/** * Log a message if a post is deleted * * @param \TYPO3\Flow\Aop\JoinPointInterface $joinPoint * @Flow\Around("method(TYPO3\Neos\View\TypoScriptView->render())") * @return void */ public function replacePlaceholdersIfNecessary(\TYPO3\Flow\Aop\JoinPointInterface $joinPoint) { $result = $joinPoint->getAdviceChain()->proceed($joinPoint); /* @var $typoScriptView TypoScriptView */ $typoScriptView = $joinPoint->getProxy(); $viewVariables = ObjectAccess::getProperty($typoScriptView, 'variables', TRUE); if (!isset($viewVariables['value']) || !$viewVariables['value']->getNodeType()->isOfType('Sandstorm.Newsletter:Newsletter')) { // No newsletter, so logic does not apply return $result; } /* @var $httpRequest Request */ $httpRequest = $this->controllerContext->getRequest()->getHttpRequest(); $arguments = $httpRequest->getUri()->getArguments(); if (!isset($arguments['hmac'])) { if ($this->securityContext->isInitialized() && $this->securityContext->hasRole('TYPO3.Neos:Editor')) { // Logged into backend, so we don't need to do anything. return $result; } else { // No HMAC sent -- so we return the email INCLUDING placeholders (as per customer's request) return $result; //return '<h1>Error: HMAC not included in the link.</h1>'; } } $actualHmac = $arguments['hmac']; $uriWithoutHmac = str_replace('&hmac=' . $actualHmac, '', (string) $httpRequest->getUri()); $expectedHmac = hash_hmac('sha1', urldecode($uriWithoutHmac), $this->hmacUrlSecret); if ($expectedHmac !== $actualHmac) { return '<h1>Error: Wrong link clicked.</h1>Please contact your administrator for help'; } $result = preg_replace_callback(ReplacePlaceholdersInLiveImplementation::PLACEHOLDER_REGEX, function ($element) use($arguments) { return ObjectAccess::getPropertyPath($arguments, $element[1]); }, $result); return $result; }
/** * Returns TRUE, if at least one of the currently authenticated accounts holds * a role with the given identifier, also recursively. * * @param string $roleIdentifier The string representation of the role to search for * @return boolean TRUE, if a role with the given string representation was found */ public function hasRole($roleIdentifier) { if ($roleIdentifier === 'TYPO3.Flow:Everybody') { return true; } if ($this->securityContext->canBeInitialized()) { return $this->securityContext->hasRole($roleIdentifier); } return false; }
/** * @param Participant $participant */ public function updateAction(Participant $participant) { $participantEntity = $participant->getPayload(); if ($participantEntity->getAccount() !== NULL && $participantEntity->getAccount() !== $this->securityContext->getAccount() && !$this->securityContext->hasRole('T3DD.Backend:Administrator')) { $this->response->setStatus(403); return; } if (!$participantEntity->isCompleted()) { $participantEntity->setCompleted(TRUE); $participantEntity->setAccount($this->securityContext->getAccount()); } $this->participantRepository->update($participantEntity); $this->view->assign('value', $participant); }
/** * renders <f:then> child if the role could be found in the security context, * otherwise renders <f:else> child. * * @param string $role The role * @param string $packageKey PackageKey of the package defining the role * @return string the rendered string * @api */ public function render($role, $packageKey = NULL) { if ($role !== 'Everybody' && $role !== 'Anonymous' && $role !== 'AuthenticatedUser' && strpos($role, '.') === FALSE && strpos($role, ':') === FALSE) { if ($packageKey === NULL) { $request = $this->controllerContext->getRequest(); $role = $request->getControllerPackageKey() . ':' . $role; } else { $role = $packageKey . ':' . $role; } } if ($this->securityContext->hasRole($role)) { return $this->renderThenChild(); } else { return $this->renderElseChild(); } }
/** * renders <f:then> child if the role could be found in the security context, * otherwise renders <f:else> child. * * @param string $role The role or role identifier * @param string $packageKey PackageKey of the package defining the role * @param Account $account If specified, this subject of this check is the given Account instead of the currently authenticated account * @return string the rendered string * @api */ public function render($role, $packageKey = null, Account $account = null) { if (is_string($role)) { $roleIdentifier = $role; if (in_array($roleIdentifier, array('Everybody', 'Anonymous', 'AuthenticatedUser'))) { $roleIdentifier = 'TYPO3.Flow:' . $roleIdentifier; } if (strpos($roleIdentifier, '.') === false && strpos($roleIdentifier, ':') === false) { if ($packageKey === null) { $request = $this->controllerContext->getRequest(); $roleIdentifier = $request->getControllerPackageKey() . ':' . $roleIdentifier; } else { $roleIdentifier = $packageKey . ':' . $roleIdentifier; } } $role = $this->policyService->getRole($roleIdentifier); } if ($account instanceof Account) { $hasRole = $account->hasRole($role); } else { $hasRole = $this->securityContext->hasRole($role->getIdentifier()); } if ($hasRole) { return $this->renderThenChild(); } else { return $this->renderElseChild(); } }
