/**
* @return User
*/
public function getBackendUser()
{
if ($this->securityContext->canBeInitialized() === TRUE) {
return $this->securityContext->getPartyByType('TYPO3\\Neos\\Domain\\Model\\User');
}
return NULL;
}
/**
* Get the account of the first authenticated token.
*
* @return \TYPO3\Flow\Security\Account|NULL
*/
public function getAccount()
{
if ($this->securityContext->canBeInitialized()) {
return $this->securityContext->getAccount();
}
return NULL;
}
/**
* Initializes the controller before invoking an action method.
*
*/
public function initializeAction()
{
if ($this->securityContext->canBeInitialized()) {
$account = $this->securityContext->getAccount();
$this->bearbeiterObj = $this->bearbeiterRepository->findOneByAccount($account);
}
$this->cacheInterface = $this->cacheManager->getCache('GermaniaSacra_GermaniaCache');
}
/**
* Try to set the current account identifier emitting the events, if possible
*
* @return void
*/
protected function initializeAccountIdentifier()
{
if ($this->securityContext->canBeInitialized()) {
$account = $this->securityContext->getAccount();
if ($account !== NULL) {
$this->eventEmittingService->setCurrentAccountIdentifier($account->getAccountIdentifier());
}
}
}
/**
* Returns TRUE, if at least one of the currently authenticated accounts holds
* a role with the given identifier, also recursively.
*
* @param string $roleIdentifier The string representation of the role to search for
* @return boolean TRUE, if a role with the given string representation was found
*/
public function hasRole($roleIdentifier)
{
if ($roleIdentifier === 'TYPO3.Flow:Everybody') {
return true;
}
if ($this->securityContext->canBeInitialized()) {
return $this->securityContext->hasRole($roleIdentifier);
}
return false;
}
/**
* Gets the SQL query part to add to a query.
*
* @param ClassMetaData $targetEntity Metadata object for the target entity to be filtered
* @param string $targetTableAlias The target table alias used in the current query
* @return string The constraint SQL if there is available, empty string otherwise
*/
public function addFilterConstraint(ClassMetadata $targetEntity, $targetTableAlias)
{
$this->initializeDependencies();
/*
* TODO: Instead of checking for class account we could introduce some interface for white listing entities from entity security checks
* Problem with checking the Account is, that this filter calls getRoles() on the security context while accounts are not
* yet fully initialized. By this we get a half built account object that will end up in access denied exception,
* as it has no roles (and other properties) set
*/
if ($this->securityContext->areAuthorizationChecksDisabled() || $targetEntity->getName() === \TYPO3\Flow\Security\Account::class) {
return '';
}
if (!$this->securityContext->isInitialized()) {
if (!$this->securityContext->canBeInitialized()) {
return '';
}
$this->securityContext->initialize();
}
// This is needed to include the current context of roles into query cache identifier
$this->setParameter('__contextHash', $this->securityContext->getContextHash(), 'string');
$sqlConstraints = array();
$grantedConstraints = array();
$deniedConstraints = array();
foreach ($this->securityContext->getRoles() as $role) {
$entityPrivileges = $role->getPrivilegesByType(\TYPO3\Flow\Security\Authorization\Privilege\Entity\EntityPrivilegeInterface::class);
/** @var EntityPrivilegeInterface $privilege */
foreach ($entityPrivileges as $privilege) {
if (!$privilege->matchesEntityType($targetEntity->getName())) {
continue;
}
$sqlConstraint = $privilege->getSqlConstraint($targetEntity, $targetTableAlias);
if ($sqlConstraint === null) {
continue;
}
$sqlConstraints[] = ' NOT (' . $sqlConstraint . ')';
if ($privilege->isGranted()) {
$grantedConstraints[] = ' NOT (' . $sqlConstraint . ')';
} elseif ($privilege->isDenied()) {
$deniedConstraints[] = ' NOT (' . $sqlConstraint . ')';
}
}
}
$grantedConstraints = array_diff($grantedConstraints, $deniedConstraints);
$effectiveConstraints = array_diff($sqlConstraints, $grantedConstraints);
