/** * Iterates through elements of $each and renders child nodes * * @param string $as * @return string Rendered string * @author Marc Neuhaus <*****@*****.**> * @api */ public function render($as = "user") { if ($as == null) { $as = $get; } $this->templateVariableContainer->add($as, $this->securityManager->getUser()); $output = $this->renderChildren(); $this->templateVariableContainer->remove($as); return $output; }
/** * Returns a query for objects of this repository * * @return \TYPO3\FLOW3\Persistence\Doctrine\Query * @api */ public function createQuery() { $query = parent::createQuery(); if ($this->helper->isDemoMode()) { if ($this->securityManager->getUser()) { $query->matching($query->logicalNot($query->equals("accountIdentifier", $this->helper->getSettings("Admin.SuperAdmin")))); } } return $query; }
/** * Advices the dispatch method so that illegal requests are blocked before invoking * any controller. * * @FLOW3\Around("method(TYPO3\FLOW3\MVC\Dispatcher->dispatch())") * @param \TYPO3\FLOW3\AOP\JoinPointInterface $joinPoint The current joinpoint * @return mixed Result of the advice chain */ public function checkAccess(\TYPO3\FLOW3\AOP\JoinPointInterface $joinPoint) { $this->securityManager->setRequest($joinPoint->getMethodArgument('request')); $this->securityManager->setResponse($joinPoint->getMethodArgument('response')); $request = $joinPoint->getMethodArgument('request'); if (is_a($request, "\\TYPO3\\FLOW3\\MVC\\Web\\Request")) { $className = $request->getControllerObjectName(); $methodName = $request->getControllerActionName() . 'Action'; try { if (!empty($className) && $this->reflectionService->isMethodAnnotatedWith($className, $methodName, "Admin\\Annotations\\Access")) { $annotation = $this->reflectionService->getMethodAnnotation($className, $methodName, "Admin\\Annotations\\Access"); if (!is_object($user = $this->securityManager->getUser())) { return $this->securityManager->redirectToLogin($joinPoint); } if ($annotation->admin && !$user->isAdmin()) { return $this->securityManager->redirectToLogin($joinPoint); } if ($annotation->role !== null) { $hasRole = false; foreach ($user->getRoles() as $role) { if ($role->getName() == $annotation->role) { $hasRole = true; } } if (!$hasRole) { $message = new \TYPO3\FLOW3\Error\Error("You don't have access to this page!"); $this->flashMessageContainer->addMessage($message); return $this->securityManager->redirectToLogin($joinPoint); } } } } catch (\Exception $e) { } } if (is_object($adviceChain = $joinPoint->getAdviceChain())) { $result = $adviceChain->proceed($joinPoint); return $result; } }