/** * Advices the dispatch method so that illegal requests are blocked before invoking * any controller. * * @FLOW3\Around("method(TYPO3\FLOW3\MVC\Dispatcher->dispatch())") * @param \TYPO3\FLOW3\AOP\JoinPointInterface $joinPoint The current joinpoint * @return mixed Result of the advice chain */ public function checkAccess(\TYPO3\FLOW3\AOP\JoinPointInterface $joinPoint) { $this->securityManager->setRequest($joinPoint->getMethodArgument('request')); $this->securityManager->setResponse($joinPoint->getMethodArgument('response')); $request = $joinPoint->getMethodArgument('request'); if (is_a($request, "\\TYPO3\\FLOW3\\MVC\\Web\\Request")) { $className = $request->getControllerObjectName(); $methodName = $request->getControllerActionName() . 'Action'; try { if (!empty($className) && $this->reflectionService->isMethodAnnotatedWith($className, $methodName, "Admin\\Annotations\\Access")) { $annotation = $this->reflectionService->getMethodAnnotation($className, $methodName, "Admin\\Annotations\\Access"); if (!is_object($user = $this->securityManager->getUser())) { return $this->securityManager->redirectToLogin($joinPoint); } if ($annotation->admin && !$user->isAdmin()) { return $this->securityManager->redirectToLogin($joinPoint); } if ($annotation->role !== null) { $hasRole = false; foreach ($user->getRoles() as $role) { if ($role->getName() == $annotation->role) { $hasRole = true; } } if (!$hasRole) { $message = new \TYPO3\FLOW3\Error\Error("You don't have access to this page!"); $this->flashMessageContainer->addMessage($message); return $this->securityManager->redirectToLogin($joinPoint); } } } } catch (\Exception $e) { } } if (is_object($adviceChain = $joinPoint->getAdviceChain())) { $result = $adviceChain->proceed($joinPoint); return $result; } }
/** * This function tries to find yet unmatched dependencies which need to be injected via "inject*" setter methods. * * @param array &$objectConfigurations * @return void * @throws \TYPO3\FLOW3\Object\Exception if an injected property is private */ protected function autowireProperties(array &$objectConfigurations) { foreach ($objectConfigurations as $objectConfiguration) { $className = $objectConfiguration->getClassName(); $properties = $objectConfiguration->getProperties(); foreach (get_class_methods($className) as $methodName) { if (substr($methodName, 0, 6) === 'inject') { $propertyName = strtolower(substr($methodName, 6, 1)) . substr($methodName, 7); $autowiringAnnotation = $this->reflectionService->getMethodAnnotation($className, $methodName, 'TYPO3\\FLOW3\\Annotations\\Autowiring'); if ($autowiringAnnotation !== NULL && $autowiringAnnotation->enabled === FALSE) { continue; } if ($methodName === 'injectSettings') { $packageKey = $objectConfiguration->getPackageKey(); if ($packageKey !== NULL) { $properties[$propertyName] = new ConfigurationProperty($propertyName, $packageKey, ConfigurationProperty::PROPERTY_TYPES_SETTING); } } else { if (array_key_exists($propertyName, $properties)) { continue; } $methodParameters = $this->reflectionService->getMethodParameters($className, $methodName); if (count($methodParameters) !== 1) { $this->systemLogger->log(sprintf('Could not autowire property %s because %s() expects %s instead of exactly 1 parameter.', "{$className}::{$propertyName}", $methodName, count($methodParameters) ?: 'none'), LOG_DEBUG); continue; } $methodParameter = array_pop($methodParameters); if ($methodParameter['class'] === NULL) { $this->systemLogger->log(sprintf('Could not autowire property %s because the method parameter in %s() contained no class type hint.', "{$className}::{$propertyName}", $methodName), LOG_DEBUG); continue; } $properties[$propertyName] = new ConfigurationProperty($propertyName, $methodParameter['class'], ConfigurationProperty::PROPERTY_TYPES_OBJECT); } } } foreach ($this->reflectionService->getPropertyNamesByAnnotation($className, 'TYPO3\\FLOW3\\Annotations\\Inject') as $propertyName) { if ($this->reflectionService->isPropertyPrivate($className, $propertyName)) { $exceptionMessage = 'The property "' . $propertyName . '" in class "' . $className . '" must not be private when annotated for injection.'; throw new \TYPO3\FLOW3\Object\Exception($exceptionMessage, 1328109641); } if (!array_key_exists($propertyName, $properties)) { $objectName = trim(implode('', $this->reflectionService->getPropertyTagValues($className, $propertyName, 'var')), ' \\'); $properties[$propertyName] = new ConfigurationProperty($propertyName, $objectName, ConfigurationProperty::PROPERTY_TYPES_OBJECT); } } $objectConfiguration->setProperties($properties); } }
/** * Adds the needed valiators to the Arguments: * * - Validators checking the data type from the @param annotation * - Custom validators specified with validate annotations. * - Model-based validators (validate annotations in the model) * - Custom model validator classes * * @return void */ protected function initializeActionMethodValidators() { $validationGroups = array('Default', 'Controller'); $validationGroupsAnnotation = $this->reflectionService->getMethodAnnotation(get_class($this), $this->actionMethodName, 'TYPO3\\FLOW3\\Annotations\\ValidationGroups'); if ($validationGroupsAnnotation !== NULL) { $validationGroups = $validationGroupsAnnotation->validationGroups; } $parameterValidators = $this->validatorResolver->buildMethodArgumentsValidatorConjunctions(get_class($this), $this->actionMethodName); foreach ($this->arguments as $argument) { $validator = $parameterValidators[$argument->getName()]; $baseValidatorConjunction = $this->validatorResolver->getBaseValidatorConjunction($argument->getDataType(), $validationGroups); if (count($baseValidatorConjunction) > 0) { $validator->addValidator($baseValidatorConjunction); } $argument->setValidator($validator); } }