if (count($effectiveConstraints) > 0) {
return ' (' . implode(') AND (', $effectiveConstraints) . ') ';
}
return '';
}
/**
* Creats a file to be checked be cronjob before exporting the data
*/
public function dataexportAction()
{
$dumpDirectory = $this->dataImport->dumpDirectory;
$executeDumpExportFile = $dumpDirectory . self::executeExportDump;
if (!file_exists($executeDumpExportFile) && ($fileHandle = fopen($executeDumpExportFile, "w"))) {
$txt = '';
if ($this->securityContext->canBeInitialized()) {
if ($account = $this->securityContext->getAccount()) {
$jobOwner = $this->bearbeiterRepository->findOneByAccount($account);
$txt = 'Dieser Export wurde angelegt von ' . $jobOwner;
}
}
fwrite($fileHandle, $txt);
fclose($fileHandle);
$currentTimeMinutes = date('i');
$minutesFraction = substr($currentTimeMinutes, 1, 1);
$nextImportDumpExecution = 10 - $minutesFraction;
echo 'Die nächste Veröffentlichung wird in ' . $nextImportDumpExecution . ' Minuten durchgeführt.' . '<br>';
echo 'Sie dauert ca. 5 Minuten.' . '<br>';
} elseif (file_exists($executeDumpExportFile)) {
echo "Die Veröffentlichung ist bereits vorgemerkt.";
} else {
echo "Der Veröffentlichung-Job konnte leider nicht angelegt werden.";
}
exit;
}
/**
* Checks, if the current policy allows the retrieval of the object fetched by getObjectDataByIdentifier()
*
* @Flow\Around("within(TYPO3\Flow\Persistence\PersistenceManagerInterface) && method(.*->getObjectByIdentifier()) && setting(TYPO3.Flow.security.enable)")
* @param \TYPO3\Flow\Aop\JoinPointInterface $joinPoint The current joinpoint
* @return array The object data of the original object, or NULL if access is not permitted
*/
public function checkAccessAfterFetchingAnObjectByIdentifier(JoinPointInterface $joinPoint)
{
$result = $joinPoint->getAdviceChain()->proceed($joinPoint);
if ($this->securityContext->areAuthorizationChecksDisabled() === TRUE || $this->policyService->hasPolicyEntriesForEntities() === FALSE) {
return $result;
}
if ($this->securityContext->isInitialized() === FALSE) {
if ($this->securityContext->canBeInitialized() === TRUE) {
$this->securityContext->initialize();
} else {
return $result;
}
}
$authenticatedRoles = $this->securityContext->getRoles();
$entityType = $this->reflectionService->getClassNameByObject($result);
if ($this->policyService->hasPolicyEntryForEntityType($entityType, $authenticatedRoles)) {
if ($this->policyService->isGeneralAccessForEntityTypeGranted($entityType, $authenticatedRoles) === FALSE) {
return NULL;
}
$policyConstraintsDefinition = $this->policyService->getResourcesConstraintsForEntityTypeAndRoles($entityType, $authenticatedRoles);
if ($this->checkConstraintDefinitionsOnResultObject($policyConstraintsDefinition, $result) === FALSE) {
return NULL;
}
}
return $result;
}
/**
* Returns the processed Configuration
*
* @param \TYPO3\TYPO3CR\Domain\Model\NodeType $nodeType (uninitialized) The node type to process
* @param array $configuration input configuration
* @param array $options The processor options
* @return void
*/
public function process(NodeType $nodeType, array &$configuration, array $options)
{
if ($this->securityContext->canBeInitialized()) {
/* Check if user is logged in */
if ($this->securityContext->getAccount()) {
$admin = false;
$role = $this->policyService->getRole('TYPO3.Neos:Administrator');
if ($role && $this->securityContext->getAccount()->hasRole($role)) {
$admin = true;
}
if (!$admin) {
// foreach ($configuration['properties']['departmentName']['ui']['inspector']['editorOptions']['values'] as $key => $val) {
// $configuration['properties']['departmentName']['ui']['inspector']['editorOptions']['values'][$key]['disabled'] = TRUE;
// }
// if ($nodeType->getName() == 'TYPO3.Neos.NodeTypes:Page') {
// $configuration['constraints']['nodeTypes']['TYPO3.Neos.NodeTypes:Page'] = FALSE;
// }
unset($configuration['properties']['departmentName']);
}
}
}
}
/**
* Render user initials or an abbreviated name for a given username. If the account was deleted, use the username as fallback.
