/**
* Add the Annotated Method to the Navigation
*
* @param \TYPO3\FLOW3\AOP\JoinPointInterface $joinPoint
* @FLOW3\Before("method(protected TYPO3\Fluid\View\TemplateView->getLayoutPathAndFilename(.*))")
* @return void
*/
public function addNavigationitem(\TYPO3\FLOW3\AOP\JoinPointInterface $joinPoint)
{
$layout = $joinPoint->getMethodArgument("layoutName");
if (stristr($layout, "resource://")) {
$joinPoint->getProxy()->setLayoutPathAndFilename($layout);
}
}
/**
* Logs calls of destroy()
*
* @FLOW3\Before("within(TYPO3\FLOW3\Session\SessionInterface) && method(.*->destroy())")
* @param \TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint The current joinpoint
* @return mixed The result of the target method if it has not been intercepted
*/
public function logDestroy(\TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint)
{
$session = $joinPoint->getProxy();
if ($session->isStarted()) {
$reason = $joinPoint->isMethodArgument('reason') ? $joinPoint->getMethodArgument('reason') : 'no reason given';
$this->systemLogger->log(sprintf('Destroyed session with id %s: %s', $joinPoint->getProxy()->getId(), $reason), LOG_DEBUG);
}
}
/**
* Logs exceptional results of the NodeService's getNodeByContextNodePath() method which is called by FrontendNodeRoutePartHandler::matchValue()
*
* @FLOW3\AfterThrowing("method(TYPO3\TYPO3\Service\NodeService->getNodeByContextNodePath())")
* @param \TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint The current join point
* @return void
*/
public function logFailedMatch(\TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint)
{
$relativeContextNodePath = $joinPoint->getMethodArgument('relativeContextNodePath');
$exception = $joinPoint->getException();
if ($exception !== NULL) {
$this->systemLogger->log(sprintf('%s failed to retrieve a node for path "%s" with message: %s', $joinPoint->getClassName(), $relativeContextNodePath, $exception->getMessage()), LOG_INFO);
}
}
/**
* Convert the object to its context path, if we deal with TYPO3CR nodes.
*
* @FLOW3\Around("method(TYPO3\FLOW3\Persistence\AbstractPersistenceManager->convertObjectToIdentityArray())")
* @param \TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint the joinpoint
* @return string|array the context path to be used for routing
*/
public function convertNodeToContextPathForRouting(\TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint)
{
$objectArgument = $joinPoint->getMethodArgument('object');
if ($objectArgument instanceof NodeInterface) {
return $objectArgument->getContextPath();
} else {
return $joinPoint->getAdviceChain()->proceed($joinPoint);
}
}
/**
* Advices the dispatch method so that illegal requests are blocked before invoking
* any controller.
*
* @FLOW3\Around("method(TYPO3\FLOW3\MVC\Dispatcher->dispatch())")
* @param \TYPO3\FLOW3\AOP\JoinPointInterface $joinPoint The current joinpoint
* @return mixed Result of the advice chain
*/
public function checkAccess(\TYPO3\FLOW3\AOP\JoinPointInterface $joinPoint)
{
$this->securityManager->setRequest($joinPoint->getMethodArgument('request'));
$this->securityManager->setResponse($joinPoint->getMethodArgument('response'));
$request = $joinPoint->getMethodArgument('request');
if (is_a($request, "\\TYPO3\\FLOW3\\MVC\\Web\\Request")) {
$className = $request->getControllerObjectName();
$methodName = $request->getControllerActionName() . 'Action';
try {
if (!empty($className) && $this->reflectionService->isMethodAnnotatedWith($className, $methodName, "Admin\\Annotations\\Access")) {
$annotation = $this->reflectionService->getMethodAnnotation($className, $methodName, "Admin\\Annotations\\Access");
if (!is_object($user = $this->securityManager->getUser())) {
return $this->securityManager->redirectToLogin($joinPoint);
}
if ($annotation->admin && !$user->isAdmin()) {
return $this->securityManager->redirectToLogin($joinPoint);
}
if ($annotation->role !== null) {
$hasRole = false;
foreach ($user->getRoles() as $role) {
if ($role->getName() == $annotation->role) {
$hasRole = true;
}
}
if (!$hasRole) {
$message = new \TYPO3\FLOW3\Error\Error("You don't have access to this page!");
$this->flashMessageContainer->addMessage($message);
return $this->securityManager->redirectToLogin($joinPoint);
}
}
}
} catch (\Exception $e) {
}
}
if (is_object($adviceChain = $joinPoint->getAdviceChain())) {
$result = $adviceChain->proceed($joinPoint);
return $result;
}
}
/**
* Adds a CSRF token as argument in the URI builder
*
* @FLOW3\Before("setting(TYPO3.FLOW3.security.enable) && method(TYPO3\FLOW3\Mvc\Routing\UriBuilder->build())")
* @param \TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint The current join point
* @return void
*/
public function addCsrfTokenToUri(\TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint)
{
$uriBuilder = $joinPoint->getProxy();
$arguments = $joinPoint->getMethodArgument('arguments');
$packageKey = isset($arguments['@package']) ? $arguments['@package'] : '';
$subpackageKey = isset($arguments['@subpackage']) ? $arguments['@subpackage'] : '';
$controllerName = isset($arguments['@controller']) ? $arguments['@controller'] : 'Standard';
$actionName = (isset($arguments['@action']) ? $arguments['@action'] : 'index') . 'Action';
$possibleObjectName = '@package\\@subpackage\\Controller\\@controllerController';
$possibleObjectName = str_replace('@package', str_replace('.', '\\', $packageKey), $possibleObjectName);
$possibleObjectName = str_replace('@subpackage', $subpackageKey, $possibleObjectName);
$possibleObjectName = str_replace('@controller', $controllerName, $possibleObjectName);
$possibleObjectName = str_replace('\\\\', '\\', $possibleObjectName);
$lowercaseObjectName = strtolower($possibleObjectName);
$className = $this->objectManager->getClassNameByObjectName($this->objectManager->getCaseSensitiveObjectName($lowercaseObjectName));
if ($this->policyService->hasPolicyEntryForMethod($className, $actionName) && !$this->reflectionService->isMethodAnnotatedWith($className, $actionName, 'TYPO3\\FLOW3\\Annotations\\SkipCsrfProtection')) {
$internalArguments = $uriBuilder->getArguments();
$internalArguments['__csrfToken'] = $this->securityContext->getCsrfProtectionToken();
$uriBuilder->setArguments($internalArguments);
}
}
/**
* Logs calls and results of decideOnJoinPoint()
*
* @FLOW3\AfterThrowing("method(TYPO3\FLOW3\Security\Authorization\AccessDecisionVoterManager->decideOnJoinPoint())")
*
* @param \TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint
* @throws \Exception
* @return void
*/
public function logJoinPointAccessDecisions(\TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint)
{
$exception = $joinPoint->getException();
$subjectJoinPoint = $joinPoint->getMethodArgument('joinPoint');
$message = $exception->getMessage() . ' to method ' . $subjectJoinPoint->getClassName() . '::' . $subjectJoinPoint->getMethodName() . '().';
$this->securityLogger->log($message, \LOG_INFO);
throw $exception;
}
/**
* Advices the dispatch method so that access denied exceptions are transformed into the correct
* response status.
