);
}));
for ($i = 0; $i < 10000; $i++) {
$evaluator->evaluate($expression, $context);
}
}
/**
* @param PrivilegeSubjectInterface|NodePrivilegeSubject|MethodPrivilegeSubject $subject (one of NodePrivilegeSubject or MethodPrivilegeSubject)
* @return boolean
* @throws InvalidPrivilegeTypeException
*/
public function matchesSubject(PrivilegeSubjectInterface $subject)
{
if ($subject instanceof NodePrivilegeSubject === false && $subject instanceof MethodPrivilegeSubject === false) {
throw new InvalidPrivilegeTypeException(sprintf('Privileges of type "TYPO3\\TYPO3CR\\Security\\Authorization\\Privilege\\Node\\AbstractNodePrivilege" only support subjects of type "TYPO3\\TYPO3CR\\Security\\Authorization\\Privilege\\Node\\NodePrivilegeSubject" or "TYPO3\\Flow\\Security\\Method\\MethodPrivilegeSubject", but we got a subject of type: "%s".', get_class($subject)), 1417014368);
}
$this->initialize();
if ($subject instanceof MethodPrivilegeSubject) {
return $this->methodPrivilege->matchesSubject($subject);
}
$nodeContext = new $this->nodeContextClassName($subject->getNode());
$eelContext = new Context($nodeContext);
return $this->eelCompilingEvaluator->evaluate($this->getParsedMatcher(), $eelContext);
}
/**
* Evaluate an Eel expression
*
* @param string $expression The Eel expression to evaluate
* @param \TYPO3\TypoScript\TypoScriptObjects\AbstractTypoScriptObject $contextObject An optional object for the "this" value inside the context
* @return mixed The result of the evaluated Eel expression
* @throws \TYPO3\TypoScript\Exception
*/
protected function evaluateEelExpression($expression, AbstractTypoScriptObject $contextObject = null)
{
if ($expression[0] !== '$' || $expression[1] !== '{') {
// We still assume this is an EEL expression and wrap the markers for backwards compatibility.
$expression = '${' . $expression . '}';
}
$contextVariables = array_merge($this->getDefaultContextVariables(), $this->getCurrentContext());
if (isset($contextVariables['this'])) {
throw new Exception('Context variable "this" not allowed, as it is already reserved for a pointer to the current TypoScript object.', 1344325044);
}
$contextVariables['this'] = $contextObject;
if ($this->eelEvaluator instanceof \TYPO3\Flow\Object\DependencyInjection\DependencyProxy) {
$this->eelEvaluator->_activateDependency();
}
return EelUtility::evaluateEelExpression($expression, $this->eelEvaluator, $contextVariables);
}
/**
* Sets the roles for the LDAP account.
* Extend this Provider class and implement this method to update the party
*
* @param Account $account
* @param array $ldapSearchResult
* @return void
*/
protected function setRoles(Account $account, array $ldapSearchResult)
{
if (is_array($this->rolesConfiguration)) {
$contextVariables = array('ldapUser' => $ldapSearchResult);
if (isset($this->defaultContext) && is_array($this->defaultContext)) {
foreach ($this->defaultContext as $contextVariable => $objectName) {
$object = $this->objectManager->get($objectName);
$contextVariables[$contextVariable] = $object;
}
}
foreach ($this->rolesConfiguration['default'] as $roleIdentifier) {
$role = $this->policyService->getRole($roleIdentifier);
$account->addRole($role);
}
$eelContext = new Context($contextVariables);
if (isset($this->partyConfiguration['dn'])) {
$dn = $this->eelEvaluator->evaluate($this->partyConfiguration['dn'], $eelContext);
foreach ($this->rolesConfiguration['userMapping'] as $roleIdentifier => $userDns) {
if (in_array($dn, $userDns)) {
$role = $this->policyService->getRole($roleIdentifier);
$account->addRole($role);
}
}
} elseif (!empty($this->rolesConfiguration['userMapping'])) {
$this->logger->log('User mapping found but no party mapping for dn set', LOG_ALERT);
}
if (isset($this->partyConfiguration['username'])) {
$username = $this->eelEvaluator->evaluate($this->partyConfiguration['username'], $eelContext);
$groupMembership = $this->directoryService->getGroupMembership($username);
foreach ($this->rolesConfiguration['groupMapping'] as $roleIdentifier => $remoteRoleIdentifiers) {
foreach ($remoteRoleIdentifiers as $remoteRoleIdentifier) {
$role = $this->policyService->getRole($roleIdentifier);
if (isset($groupMembership[$remoteRoleIdentifier])) {
$account->addRole($role);
}
}
}
} elseif (!empty($this->rolesConfiguration['groupMapping'])) {
$this->logger->log('Group mapping found but no party mapping for username set', LOG_ALERT);
}
}
}
/**
* @test
*/
public function methodCallToNullValueDoesNotThrowNotAllowedException()
{
$context = new ProtectedContext(array());
$evaluator = new CompilingEvaluator();
$result = $evaluator->evaluate('unknown.someMethod()', $context);
$this->assertEquals(null, $result);
}