*
* @param string $format Supported are "fullFirstName" and "initials"
* @return string
*/
public function render($format = 'initials')
{
if (!in_array($format, array('fullFirstName', 'initials', 'fullName'))) {
throw new \InvalidArgumentException(sprintf('Format "%s" given to history:userInitials(), only supporting "fullFirstName", "initials" and "fullName".', $format), 1415705861);
}
$accountIdentifier = $this->renderChildren();
// TODO: search by credential source is still needed
/* @var $account \TYPO3\Flow\Security\Account */
$account = $this->accountRepository->findOneByAccountIdentifier($accountIdentifier);
if ($account === null) {
return $accountIdentifier;
}
/* @var $requestedUser Person */
$requestedUser = $account->getParty();
if ($requestedUser === null || $requestedUser->getName() === null) {
return $accountIdentifier;
}
if ($this->securityContext->canBeInitialized()) {
if ($this->securityContext->getAccount()) {
/** @var User $currentUser */
$currentUser = $this->securityContext->getAccount()->getParty();
if ($currentUser === $requestedUser) {
$languageIdentifier = $currentUser->getPreferences()->get('interfaceLanguage') ? $currentUser->getPreferences()->get('interfaceLanguage') : $this->defaultLanguageIdentifier;
$you = $translation = $this->translator->translateById('you', array(), 1, new Locale($languageIdentifier), 'Main', 'TYPO3.Neos');
}
}
}
switch ($format) {
case 'initials':
return mb_substr($requestedUser->getName()->getFirstName(), 0, 1) . mb_substr($requestedUser->getName()->getLastName(), 0, 1);
case 'fullFirstName':
return isset($you) ? $you : $requestedUser->getName()->getFirstName() . ' ' . mb_substr($requestedUser->getName()->getLastName(), 0, 1) . '.';
case 'fullName':
return isset($you) ? $you : $requestedUser->getName()->getFullName();
}
}
/**
* Tells if this node may be accessed according to the current security context.
*
* @return boolean
*/
public function isAccessible()
{
if ($this->hasAccessRestrictions() === false) {
return true;
}
if ($this->securityContext->canBeInitialized() === false) {
return true;
}
foreach ($this->accessRoles as $roleName) {
if ($this->securityContext->hasRole($roleName)) {
return true;
}
}
return false;
}
/**
* Creats a file to be checked be cronjob before importing the data
*/
public function dataimportAction()
{
$executeDumpImportFile = $this->dumpDirectory . self::executeImportDump;
if (!file_exists($executeDumpImportFile) && ($fileHandle = fopen($executeDumpImportFile, "w"))) {
$txt = '';
if ($this->securityContext->canBeInitialized()) {
if ($account = $this->securityContext->getAccount()) {
$jobOwner = $this->bearbeiterRepository->findOneByAccount($account);
$txt = 'Dieser Import wurde angelegt von ' . $jobOwner;
}
}
fwrite($fileHandle, $txt);
fclose($fileHandle);
$currentTimeMinutes = date('i');
$nextImportDumpExecution = 60 - $currentTimeMinutes;
echo 'Der nächste Import wird in ' . $nextImportDumpExecution . ' Minuten durchgeführt.' . '<br>';
echo 'Er dauert ca. 1 Stunde.' . '<br>';
} elseif (file_exists($executeDumpImportFile)) {
echo "Der Import ist bereits vorgemerkt.";
} else {
echo "Der Import-Job konnte leider nicht angelegt werden.";
}
exit;
}
/**
* Returns the currently logged in user, if any
*
* @return User The currently logged in user, or null
* @api
*/
public function getCurrentUser()
{
if ($this->securityContext->canBeInitialized() === true) {
$account = $this->securityContext->getAccount();
if ($account !== null) {
return $this->getUser($account->getAccountIdentifier());
}
}
return null;
}
