/** * @return User */ public function getBackendUser() { if ($this->securityContext->canBeInitialized() === TRUE) { return $this->securityContext->getPartyByType('TYPO3\\Neos\\Domain\\Model\\User'); } return NULL; }
/** * Get the account of the first authenticated token. * * @return \TYPO3\Flow\Security\Account|NULL */ public function getAccount() { if ($this->securityContext->canBeInitialized()) { return $this->securityContext->getAccount(); } return NULL; }
/** * Initializes the controller before invoking an action method. * */ public function initializeAction() { if ($this->securityContext->canBeInitialized()) { $account = $this->securityContext->getAccount(); $this->bearbeiterObj = $this->bearbeiterRepository->findOneByAccount($account); } $this->cacheInterface = $this->cacheManager->getCache('GermaniaSacra_GermaniaCache'); }
/** * Try to set the current account identifier emitting the events, if possible * * @return void */ protected function initializeAccountIdentifier() { if ($this->securityContext->canBeInitialized()) { $account = $this->securityContext->getAccount(); if ($account !== NULL) { $this->eventEmittingService->setCurrentAccountIdentifier($account->getAccountIdentifier()); } } }
/** * Returns TRUE, if at least one of the currently authenticated accounts holds * a role with the given identifier, also recursively. * * @param string $roleIdentifier The string representation of the role to search for * @return boolean TRUE, if a role with the given string representation was found */ public function hasRole($roleIdentifier) { if ($roleIdentifier === 'TYPO3.Flow:Everybody') { return true; } if ($this->securityContext->canBeInitialized()) { return $this->securityContext->hasRole($roleIdentifier); } return false; }
/** * Gets the SQL query part to add to a query. * * @param ClassMetaData $targetEntity Metadata object for the target entity to be filtered * @param string $targetTableAlias The target table alias used in the current query * @return string The constraint SQL if there is available, empty string otherwise */ public function addFilterConstraint(ClassMetadata $targetEntity, $targetTableAlias) { $this->initializeDependencies(); /* * TODO: Instead of checking for class account we could introduce some interface for white listing entities from entity security checks * Problem with checking the Account is, that this filter calls getRoles() on the security context while accounts are not * yet fully initialized. By this we get a half built account object that will end up in access denied exception, * as it has no roles (and other properties) set */ if ($this->securityContext->areAuthorizationChecksDisabled() || $targetEntity->getName() === \TYPO3\Flow\Security\Account::class) { return ''; } if (!$this->securityContext->isInitialized()) { if (!$this->securityContext->canBeInitialized()) { return ''; } $this->securityContext->initialize(); } // This is needed to include the current context of roles into query cache identifier $this->setParameter('__contextHash', $this->securityContext->getContextHash(), 'string'); $sqlConstraints = array(); $grantedConstraints = array(); $deniedConstraints = array(); foreach ($this->securityContext->getRoles() as $role) { $entityPrivileges = $role->getPrivilegesByType(\TYPO3\Flow\Security\Authorization\Privilege\Entity\EntityPrivilegeInterface::class); /** @var EntityPrivilegeInterface $privilege */ foreach ($entityPrivileges as $privilege) { if (!$privilege->matchesEntityType($targetEntity->getName())) { continue; } $sqlConstraint = $privilege->getSqlConstraint($targetEntity, $targetTableAlias); if ($sqlConstraint === null) { continue; } $sqlConstraints[] = ' NOT (' . $sqlConstraint . ')'; if ($privilege->isGranted()) { $grantedConstraints[] = ' NOT (' . $sqlConstraint . ')'; } elseif ($privilege->isDenied()) { $deniedConstraints[] = ' NOT (' . $sqlConstraint . ')'; } } } $grantedConstraints = array_diff($grantedConstraints, $deniedConstraints); $effectiveConstraints = array_diff($sqlConstraints, $grantedConstraints); if (count($effectiveConstraints) > 0) { return ' (' . implode(') AND (', $effectiveConstraints) . ') '; } return ''; }