/** * @param \T3DD\Backend\Domain\Model\Registration\Registration $registration */ public function deleteAction(\T3DD\Backend\Domain\Model\Registration\Registration $registration) { if (!$this->securityContext->hasRole('T3DD.Backend:Administrator') && (!$registration->getSecondsToExpiration() || $registration->getAccount() !== $this->securityContext->getAccount())) { $this->response->setStatus(403); return; } $this->registrationRepository->remove($registration); $this->view->assign('value', NULL); }
/** * @return boolean */ protected function shouldIncludeSecurityContext() { if (!isset($this->options['whitelistRoles'])) { return TRUE; } foreach ($this->options['whitelistRoles'] as $roleIdentifier) { if ($this->securityContext->hasRole($roleIdentifier)) { return FALSE; } } return TRUE; }
/** * @param Session $session */ public function deleteAction(Session $session) { if ($session->getAccount() !== $this->securityContext->getAccount() && !$this->securityContext->hasRole('T3DD.Backend:Administrator')) { $this->response->setStatus(403); return; } foreach ($this->voteRepository->findBySession($session) as $vote) { $this->voteRepository->remove($vote); } $this->sessionRepository->remove($session); // TODO Fix redirect $this->redirect('index'); }
/** * @param NodeInterface $referenceNode * @param string $action * @throws AccessDeniedException */ protected function checkNodeEditAccess(NodeInterface $referenceNode, $action = 'remove') { $nodeType = $referenceNode->getNodeType()->getName(); if ($this->securityContext->hasRole('SimplyAdmire.Cap.Api:Editor')) { return; } if ($nodeType === 'SimplyAdmire.Cap.PersonBundle:Person') { $identifier = $referenceNode->getIdentifier(); if ($identifier === $this->getActiveProfile()->getIdentifier()) { return; } } $author = $referenceNode->getProperty('author'); if ($author instanceof NodeInterface) { $identifier = $referenceNode->getProperty('author')->getIdentifier(); if ($identifier === $this->getActiveProfile()->getIdentifier()) { return; } } throw new AccessDeniedException('You do not have access to ' . $action . ' this node'); }
/** * Get the news list by selection * * @param \Lelesys\Plugin\News\Domain\Model\Category $category The category * @param \Lelesys\Plugin\News\Domain\Model\Folder $folder The folder * @return \TYPO3\Flow\Persistence\QueryResultInterface The query result */ public function getNewsAdmin(\Lelesys\Plugin\News\Domain\Model\Category $category = NULL, \Lelesys\Plugin\News\Domain\Model\Folder $folder = NULL) { $query = $this->createQuery(); $queryBuilder = ObjectAccess::getProperty($query, 'queryBuilder', TRUE); $constraints = array(); $user = ''; if ($this->securityContext->hasRole('Lelesys.Plugin.News:NewsAdmin')) { if (!empty($folder)) { $constraints[] = 'n.folder = ' . "'" . $folder->getUuid() . "'"; } } else { $party = $this->securityContext->getParty(); $user = $this->persistenceManager->getIdentifierByObject($party); $constraints[] = 'n.createdBy = ' . "'" . $user . "'"; } if (!empty($category)) { $constraints[] = 'c.Persistence_Object_Identifier IN (' . "'" . $category->getUuid() . "'" . ')'; } $newsConstraints = ''; $count = count($constraints); $newCount = 1; foreach ($constraints as $contraint) { if ($count > $newCount) { $newsConstraints .= $contraint . ' AND '; } else { $newsConstraints .= $contraint; } $newCount++; } $queryBuilder->resetDQLParts()->select('n')->from('Lelesys\\Plugin\\News\\Domain\\Model\\News', 'n'); if (!empty($category)) { $queryBuilder->leftjoin('n.categories', 'c'); } if (!empty($category) || !empty($folder) || $user !== '') { $queryBuilder->where($newsConstraints); } $queryBuilder->orderBy('n.dateTime', 'DESC'); return $query->execute(); }
/** * Tells if this node may be accessed according to the current security context. * * @return boolean */ public function isAccessible() { if ($this->hasAccessRestrictions() === false) { return true; } if ($this->securityContext->canBeInitialized() === false) { return true; } foreach ($this->accessRoles as $roleName) { if ($this->securityContext->hasRole($roleName)) { return true; } } return false; }
