/** * Invokes the security interception * * @return boolean TRUE if the security checks was passed * @throws AccessDeniedException * @throws AuthenticationRequiredException if an entity could not be found (assuming it is bound to the current session), causing a redirect to the authentication entrypoint * @throws NoTokensAuthenticatedException if no tokens could be found and the accessDecisionManager denied access to the privilege target, causing a redirect to the authentication entrypoint */ public function invoke() { $reason = ''; $privilegeSubject = new MethodPrivilegeSubject($this->joinPoint); try { $this->authenticationManager->authenticate(); } catch (EntityNotFoundException $exception) { throw new AuthenticationRequiredException('Could not authenticate. Looks like a broken session.', 1358971444, $exception); } catch (NoTokensAuthenticatedException $noTokensAuthenticatedException) { // We still need to check if the privilege is available to "TYPO3.Flow:Everybody". if ($this->privilegeManager->isGranted(\TYPO3\Flow\Security\Authorization\Privilege\Method\MethodPrivilegeInterface::class, $privilegeSubject, $reason) === FALSE) { throw new NoTokensAuthenticatedException($noTokensAuthenticatedException->getMessage() . chr(10) . $reason, $noTokensAuthenticatedException->getCode()); } } if ($this->privilegeManager->isGranted(\TYPO3\Flow\Security\Authorization\Privilege\Method\MethodPrivilegeInterface::class, $privilegeSubject, $reason) === FALSE) { throw new AccessDeniedException($this->renderDecisionReasonMessage($reason), 1222268609); } }
/** * Collect node data and traverse child nodes * * @param array &$nodes * @param NodeInterface $node * @param string $nodeTypeFilter * @param integer $depth levels of child nodes to fetch. 0 = unlimited * @param \TYPO3\TYPO3CR\Domain\Model\NodeInterface $untilNode if given, expand all nodes on the rootline towards $untilNode, no matter what is defined with $depth. * @param integer $recursionPointer current recursion level * @return void */ protected function collectChildNodeData(array &$nodes, NodeInterface $node, $nodeTypeFilter, $depth = 0, NodeInterface $untilNode = NULL, $recursionPointer = 1) { foreach ($node->getChildNodes($nodeTypeFilter) as $childNode) { if (!$this->privilegeManager->isGranted(NodeTreePrivilege::class, new NodePrivilegeSubject($childNode))) { continue; } /** @var NodeInterface $childNode */ $expand = $depth === 0 || $recursionPointer < $depth; if ($expand === FALSE && $untilNode !== NULL && strpos($untilNode->getPath(), $childNode->getPath()) === 0 && $childNode !== $untilNode) { // in case $untilNode is set, and the current childNode is on the rootline of $untilNode (and not the node itself), expand the node. $expand = TRUE; } switch ($this->outputStyle) { case self::STYLE_LIST: $nodeType = $childNode->getNodeType()->getName(); $properties = $childNode->getProperties(); $properties['__contextNodePath'] = $childNode->getContextPath(); $properties['__workspaceName'] = $childNode->getWorkspace()->getName(); $properties['__nodeName'] = $childNode->getName(); $properties['__nodeType'] = $nodeType; $properties['__title'] = $nodeType === 'TYPO3.Neos:Document' ? $childNode->getProperty('title') : $childNode->getLabel(); array_push($nodes, $properties); if ($expand) { $this->collectChildNodeData($nodes, $childNode, $nodeTypeFilter, $depth, $untilNode, $recursionPointer + 1); } break; case self::STYLE_TREE: $children = array(); $hasChildNodes = $childNode->hasChildNodes($nodeTypeFilter) === TRUE; if ($expand && $hasChildNodes) { $this->collectChildNodeData($children, $childNode, $nodeTypeFilter, $depth, $untilNode, $recursionPointer + 1); } array_push($nodes, $this->collectTreeNodeData($childNode, $expand, $children, $hasChildNodes)); } } }
/** * @param NodeInterface $node * @param string $propertyName * @return boolean */ public function isGrantedToEditNodeProperty(NodeInterface $node, $propertyName) { $privilegeSubject = new PropertyAwareNodePrivilegeSubject($node, NULL, $propertyName); return $this->privilegeManager->isGranted(EditNodePropertyPrivilege::class, $privilegeSubject); }