Exemplo n.º 1
0
 /**
  * Add the Annotated Method to the Navigation
  *
  * @param \TYPO3\FLOW3\AOP\JoinPointInterface $joinPoint
  * @FLOW3\Before("method(public .*\Controller\.*Controller->.*Action(.*))")
  * @return void
  */
 public function addNavigationitem(\TYPO3\FLOW3\AOP\JoinPointInterface $joinPoint)
 {
     $currentClassName = $joinPoint->getClassName();
     $currentMethodName = $joinPoint->getMethodName();
     $controllers = $this->reflectionService->getAllSubClassNamesForClass("\\TYPO3\\FLOW3\\MVC\\Controller\\ActionController");
     foreach ($controllers as $className) {
         $methods = get_class_methods($className);
         if (is_array($methods)) {
             foreach ($methods as $methodName) {
                 if ($this->reflectionService->isMethodAnnotatedWith($className, $methodName, "Admin\\Annotations\\Navigation")) {
                     $annotations = $this->reflectionService->getMethodAnnotations($className, $methodName, "Admin\\Annotations\\Navigation");
                     foreach ($annotations as $annotation) {
                         $action = str_replace("Action", "", $methodName);
                         $controller = $this->helper->getControllerByClassName($className);
                         $package = $this->objectManager->getPackageKeyByObjectName($className);
                         $arguments = array("action" => $action, "controller" => $controller, "package" => $package);
                         $title = !is_null($annotation->title) ? $annotation->title : sprintf("%s (%s)", $controller, $action);
                         \Admin\Core\API::addNavigationitem($title, $annotation->position, $arguments, $annotation->priority, $annotation->parent);
                     }
                 }
             }
         }
     }
     $settings = $this->helper->getSettings("Admin.Navigation");
     foreach ($settings as $position => $items) {
         foreach ($items as $title => $conf) {
             $priority = isset($conf["priority"]) ? $conf["priority"] : 100;
             $arguments = $conf["Arguments"];
             \Admin\Core\API::addNavigationitem($title, strtolower($position), $arguments, $priority);
         }
     }
 }
Exemplo n.º 2
0
 /**
  * Adds a CSRF token as argument in the URI builder
  *
  * @FLOW3\Before("setting(TYPO3.FLOW3.security.enable) && method(TYPO3\FLOW3\Mvc\Routing\UriBuilder->build())")
  * @param \TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint The current join point
  * @return void
  */
 public function addCsrfTokenToUri(\TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint)
 {
     $uriBuilder = $joinPoint->getProxy();
     $arguments = $joinPoint->getMethodArgument('arguments');
     $packageKey = isset($arguments['@package']) ? $arguments['@package'] : '';
     $subpackageKey = isset($arguments['@subpackage']) ? $arguments['@subpackage'] : '';
     $controllerName = isset($arguments['@controller']) ? $arguments['@controller'] : 'Standard';
     $actionName = (isset($arguments['@action']) ? $arguments['@action'] : 'index') . 'Action';
     $possibleObjectName = '@package\\@subpackage\\Controller\\@controllerController';
     $possibleObjectName = str_replace('@package', str_replace('.', '\\', $packageKey), $possibleObjectName);
     $possibleObjectName = str_replace('@subpackage', $subpackageKey, $possibleObjectName);
     $possibleObjectName = str_replace('@controller', $controllerName, $possibleObjectName);
     $possibleObjectName = str_replace('\\\\', '\\', $possibleObjectName);
     $lowercaseObjectName = strtolower($possibleObjectName);
     $className = $this->objectManager->getClassNameByObjectName($this->objectManager->getCaseSensitiveObjectName($lowercaseObjectName));
     if ($this->policyService->hasPolicyEntryForMethod($className, $actionName) && !$this->reflectionService->isMethodAnnotatedWith($className, $actionName, 'TYPO3\\FLOW3\\Annotations\\SkipCsrfProtection')) {
         $internalArguments = $uriBuilder->getArguments();
         $internalArguments['__csrfToken'] = $this->securityContext->getCsrfProtectionToken();
         $uriBuilder->setArguments($internalArguments);
     }
 }
Exemplo n.º 3
0
 /**
  * Advices the dispatch method so that illegal requests are blocked before invoking
  * any controller.
  *
  * @FLOW3\Around("method(TYPO3\FLOW3\MVC\Dispatcher->dispatch())")
  * @param \TYPO3\FLOW3\AOP\JoinPointInterface $joinPoint The current joinpoint
  * @return mixed Result of the advice chain
  */
 public function checkAccess(\TYPO3\FLOW3\AOP\JoinPointInterface $joinPoint)
 {
     $this->securityManager->setRequest($joinPoint->getMethodArgument('request'));
     $this->securityManager->setResponse($joinPoint->getMethodArgument('response'));
     $request = $joinPoint->getMethodArgument('request');
     if (is_a($request, "\\TYPO3\\FLOW3\\MVC\\Web\\Request")) {
         $className = $request->getControllerObjectName();
         $methodName = $request->getControllerActionName() . 'Action';
         try {
             if (!empty($className) && $this->reflectionService->isMethodAnnotatedWith($className, $methodName, "Admin\\Annotations\\Access")) {
                 $annotation = $this->reflectionService->getMethodAnnotation($className, $methodName, "Admin\\Annotations\\Access");
                 if (!is_object($user = $this->securityManager->getUser())) {
                     return $this->securityManager->redirectToLogin($joinPoint);
                 }
                 if ($annotation->admin && !$user->isAdmin()) {
                     return $this->securityManager->redirectToLogin($joinPoint);
                 }
                 if ($annotation->role !== null) {
                     $hasRole = false;
                     foreach ($user->getRoles() as $role) {
                         if ($role->getName() == $annotation->role) {
                             $hasRole = true;
                         }
                     }
                     if (!$hasRole) {
                         $message = new \TYPO3\FLOW3\Error\Error("You don't have access to this page!");
                         $this->flashMessageContainer->addMessage($message);
                         return $this->securityManager->redirectToLogin($joinPoint);
                     }
                 }
             }
         } catch (\Exception $e) {
         }
     }
     if (is_object($adviceChain = $joinPoint->getAdviceChain())) {
         $result = $adviceChain->proceed($joinPoint);
         return $result;
     }
 }