/** * Returns true if the internal BE_USER has access to the module $name with $MCONF (based on security level set for that module) * * @param string Module name * @param array MCONF array (module configuration array) from the modules conf.php file (contains settings about what access level the module has) * @return boolean True if access is granted for $this->BE_USER */ function checkModAccess($name, $MCONF) { if ($MCONF['access']) { $access = strtolower($MCONF['access']); // Checking if admin-access is required if (strstr($access, 'admin')) { // If admin-permissions is required then return true if user is admin if ($this->BE_USER->isAdmin()) { return TRUE; } } // This will add modules to the select-lists of user and groups if (strstr($access, 'user')) { $this->modListUser[] = $name; } if (strstr($access, 'group')) { $this->modListGroup[] = $name; } // This checks if a user is permitted to access the module if ($this->BE_USER->isAdmin() || $this->BE_USER->check('modules', $name)) { return TRUE; } // If admin you can always access a module } else { return TRUE; } // If conf[access] is not set, then permission IS granted! }
/** * Determines whether the donate window is allowed to be displayed. * * @return boolean Whether the donate window is allowed to be displayed. */ public function isDonateWindowAllowed() { $uc = $this->backendUser->uc; $isAdmin = $this->backendUser->isAdmin(); $firstLogin = $this->getFirstLoginTimeStamp(); $isTriggered = $firstLogin && $GLOBALS['EXEC_TIME'] - $firstLogin > self::VALUE_DonateWindowAppearsAfterDays * 86400; $isAllowed = (bool) $GLOBALS['TYPO3_CONF_VARS']['BE']['allowDonateWindow']; $isCancelled = isset($uc[self::FLAG_DonateWindowDisabled]) && !empty($uc[self::FLAG_DonateWindowDisabled]); $isPostponed = isset($uc[self::FLAG_DonateWindowPostponed]) && $uc[self::FLAG_DonateWindowPostponed] > $GLOBALS['EXEC_TIME'] - self::VALUE_DonateWindowPostponeDays * 86400; return $isAdmin && $isAllowed && $isTriggered && !$isCancelled && !$isPostponed; }
/** * Insert into database * Does not check permissions but expects them to be verified on beforehand * * @param string Record table name * @param string "NEW...." uid string * @param array Array of field=>value pairs to insert. FIELDS MUST MATCH the database FIELDS. No check is done. "pid" must point to the destination of the record! * @param boolean Set to true if new version is created. * @param integer Suggested UID value for the inserted record. See the array $this->suggestedInsertUids; Admin-only feature * @param boolean If true, the ->substNEWwithIDs array is not updated. Only useful in very rare circumstances! * @return integer Returns ID on success. */ function insertDB($table, $id, $fieldArray, $newVersion = FALSE, $suggestedUid = 0, $dontSetNewIdIndex = FALSE) { global $TCA; if (is_array($fieldArray) && is_array($TCA[$table]) && isset($fieldArray['pid'])) { unset($fieldArray['uid']); // Do NOT insert the UID field, ever! if (count($fieldArray)) { // Check for "suggestedUid". // This feature is used by the import functionality to force a new record to have a certain UID value. // This is only recommended for use when the destination server is a passive mirrow of another server. // As a security measure this feature is available only for Admin Users (for now) $suggestedUid = intval($suggestedUid); if ($this->BE_USER->isAdmin() && $suggestedUid && $this->suggestedInsertUids[$table . ':' . $suggestedUid]) { // When the value of ->suggestedInsertUids[...] is "DELETE" it will try to remove the previous record if ($this->suggestedInsertUids[$table . ':' . $suggestedUid] === 'DELETE') { // DELETE: $GLOBALS['TYPO3_DB']->exec_DELETEquery($table, 'uid=' . intval($suggestedUid)); } $fieldArray['uid'] = $suggestedUid; } $fieldArray = $this->insertUpdateDB_preprocessBasedOnFieldType($table, $fieldArray); // Execute the INSERT query: $GLOBALS['TYPO3_DB']->exec_INSERTquery($table, $fieldArray); // If succees, do...: if (!$GLOBALS['TYPO3_DB']->sql_error()) { // Set mapping for NEW... -> real uid: $NEW_id = $id; // the NEW_id now holds the 'NEW....' -id $id = $GLOBALS['TYPO3_DB']->sql_insert_id(); if (!$dontSetNewIdIndex) { $this->substNEWwithIDs[$NEW_id] = $id; $this->substNEWwithIDs_table[$NEW_id] = $table; } // Checking the record is properly saved and writing to log if ($this->checkStoredRecords) { $newRow = $this->checkStoredRecord($table, $id, $fieldArray, 1); } // Update reference index: $this->updateRefIndex($table, $id); if ($newVersion) { $propArr = $this->getRecordPropertiesFromRow($table, $newRow); $this->log($table, $id, 1, 0, 0, "New version created of table '%s', uid '%s'. UID of new version is '%s'", 10, array($table, $fieldArray['t3ver_oid'], $id), $propArr['event_pid'], $NEW_id); } else { $propArr = $this->getRecordPropertiesFromRow($table, $newRow); $page_propArr = $this->getRecordProperties('pages', $propArr['pid']); $this->log($table, $id, 1, 0, 0, "Record '%s' (%s) was inserted on page '%s' (%s)", 10, array($propArr['header'], $table . ':' . $id, $page_propArr['header'], $newRow['pid']), $newRow['pid'], $NEW_id); // Clear cache for relavant pages: $this->clear_cache($table, $id); } return $id; } else { $this->log($table, $id, 1, 0, 2, "SQL error: '%s' (%s)", 12, array($GLOBALS['TYPO3_DB']->sql_error(), $table . ':' . $id)); } } } }