/** * Creats a file to be checked be cronjob before exporting the data */ public function dataexportAction() { $dumpDirectory = $this->dataImport->dumpDirectory; $executeDumpExportFile = $dumpDirectory . self::executeExportDump; if (!file_exists($executeDumpExportFile) && ($fileHandle = fopen($executeDumpExportFile, "w"))) { $txt = ''; if ($this->securityContext->canBeInitialized()) { if ($account = $this->securityContext->getAccount()) { $jobOwner = $this->bearbeiterRepository->findOneByAccount($account); $txt = 'Dieser Export wurde angelegt von ' . $jobOwner; } } fwrite($fileHandle, $txt); fclose($fileHandle); $currentTimeMinutes = date('i'); $minutesFraction = substr($currentTimeMinutes, 1, 1); $nextImportDumpExecution = 10 - $minutesFraction; echo 'Die nächste Veröffentlichung wird in ' . $nextImportDumpExecution . ' Minuten durchgeführt.' . '<br>'; echo 'Sie dauert ca. 5 Minuten.' . '<br>'; } elseif (file_exists($executeDumpExportFile)) { echo "Die Veröffentlichung ist bereits vorgemerkt."; } else { echo "Der Veröffentlichung-Job konnte leider nicht angelegt werden."; } exit; }
/** * Checks, if the current policy allows the retrieval of the object fetched by getObjectDataByIdentifier() * * @Flow\Around("within(TYPO3\Flow\Persistence\PersistenceManagerInterface) && method(.*->getObjectByIdentifier()) && setting(TYPO3.Flow.security.enable)") * @param \TYPO3\Flow\Aop\JoinPointInterface $joinPoint The current joinpoint * @return array The object data of the original object, or NULL if access is not permitted */ public function checkAccessAfterFetchingAnObjectByIdentifier(JoinPointInterface $joinPoint) { $result = $joinPoint->getAdviceChain()->proceed($joinPoint); if ($this->securityContext->areAuthorizationChecksDisabled() === TRUE || $this->policyService->hasPolicyEntriesForEntities() === FALSE) { return $result; } if ($this->securityContext->isInitialized() === FALSE) { if ($this->securityContext->canBeInitialized() === TRUE) { $this->securityContext->initialize(); } else { return $result; } } $authenticatedRoles = $this->securityContext->getRoles(); $entityType = $this->reflectionService->getClassNameByObject($result); if ($this->policyService->hasPolicyEntryForEntityType($entityType, $authenticatedRoles)) { if ($this->policyService->isGeneralAccessForEntityTypeGranted($entityType, $authenticatedRoles) === FALSE) { return NULL; } $policyConstraintsDefinition = $this->policyService->getResourcesConstraintsForEntityTypeAndRoles($entityType, $authenticatedRoles); if ($this->checkConstraintDefinitionsOnResultObject($policyConstraintsDefinition, $result) === FALSE) { return NULL; } } return $result; }
/** * Returns the processed Configuration * * @param \TYPO3\TYPO3CR\Domain\Model\NodeType $nodeType (uninitialized) The node type to process * @param array $configuration input configuration * @param array $options The processor options * @return void */ public function process(NodeType $nodeType, array &$configuration, array $options) { if ($this->securityContext->canBeInitialized()) { /* Check if user is logged in */ if ($this->securityContext->getAccount()) { $admin = false; $role = $this->policyService->getRole('TYPO3.Neos:Administrator'); if ($role && $this->securityContext->getAccount()->hasRole($role)) { $admin = true; } if (!$admin) { // foreach ($configuration['properties']['departmentName']['ui']['inspector']['editorOptions']['values'] as $key => $val) { // $configuration['properties']['departmentName']['ui']['inspector']['editorOptions']['values'][$key]['disabled'] = TRUE; // } // if ($nodeType->getName() == 'TYPO3.Neos.NodeTypes:Page') { // $configuration['constraints']['nodeTypes']['TYPO3.Neos.NodeTypes:Page'] = FALSE; // } unset($configuration['properties']['departmentName']); } } } }
