/** * Check if department of logged in User match with department property of page node and hide this node if true * * @param \TYPO3\Flow\AOP\JoinPointInterface $joinPoint * @Flow\Around("method(TYPO3\TYPO3CR\Security\Authorization\Privilege\Node\___NotUse___EditNodePrivilege->matchesSubject(PrivilegeSubjectInterface $subject))") * @return boolean */ public function checkMatchesSubjectForCreatingNodes($joinPoint) { $matchesSubject = $joinPoint->getMethodArgument('subject'); $result = $joinPoint->getAdviceChain()->proceed($joinPoint); // if ($matchesSubject instanceof \TYPO3\Flow\Security\Authorization\Privilege\Method\CreateNodePrivilegeSubject === false) return false; if ($result) { if ($this->securityContext->getParty() instanceof User) { // get access rights depending on matching users and pages department if ($this->getPropertyRecursive($matchesSubject->getNode(), 'departmentName') == $this->securityContext->getParty()->getDepartment()) { return false; } else { return true; } } else { $role = $this->policyService->getRole('TYPO3.Neos:Administrator'); if ($role) { foreach ($this->securityContext->getParty()->getAccounts() as $account) { if ($account->hasRole($role)) { return false; } } } } } return $result; }
/** * Shows a form for creating a new news object * * @return void */ public function newAction() { $this->view->assign('folders', $this->folderService->listAll()); $this->view->assign('related', $this->newsService->getEnabledNews()); $this->view->assign('newsCategories', $this->categoryService->getEnabledLatestCategories()); $this->view->assign('tags', $this->tagService->listAll()); $this->view->assign('user', $this->securityContext->getParty()); }
/** * Check if an administrator is logged in or the owner of a project and deny access if someone else is trying to access * * @param \GIB\GradingTool\Domain\Model\Project $project */ public function checkOwnerOrAdministratorAndDenyIfNeeded(\GIB\GradingTool\Domain\Model\Project $project) { // check if the user has access to this project if ($this->securityContext->getParty() !== $project->getProjectManager() && !array_key_exists('GIB.GradingTool:Administrator', $this->securityContext->getRoles())) { // add a flash message $message = new \TYPO3\Flow\Error\Message('Access denied.', \TYPO3\Flow\Error\Message::SEVERITY_ERROR); $this->flashMessageContainer->addMessage($message); $this->redirect('index', 'Standard'); } }
/** * Get the news list by selection * * @param \Lelesys\Plugin\News\Domain\Model\Category $category The category * @param \Lelesys\Plugin\News\Domain\Model\Folder $folder The folder * @return \TYPO3\Flow\Persistence\QueryResultInterface The query result */ public function getNewsAdmin(\Lelesys\Plugin\News\Domain\Model\Category $category = NULL, \Lelesys\Plugin\News\Domain\Model\Folder $folder = NULL) { $query = $this->createQuery(); $queryBuilder = ObjectAccess::getProperty($query, 'queryBuilder', TRUE); $constraints = array(); $user = ''; if ($this->securityContext->hasRole('Lelesys.Plugin.News:NewsAdmin')) { if (!empty($folder)) { $constraints[] = 'n.folder = ' . "'" . $folder->getUuid() . "'"; } } else { $party = $this->securityContext->getParty(); $user = $this->persistenceManager->getIdentifierByObject($party); $constraints[] = 'n.createdBy = ' . "'" . $user . "'"; } if (!empty($category)) { $constraints[] = 'c.Persistence_Object_Identifier IN (' . "'" . $category->getUuid() . "'" . ')'; } $newsConstraints = ''; $count = count($constraints); $newCount = 1; foreach ($constraints as $contraint) { if ($count > $newCount) { $newsConstraints .= $contraint . ' AND '; } else { $newsConstraints .= $contraint; } $newCount++; } $queryBuilder->resetDQLParts()->select('n')->from('Lelesys\\Plugin\\News\\Domain\\Model\\News', 'n'); if (!empty($category)) { $queryBuilder->leftjoin('n.categories', 'c'); } if (!empty($category) || !empty($folder) || $user !== '') { $queryBuilder->where($newsConstraints); } $queryBuilder->orderBy('n.dateTime', 'DESC'); return $query->execute(); }