/**
* Returns true if the internal BE_USER has access to the module $name with $MCONF (based on security level set for that module)
*
* @param string Module name
* @param array MCONF array (module configuration array) from the modules conf.php file (contains settings about what access level the module has)
* @return boolean True if access is granted for $this->BE_USER
*/
function checkModAccess($name, $MCONF)
{
if ($MCONF['access']) {
$access = strtolower($MCONF['access']);
// Checking if admin-access is required
if (strstr($access, 'admin')) {
// If admin-permissions is required then return true if user is admin
if ($this->BE_USER->isAdmin()) {
return TRUE;
}
}
// This will add modules to the select-lists of user and groups
if (strstr($access, 'user')) {
$this->modListUser[] = $name;
}
if (strstr($access, 'group')) {
$this->modListGroup[] = $name;
}
// This checks if a user is permitted to access the module
if ($this->BE_USER->isAdmin() || $this->BE_USER->check('modules', $name)) {
return TRUE;
}
// If admin you can always access a module
} else {
return TRUE;
}
// If conf[access] is not set, then permission IS granted!
}
/**
* Determines whether the donate window is allowed to be displayed.
*
* @return boolean Whether the donate window is allowed to be displayed.
*/
public function isDonateWindowAllowed()
{
$uc = $this->backendUser->uc;
$isAdmin = $this->backendUser->isAdmin();
$firstLogin = $this->getFirstLoginTimeStamp();
$isTriggered = $firstLogin && $GLOBALS['EXEC_TIME'] - $firstLogin > self::VALUE_DonateWindowAppearsAfterDays * 86400;
$isAllowed = (bool) $GLOBALS['TYPO3_CONF_VARS']['BE']['allowDonateWindow'];
$isCancelled = isset($uc[self::FLAG_DonateWindowDisabled]) && !empty($uc[self::FLAG_DonateWindowDisabled]);
$isPostponed = isset($uc[self::FLAG_DonateWindowPostponed]) && $uc[self::FLAG_DonateWindowPostponed] > $GLOBALS['EXEC_TIME'] - self::VALUE_DonateWindowPostponeDays * 86400;
return $isAdmin && $isAllowed && $isTriggered && !$isCancelled && !$isPostponed;
}
/**
* Insert into database
* Does not check permissions but expects them to be verified on beforehand
*
* @param string Record table name
* @param string "NEW...." uid string
* @param array Array of field=>value pairs to insert. FIELDS MUST MATCH the database FIELDS. No check is done. "pid" must point to the destination of the record!
* @param boolean Set to true if new version is created.
* @param integer Suggested UID value for the inserted record. See the array $this->suggestedInsertUids; Admin-only feature
* @param boolean If true, the ->substNEWwithIDs array is not updated. Only useful in very rare circumstances!
* @return integer Returns ID on success.
*/
function insertDB($table, $id, $fieldArray, $newVersion = FALSE, $suggestedUid = 0, $dontSetNewIdIndex = FALSE)
{
global $TCA;
if (is_array($fieldArray) && is_array($TCA[$table]) && isset($fieldArray['pid'])) {
unset($fieldArray['uid']);
// Do NOT insert the UID field, ever!
if (count($fieldArray)) {
// Check for "suggestedUid".
// This feature is used by the import functionality to force a new record to have a certain UID value.
// This is only recommended for use when the destination server is a passive mirrow of another server.
// As a security measure this feature is available only for Admin Users (for now)
$suggestedUid = intval($suggestedUid);
if ($this->BE_USER->isAdmin() && $suggestedUid && $this->suggestedInsertUids[$table . ':' . $suggestedUid]) {
// When the value of ->suggestedInsertUids[...] is "DELETE" it will try to remove the previous record
if ($this->suggestedInsertUids[$table . ':' . $suggestedUid] === 'DELETE') {
// DELETE:
$GLOBALS['TYPO3_DB']->exec_DELETEquery($table, 'uid=' . intval($suggestedUid));
}
$fieldArray['uid'] = $suggestedUid;
}
$fieldArray = $this->insertUpdateDB_preprocessBasedOnFieldType($table, $fieldArray);
// Execute the INSERT query:
$GLOBALS['TYPO3_DB']->exec_INSERTquery($table, $fieldArray);
// If succees, do...:
if (!$GLOBALS['TYPO3_DB']->sql_error()) {
// Set mapping for NEW... -> real uid:
$NEW_id = $id;
// the NEW_id now holds the 'NEW....' -id
$id = $GLOBALS['TYPO3_DB']->sql_insert_id();
if (!$dontSetNewIdIndex) {
$this->substNEWwithIDs[$NEW_id] = $id;
$this->substNEWwithIDs_table[$NEW_id] = $table;
}
// Checking the record is properly saved and writing to log
if ($this->checkStoredRecords) {
$newRow = $this->checkStoredRecord($table, $id, $fieldArray, 1);
}
// Update reference index:
$this->updateRefIndex($table, $id);
if ($newVersion) {
$propArr = $this->getRecordPropertiesFromRow($table, $newRow);
$this->log($table, $id, 1, 0, 0, "New version created of table '%s', uid '%s'. UID of new version is '%s'", 10, array($table, $fieldArray['t3ver_oid'], $id), $propArr['event_pid'], $NEW_id);
} else {
$propArr = $this->getRecordPropertiesFromRow($table, $newRow);
$page_propArr = $this->getRecordProperties('pages', $propArr['pid']);
$this->log($table, $id, 1, 0, 0, "Record '%s' (%s) was inserted on page '%s' (%s)", 10, array($propArr['header'], $table . ':' . $id, $page_propArr['header'], $newRow['pid']), $newRow['pid'], $NEW_id);
// Clear cache for relavant pages:
$this->clear_cache($table, $id);
}
return $id;
} else {
$this->log($table, $id, 1, 0, 2, "SQL error: '%s' (%s)", 12, array($GLOBALS['TYPO3_DB']->sql_error(), $table . ':' . $id));
}
}
}
}