/** * Render user initials or an abbreviated name for a given username. If the account was deleted, use the username as fallback. * * @param string $format Supported are "fullFirstName" and "initials" * @return string */ public function render($format = 'initials') { if (!in_array($format, array('fullFirstName', 'initials', 'fullName'))) { throw new \InvalidArgumentException(sprintf('Format "%s" given to history:userInitials(), only supporting "fullFirstName", "initials" and "fullName".', $format), 1415705861); } $accountIdentifier = $this->renderChildren(); // TODO: search by credential source is still needed /* @var $account \TYPO3\Flow\Security\Account */ $account = $this->accountRepository->findOneByAccountIdentifier($accountIdentifier); if ($account === null) { return $accountIdentifier; } /* @var $requestedUser Person */ $requestedUser = $account->getParty(); if ($requestedUser === null || $requestedUser->getName() === null) { return $accountIdentifier; } if ($this->securityContext->canBeInitialized()) { if ($this->securityContext->getAccount()) { /** @var User $currentUser */ $currentUser = $this->securityContext->getAccount()->getParty(); if ($currentUser === $requestedUser) { $languageIdentifier = $currentUser->getPreferences()->get('interfaceLanguage') ? $currentUser->getPreferences()->get('interfaceLanguage') : $this->defaultLanguageIdentifier; $you = $translation = $this->translator->translateById('you', array(), 1, new Locale($languageIdentifier), 'Main', 'TYPO3.Neos'); } } } switch ($format) { case 'initials': return mb_substr($requestedUser->getName()->getFirstName(), 0, 1) . mb_substr($requestedUser->getName()->getLastName(), 0, 1); case 'fullFirstName': return isset($you) ? $you : $requestedUser->getName()->getFirstName() . ' ' . mb_substr($requestedUser->getName()->getLastName(), 0, 1) . '.'; case 'fullName': return isset($you) ? $you : $requestedUser->getName()->getFullName(); } }
/** * Tells if this node may be accessed according to the current security context. * * @return boolean */ public function isAccessible() { if ($this->hasAccessRestrictions() === false) { return true; } if ($this->securityContext->canBeInitialized() === false) { return true; } foreach ($this->accessRoles as $roleName) { if ($this->securityContext->hasRole($roleName)) { return true; } } return false; }
/** * Creats a file to be checked be cronjob before importing the data */ public function dataimportAction() { $executeDumpImportFile = $this->dumpDirectory . self::executeImportDump; if (!file_exists($executeDumpImportFile) && ($fileHandle = fopen($executeDumpImportFile, "w"))) { $txt = ''; if ($this->securityContext->canBeInitialized()) { if ($account = $this->securityContext->getAccount()) { $jobOwner = $this->bearbeiterRepository->findOneByAccount($account); $txt = 'Dieser Import wurde angelegt von ' . $jobOwner; } } fwrite($fileHandle, $txt); fclose($fileHandle); $currentTimeMinutes = date('i'); $nextImportDumpExecution = 60 - $currentTimeMinutes; echo 'Der nächste Import wird in ' . $nextImportDumpExecution . ' Minuten durchgeführt.' . '<br>'; echo 'Er dauert ca. 1 Stunde.' . '<br>'; } elseif (file_exists($executeDumpImportFile)) { echo "Der Import ist bereits vorgemerkt."; } else { echo "Der Import-Job konnte leider nicht angelegt werden."; } exit; }
/** * Returns the currently logged in user, if any * * @return User The currently logged in user, or null * @api */ public function getCurrentUser() { if ($this->securityContext->canBeInitialized() === true) { $account = $this->securityContext->getAccount(); if ($account !== null) { return $this->getUser($account->getAccountIdentifier()); } } return null; }