[FEATURE] Introduce PageTypeEnhancer
[Packages/TYPO3.CMS.git] / typo3 / sysext / frontend / Classes / Middleware / PageResolver.php
1 <?php
2 declare(strict_types = 1);
3 namespace TYPO3\CMS\Frontend\Middleware;
4
5 /*
6 * This file is part of the TYPO3 CMS project.
7 *
8 * It is free software; you can redistribute it and/or modify it under
9 * the terms of the GNU General Public License, either version 2
10 * of the License, or any later version.
11 *
12 * For the full copyright and license information, please read the
13 * LICENSE.txt file that was distributed with this source code.
14 *
15 * The TYPO3 project - inspiring people to share!
16 */
17
18 use Psr\Http\Message\ResponseInterface;
19 use Psr\Http\Message\ServerRequestInterface;
20 use Psr\Http\Server\MiddlewareInterface;
21 use Psr\Http\Server\RequestHandlerInterface;
22 use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
23 use TYPO3\CMS\Core\Context\Context;
24 use TYPO3\CMS\Core\Context\UserAspect;
25 use TYPO3\CMS\Core\Context\WorkspaceAspect;
26 use TYPO3\CMS\Core\Database\ConnectionPool;
27 use TYPO3\CMS\Core\Database\Query\Restriction\DeletedRestriction;
28 use TYPO3\CMS\Core\Database\Query\Restriction\FrontendWorkspaceRestriction;
29 use TYPO3\CMS\Core\Routing\PageArguments;
30 use TYPO3\CMS\Core\Routing\SiteRouteResult;
31 use TYPO3\CMS\Core\Site\Entity\Site;
32 use TYPO3\CMS\Core\Site\Entity\SiteInterface;
33 use TYPO3\CMS\Core\Site\Entity\SiteLanguage;
34 use TYPO3\CMS\Core\Type\Bitmask\Permission;
35 use TYPO3\CMS\Core\Utility\GeneralUtility;
36 use TYPO3\CMS\Core\Utility\MathUtility;
37 use TYPO3\CMS\Frontend\Controller\ErrorController;
38 use TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController;
39 use TYPO3\CMS\Frontend\Page\PageAccessFailureReasons;
40
41 /**
42 * Process the ID, type and other parameters.
43 * After this point we have an array, TSFE->page, which is the page-record of the current page, $TSFE->id.
44 *
45 * Now, if there is a backend user logged in and he has NO access to this page,
46 * then re-evaluate the id shown!
47 */
48 class PageResolver implements MiddlewareInterface
49 {
50 /**
51 * @var TypoScriptFrontendController
52 */
53 protected $controller;
54
55 public function __construct(TypoScriptFrontendController $controller = null)
56 {
57 $this->controller = $controller ?? $GLOBALS['TSFE'];
58 }
59
60 /**
61 * Resolve the page ID
62 *
63 * @param ServerRequestInterface $request
64 * @param RequestHandlerInterface $handler
65 * @return ResponseInterface
66 */
67 public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
68 {
69 // First, resolve the root page of the site, the Page ID of the current domain
70 if (($site = $request->getAttribute('site', null)) instanceof SiteInterface) {
71 $this->controller->domainStartPage = $site->getRootPageId();
72 }
73 $language = $request->getAttribute('language', null);
74
75 $hasSiteConfiguration = $language instanceof SiteLanguage && $site instanceof Site;
76
77 // Resolve the page ID based on TYPO3's native routing functionality
78 if ($hasSiteConfiguration) {
79 /** @var SiteRouteResult $previousResult */
80 $previousResult = $request->getAttribute('routing', null);
81 if (!$previousResult) {
82 return GeneralUtility::makeInstance(ErrorController::class)->pageNotFoundAction(
83 $request,
84 'The requested page does not exist',
85 ['code' => PageAccessFailureReasons::PAGE_NOT_FOUND]
86 );
87 }
88
89 $requestId = (string)($request->getQueryParams()['id'] ?? '');
90 if (!empty($requestId) && !empty($page = $this->resolvePageId($requestId))) {
91 // Legacy URIs (?id=12345) takes precedence, not matter if a route is given
92 $pageArguments = new PageArguments(
93 (int)($page['l10n_parent'] ?: $page['uid']),
94 (string)($request->getQueryParams()['type'] ?? '0'),
95 [],
96 [],
97 $request->getQueryParams()
98 );
99 } else {
100 // Check for the route
101 $pageArguments = $site->getRouter()->matchRequest($request, $previousResult);
102 }
103 if ($pageArguments === null || !$pageArguments->getPageId()) {
104 return GeneralUtility::makeInstance(ErrorController::class)->pageNotFoundAction(
105 $request,
106 'The requested page does not exist',
107 ['code' => PageAccessFailureReasons::PAGE_NOT_FOUND]
108 );
109 }
110
111 $this->controller->id = $pageArguments->getPageId();
112 $this->controller->type = $pageArguments->getPageType() ?? $this->controller->type;
113 $request = $request->withAttribute('routing', $pageArguments);
114 // stop in case arguments are dirty (=defined twice in route and GET query parameters)
115 if ($pageArguments->areDirty()) {
116 return GeneralUtility::makeInstance(ErrorController::class)->pageNotFoundAction(
117 $request,
118 'The requested URL is not distinct',
119 ['code' => PageAccessFailureReasons::PAGE_NOT_FOUND]
120 );
121 }
122
123 // merge the PageArguments with the request query parameters
124 $queryParams = array_replace_recursive($request->getQueryParams(), $pageArguments->getArguments());
125 $request = $request->withQueryParams($queryParams);
126 $this->controller->setPageArguments($pageArguments);
127
128 // At this point, we later get further route modifiers
129 // for bw-compat we update $GLOBALS[TYPO3_REQUEST] to be used later in TSFE.