*
* @FLOW3\Around("setting(TYPO3.FLOW3.security.enable) && method(TYPO3\FLOW3\Mvc\Dispatcher->dispatch())")
* @param \TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint The current joinpoint
* @return mixed Result of the advice chain
*/
public function setAccessDeniedResponseHeader(\TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint)
{
$response = $joinPoint->getMethodArgument('response');
try {
return $joinPoint->getAdviceChain()->proceed($joinPoint);
} catch (\TYPO3\FLOW3\Security\Exception\AccessDeniedException $exception) {
if ($response instanceof \TYPO3\FLOW3\Http\Response) {
$response->setStatus(403);
}
$response->setContent('Access denied!');
}
}
/**
* Returns the publish path and filename to be used to publish the specified persistent resource
*
* @FLOW3\Around("method(TYPO3\FLOW3\Resource\Publishing\FileSystemPublishingTarget->buildPersistentResourcePublishPathAndFilename()) && setting(TYPO3.FLOW3.security.enable)")
* @param \TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint The current join point
* @return mixed Result of the target method
*/
public function rewritePersistentResourcePublishPathAndFilenameForPrivateResources(\TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint)
{
$resource = $joinPoint->getMethodArgument('resource');
$configuration = $resource->getPublishingConfiguration();
$returnFilename = $joinPoint->getMethodArgument('returnFilename');
if ($configuration === NULL || $configuration instanceof \TYPO3\FLOW3\Security\Authorization\Resource\SecurityPublishingConfiguration === FALSE) {
return $joinPoint->getAdviceChain()->proceed($joinPoint);
}
$publishingPath = FALSE;
$allowedRoles = $configuration->getAllowedRoles();
if (count(array_intersect($allowedRoles, $this->securityContext->getRoles())) > 0) {
$publishingPath = \TYPO3\FLOW3\Utility\Files::concatenatePaths(array($joinPoint->getProxy()->getResourcesPublishingPath(), 'Persistent/', $this->session->getID())) . '/';
$filename = $resource->getResourcePointer()->getHash() . '.' . $resource->getFileExtension();
\TYPO3\FLOW3\Utility\Files::createDirectoryRecursively($publishingPath);
$this->accessRestrictionPublisher->publishAccessRestrictionsForPath($publishingPath);
if ($this->settings['resource']['publishing']['fileSystem']['mirrorMode'] === 'link') {
foreach ($allowedRoles as $role) {
$roleDirectory = \TYPO3\FLOW3\Utility\Files::concatenatePaths(array($this->environment->getPathToTemporaryDirectory(), 'PrivateResourcePublishing/', $role));
\TYPO3\FLOW3\Utility\Files::createDirectoryRecursively($roleDirectory);
if (file_exists($publishingPath . $role)) {
if (\TYPO3\FLOW3\Utility\Files::is_link(\TYPO3\FLOW3\Utility\Files::concatenatePaths(array($publishingPath, $role))) && realpath(\TYPO3\FLOW3\Utility\Files::concatenatePaths(array($publishingPath, $role))) === $roleDirectory) {
continue;
}
unlink($publishingPath . $role);
symlink($roleDirectory, \TYPO3\FLOW3\Utility\Files::concatenatePaths(array($publishingPath, $role)));
} else {
symlink($roleDirectory, \TYPO3\FLOW3\Utility\Files::concatenatePaths(array($publishingPath, $role)));
}
}
$publishingPath = \TYPO3\FLOW3\Utility\Files::concatenatePaths(array($publishingPath, $allowedRoles[0])) . '/';
}
if ($returnFilename === TRUE) {
$publishingPath = \TYPO3\FLOW3\Utility\Files::concatenatePaths(array($publishingPath, $filename));
}
}
return $publishingPath;
}
/**
* @FLOW3\Around("method(public TYPO3\FLOW3\Tests\Functional\Aop\Fixtures\TargetClass01->greet())")
* @param \TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint
* @return string
*/
public function changeNameArgumentAdvice(\TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint)
{
if ($joinPoint->getMethodArgument('name') === 'Andi') {
$joinPoint->setMethodArgument('name', 'Robert');
}
return $joinPoint->getAdviceChain()->proceed($joinPoint);
}
