/** * Creates the editing form with TCEforms, based on the input from GPvars. * * @return string HTML form elements wrapped in tables */ public function makeEditForm() { // Initialize variables: $this->elementsData = array(); $this->errorC = 0; $this->newC = 0; $thePrevUid = ''; $editForm = ''; $trData = NULL; $beUser = $this->getBackendUser(); // Traverse the GPvar edit array // Tables: foreach ($this->editconf as $table => $conf) { if (is_array($conf) && $GLOBALS['TCA'][$table] && $beUser->check('tables_modify', $table)) { // Traverse the keys/comments of each table (keys can be a commalist of uids) foreach ($conf as $cKey => $cmd) { if ($cmd == 'edit' || $cmd == 'new') { // Get the ids: $ids = GeneralUtility::trimExplode(',', $cKey, TRUE); // Traverse the ids: foreach ($ids as $theUid) { // Checking if the user has permissions? (Only working as a precaution, // because the final permission check is always down in TCE. But it's // good to notify the user on beforehand...) // First, resetting flags. $hasAccess = 1; $deniedAccessReason = ''; $deleteAccess = 0; $this->viewId = 0; // If the command is to create a NEW record...: if ($cmd == 'new') { // NOTICE: the id values in this case points to the page uid onto which the // record should be create OR (if the id is negativ) to a record from the // same table AFTER which to create the record. if ((int) $theUid) { // Find parent page on which the new record reside // Less than zero - find parent page if ($theUid < 0) { $calcPRec = BackendUtility::getRecord($table, abs($theUid)); $calcPRec = BackendUtility::getRecord('pages', $calcPRec['pid']); } else { // always a page $calcPRec = BackendUtility::getRecord('pages', abs($theUid)); } // Now, calculate whether the user has access to creating new records on this position: if (is_array($calcPRec)) { // Permissions for the parent page $CALC_PERMS = $beUser->calcPerms($calcPRec); if ($table == 'pages') { // If pages: $hasAccess = $CALC_PERMS & Permission::PAGE_NEW ? 1 : 0; $this->viewId = 0; } else { $hasAccess = $CALC_PERMS & Permission::CONTENT_EDIT ? 1 : 0; $this->viewId = $calcPRec['uid']; } } } // Don't save this document title in the document selector if the document is new. $this->dontStoreDocumentRef = 1; } else { // Edit: $calcPRec = BackendUtility::getRecord($table, $theUid); BackendUtility::fixVersioningPid($table, $calcPRec); if (is_array($calcPRec)) { if ($table == 'pages') { // If pages: $CALC_PERMS = $beUser->calcPerms($calcPRec); $hasAccess = $CALC_PERMS & Permission::PAGE_EDIT ? 1 : 0; $deleteAccess = $CALC_PERMS & Permission::PAGE_DELETE ? 1 : 0; $this->viewId = $calcPRec['uid']; } else { // Fetching pid-record first $CALC_PERMS = $beUser->calcPerms(BackendUtility::getRecord('pages', $calcPRec['pid'])); $hasAccess = $CALC_PERMS & Permission::CONTENT_EDIT ? 1 : 0; $deleteAccess = $CALC_PERMS & Permission::CONTENT_EDIT ? 1 : 0; $this->viewId = $calcPRec['pid']; // Adding "&L=xx" if the record being edited has a languageField with a value larger than zero! if ($GLOBALS['TCA'][$table]['ctrl']['languageField'] && $calcPRec[$GLOBALS['TCA'][$table]['ctrl']['languageField']] > 0) { $this->viewId_addParams = '&L=' . $calcPRec[$GLOBALS['TCA'][$table]['ctrl']['languageField']]; } } // Check internals regarding access: $isRootLevelRestrictionIgnored = BackendUtility::isRootLevelRestrictionIgnored($table); if ($hasAccess || (int) $calcPRec['pid'] === 0 && $isRootLevelRestrictionIgnored) { $hasAccess = $beUser->recordEditAccessInternals($table, $calcPRec); $deniedAccessReason = $beUser->errorMsg; } } else { $hasAccess = 0; } } if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['typo3/alt_doc.php']['makeEditForm_accessCheck'])) { foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['typo3/alt_doc.php']['makeEditForm_accessCheck'] as $_funcRef) { $_params = array('table' => $table, 'uid' => $theUid, 'cmd' => $cmd, 'hasAccess' => $hasAccess); $hasAccess = GeneralUtility::callUserFunction($_funcRef, $_params, $this); } } // AT THIS POINT we have checked the access status of the editing/creation of // records and we can now proceed with creating the form elements: if ($hasAccess) { /** @var DataPreprocessor $trData */ $prevPageID = is_object($trData) ? $trData->prevPageID : ''; $trData = GeneralUtility::makeInstance(DataPreprocessor::class); $trData->addRawData = TRUE; $trData->defVals = $this->defVals; $trData->lockRecords = 1; $trData->prevPageID = $prevPageID; // 'new' $trData->fetchRecord($table, $theUid, $cmd == 'new' ? 'new' : ''); $rec = reset($trData->regTableItems_data); $rec['uid'] = $cmd == 'new' ? uniqid('NEW', TRUE) : $theUid; if ($cmd == 'new') { $rec['pid'] = $theUid == 'prev' ? $thePrevUid : $theUid; } $this->elementsData[] = array('table' => $table, 'uid' => $rec['uid'], 'pid' => $rec['pid'], 'cmd' => $cmd, 'deleteAccess' => $deleteAccess); // Now, render the form: if (is_array($rec)) { // Setting visual path / title of form: $this->generalPathOfForm = $this->tceforms->getRecordPath($table, $rec); if (!$this->storeTitle) { $this->storeTitle = $this->recTitle ? htmlspecialchars($this->recTitle) : BackendUtility::getRecordTitle($table, $rec, TRUE); } // Setting variables in TCEforms object: if (is_array($this->overrideVals) && is_array($this->overrideVals[$table])) { $this->tceforms->hiddenFieldListArr = array_keys($this->overrideVals[$table]); } // Create form for the record (either specific list of fields or the whole record): $panel = ''; if ($this->columnsOnly) { if (is_array($this->columnsOnly)) { $panel .= $this->tceforms->getListedFields($table, $rec, $this->columnsOnly[$table]); } else { $panel .= $this->tceforms->getListedFields($table, $rec, $this->columnsOnly); } } else { $panel .= $this->tceforms->getMainFields($table, $rec); } $panel = $this->tceforms->wrapTotal($panel, $rec, $table); // Setting the pid value for new records: if ($cmd == 'new') { $panel .= '<input type="hidden" name="data[' . $table . '][' . $rec['uid'] . '][pid]" value="' . $rec['pid'] . '" />'; $this->newC++; } // Display "is-locked" message: if ($lockInfo = BackendUtility::isRecordLocked($table, $rec['uid'])) { /** @var $flashMessage \TYPO3\CMS\Core\Messaging\FlashMessage */ $flashMessage = GeneralUtility::makeInstance(FlashMessage::class, htmlspecialchars($lockInfo['msg']), '', FlashMessage::WARNING); /** @var $flashMessageService \TYPO3\CMS\Core\Messaging\FlashMessageService */ $flashMessageService = GeneralUtility::makeInstance(FlashMessageService::class); /** @var $defaultFlashMessageQueue \TYPO3\CMS\Core\Messaging\FlashMessageQueue */ $defaultFlashMessageQueue = $flashMessageService->getMessageQueueByIdentifier(); $defaultFlashMessageQueue->enqueue($flashMessage); } // Combine it all: $editForm .= $panel; } $thePrevUid = $rec['uid']; } else { $this->errorC++; $editForm .= $this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:labels.noEditPermission', TRUE) . '<br /><br />' . ($deniedAccessReason ? 'Reason: ' . htmlspecialchars($deniedAccessReason) . '<br /><br />' : ''); } } } } } } return $editForm; }