/** * Initializes the view with common variables. * * @param \TYPO3\Flow\Mvc\View\ViewInterface $view * @return void */ protected function initializeView(\TYPO3\Flow\Mvc\View\ViewInterface $view) { // We don't need to do all this for json responses. if ($this->request->hasArgument('json')) { return; } // Are user an Editor? $isEditor = 0; if ($this->securityContext->hasRole('_OurBrand_.Business:worker')) { $isEditor = 1; } // Are user an Admin? $isAdmin = 0; if ($this->currentUser->isAdministrator()) { $isAdmin = 1; } $inDev = 0; if (strstr($_SERVER['HTTP_HOST'], '.local')) { $inDev = 1; } // Get file stamp $fileStamp = time(); if ($this->environment->getContext() == 'Production' && file_exists(FLOW_PATH_ROOT . 'Data/Temporary/Production/Configuration/ProductionConfigurations.php')) { $fileStamp = @filemtime(FLOW_PATH_ROOT . 'Data/Temporary/Production/Configuration/ProductionConfigurations.php'); } // Exercise categories $exerciseCategoryRepository = new \_OurBrand_\Quiz\Domain\Repository\ExerciseCategoryRepository(); $exerciseCategories = $exerciseCategoryRepository->findAll(); $subjectRepository = new \_OurBrand_\Quiz\Domain\Repository\SubjectRepository(); $this->view->assign('archiveUri', $this->getArchiveUri()); $this->view->assign('UIPath', $this->settings['UIPath']); $this->view->assign('isEditor', $isEditor); $this->view->assign('isAdmin', $isAdmin); $this->view->assign('inDev', $inDev); $this->view->assign('logintime', $fileStamp); // When was system updated? $this->view->assign('exerciseCategories', $exerciseCategories); $this->view->assign('user', $this->currentUser); if ($this->request->hasArgument('exercise') || $this->request->hasArgument('currentExercise')) { $exercise = $this->getExerciseFromArgument(); if (is_a($exercise, '\\_OurBrand_\\Quiz\\Domain\\Model\\Exercise')) { // Set type $objectName = explode('\\', get_class($exercise)); $exerciseType = $this->exerciseTypeRepository->findOneByObjectName(array_pop($objectName)); $exercise->setType($exerciseType); $durations = $this->getDurationsForExercise($this->settings['exercise']['durations']); $this->view->assign('editExerciseDurations', $durations); $this->view->assign('editExerciseCategories', $this->getExerciseCategories($exercise)); $this->view->assign('editExerciseDifficulties', $this->getDifficultiesForExercise()); $this->view->assign('previewExerciseDuration', $this->getExerciseDurationLabel($exercise)); $this->view->assign('previewExerciseSkill', $this->getExerciseSkillLabel($exercise)); $this->view->assign('previewExerciseDifficulty', $this->getExerciseDifficultyLabel($exercise)); $this->view->assign('previewExerciseIsHintSet', $exercise->getHint() != '' ? 1 : 0); $this->view->assign('previewExerciseIsExplanationSet', $exercise->getExplanation() != '' ? 1 : 0); $this->view->assign('subjectOptions', $subjectRepository->findAll()); $this->view->assign('subjectPlaceholder', $this->translateById('quiz.placeholder.subject')); } $quiz = $exercise->getQuiz(); } else { if ($this->request->hasArgument('quiz')) { $quiz = $this->getQuizFromArgument(); } } // Get/Set duration. $duration = 0; if (isset($quiz) && is_a($quiz, '\\_OurBrand_\\Quiz\\Domain\\Model\\Quiz')) { $duration = $quiz->getDuration(); } $this->view->assign('duration', gmdate("H:i", $duration)); }
/** * Checks if the current user may publish to the given workspace according to one the roles of the user's accounts * * In future versions, this logic may be implemented in Neos in a more generic way (for example, by means of an * ACL object), but for now, this method exists in order to at least centralize and encapsulate the required logic. * * @param Workspace $workspace The workspace * @return boolean */ public function currentUserCanPublishToWorkspace(Workspace $workspace) { if ($workspace->getName() === 'live') { return $this->securityContext->hasRole('TYPO3.Neos:LivePublisher'); } if ($workspace->getOwner() === $this->getCurrentUser() || $workspace->getOwner() === null) { return true; } return false; }
/** * Tells if this node may be accessed according to the current security context. * * @return boolean */ public function isAccessible() { // TODO: if security context can not be initialized (because too early), we return TRUE. if ($this->hasAccessRestrictions() === FALSE) { return TRUE; } foreach ($this->accessRoles as $roleName) { if ($this->securityContext->hasRole($roleName)) { return TRUE; } } return FALSE; }