/**
* Checks if the page id, $id, is found within the webmounts set up for the user.
* This should ALWAYS be checked for any page id a user works with, whether it's about reading, writing or whatever.
* The point is that this will add the security that a user can NEVER touch parts outside his mounted pages in the page tree. This is otherwise possible if the raw page permissions allows for it. So this security check just makes it easier to make safe user configurations.
* If the user is admin OR if this feature is disabled (fx. by setting TYPO3_CONF_VARS['BE']['lockBeUserToDBmounts']=0) then it returns "1" right away
* Otherwise the function will return the uid of the webmount which was first found in the rootline of the input page $id
*
* @param integer Page ID to check
* @param string Content of "->getPagePermsClause(1)" (read-permissions). If not set, they will be internally calculated (but if you have the correct value right away you can save that database lookup!)
* @param boolean If set, then the function will exit with an error message.
* @return integer The page UID of a page in the rootline that matched a mount point
*/
function isInWebMount($id, $readPerms = '', $exitOnError = 0)
{
if (!$GLOBALS['TYPO3_CONF_VARS']['BE']['lockBeUserToDBmounts'] || $this->isAdmin()) {
return 1;
}
$id = intval($id);
// Check if input id is an offline version page in which case we will map id to the online version:
$checkRec = t3lib_beFUnc::getRecord('pages', $id, 'pid,t3ver_oid');
if ($checkRec['pid'] == -1) {
$id = intval($checkRec['t3ver_oid']);
}
if (!$readPerms) {
$readPerms = $this->getPagePermsClause(1);
}
if ($id > 0) {
$wM = $this->returnWebmounts();
$rL = t3lib_BEfunc::BEgetRootLine($id, ' AND ' . $readPerms);
foreach ($rL as $v) {
if ($v['uid'] && in_array($v['uid'], $wM)) {
return $v['uid'];
}
}
}
if ($exitOnError) {
t3lib_BEfunc::typo3PrintError('Access Error', 'This page is not within your DB-mounts', 0);
exit;
}
}
/**
* Checks if the page id, $id, is found within the webmounts set up for the user.
* This should ALWAYS be checked for any page id a user works with, whether it's about reading, writing or whatever.
* The point is that this will add the security that a user can NEVER touch parts outside his mounted pages in the page tree. This is otherwise possible if the raw page permissions allows for it. So this security check just makes it easier to make safe user configurations.
* If the user is admin OR if this feature is disabled (fx. by setting TYPO3_CONF_VARS['BE']['lockBeUserToDBmounts']=0) then it returns "1" right away
* Otherwise the function will return the uid of the webmount which was first found in the rootline of the input page $id
*
* @param integer $id Page ID to check
* @param string $readPerms Content of "->getPagePermsClause(1)" (read-permissions). If not set, they will be internally calculated (but if you have the correct value right away you can save that database lookup!)
* @param boolean $exitOnError If set, then the function will exit with an error message.
* @return integer The page UID of a page in the rootline that matched a mount point
* @todo Define visibility
*/
public function isInWebMount($id, $readPerms = '', $exitOnError = 0)
{
if (!$GLOBALS['TYPO3_CONF_VARS']['BE']['lockBeUserToDBmounts'] || $this->isAdmin()) {
return 1;
}
$id = intval($id);
// Check if input id is an offline version page in which case we will map id to the online version:
$checkRec = \t3lib_beFUnc::getRecord('pages', $id, 'pid,t3ver_oid');
if ($checkRec['pid'] == -1) {
$id = intval($checkRec['t3ver_oid']);
}
if (!$readPerms) {
$readPerms = $this->getPagePermsClause(1);
}
if ($id > 0) {
$wM = $this->returnWebmounts();
$rL = \TYPO3\CMS\Backend\Utility\BackendUtility::BEgetRootLine($id, ' AND ' . $readPerms);
foreach ($rL as $v) {
if ($v['uid'] && in_array($v['uid'], $wM)) {
return $v['uid'];
}
}
}
if ($exitOnError) {
throw new \RuntimeException('Access Error: This page is not within your DB-mounts', 1294586445);
}
}