130 $GLOBALS['TYPO3_REQUEST'] = $request;
131 } else {
132 // old-school page resolving for realurl, cooluri etc.
133 $this->controller->siteScript = $request->getAttribute('normalizedParams')->getSiteScript();
134 if (!empty($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tslib/class.tslib_fe.php']['checkAlternativeIdMethods-PostProc'])) {
135 trigger_error('The "checkAlternativeIdMethods-PostProc" hook will be removed in TYPO3 v10.0 in favor of PSR-15. Use a middleware instead.', E_USER_DEPRECATED);
136 $this->checkAlternativeIdMethods($this->controller);
137 }
138 }
139
140 $this->controller->determineId();
141
142 // No access? Then remove user & Re-evaluate the page-id
143 if ($this->controller->isBackendUserLoggedIn() && !$GLOBALS['BE_USER']->doesUserHaveAccess($this->controller->page, Permission::PAGE_SHOW)) {
144 unset($GLOBALS['BE_USER']);
145 // Register an empty backend user as aspect
146 $this->setBackendUserAspect(GeneralUtility::makeInstance(Context::class), null);
147 if (!$hasSiteConfiguration) {
148 $this->checkAlternativeIdMethods($this->controller);
149 }
150 $this->controller->determineId();
151 }
152
153 return $handler->handle($request);
154 }
155
156 /**
157 * Provides ways to bypass the '?id=[xxx]&type=[xx]' format, using either PATH_INFO or Server Rewrites
158 *
159 * Two options:
160 * 1) Use PATH_INFO (also Apache) to extract id and type from that var. Does not require any special modules compiled with apache. (less typical)
161 * 2) Using hook which enables features like those provided from "realurl" extension (AKA "Speaking URLs")
162 *
163 * @param TypoScriptFrontendController $tsfe
164 */
165 protected function checkAlternativeIdMethods(TypoScriptFrontendController $tsfe)
166 {
167 // Call post processing function for custom URL methods.
168 $_params = ['pObj' => &$tsfe];
169 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tslib/class.tslib_fe.php']['checkAlternativeIdMethods-PostProc'] ?? [] as $_funcRef) {
170 GeneralUtility::callUserFunction($_funcRef, $_params, $tsfe);
171 }
172 }
173
174 /**
175 * @param string $pageId
176 * @return array|null
177 */
178 protected function resolvePageId(string $pageId): ?array
179 {
180 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)
181 ->getQueryBuilderForTable('pages');
182 $queryBuilder
183 ->getRestrictions()
184 ->removeAll()
185 ->add(GeneralUtility::makeInstance(DeletedRestriction::class))
186 ->add(GeneralUtility::makeInstance(FrontendWorkspaceRestriction::class));
187
188 if (MathUtility::canBeInterpretedAsInteger($pageId)) {
189 $constraint = $queryBuilder->expr()->eq(
190 'uid',
191 $queryBuilder->createNamedParameter($pageId, \PDO::PARAM_INT)
192 );
193 } else {
194 $constraint = $queryBuilder->expr()->eq(
195 'alias',
196 $queryBuilder->createNamedParameter($pageId, \PDO::PARAM_STR)
197 );
198 }
199
200 $statement = $queryBuilder
201 ->select('uid', 'l10n_parent', 'pid')
202 ->from('pages')
203 ->where($constraint)
204 ->execute();
205
206 $page = $statement->fetch();
207 if (empty($page)) {
208 return null;
209 }
210 return $page;
211 }
212
213 /**
214 * Register the backend user as aspect
215 *
216 * @param Context $context
217 * @param BackendUserAuthentication $user
218 */
219 protected function setBackendUserAspect(Context $context, BackendUserAuthentication $user = null)
220 {
221 $context->setAspect('backend.user', GeneralUtility::makeInstance(UserAspect::class, $user));
222 $context->setAspect('workspace', GeneralUtility::makeInstance(WorkspaceAspect::class, $user ? $user->workspace : 0));
223 }
224 }