[TASK] Remove old class files in ext:perm
[Packages/TYPO3.CMS.git] / typo3 / sysext / perm / Classes / Controller / PermissionAjaxController.php
1 <?php
2 namespace TYPO3\CMS\Perm\Controller;
3
4 /***************************************************************
5 * Copyright notice
6 *
7 * (c) 2007-2013 mehrwert (typo3@mehrwert.de)
8 * All rights reserved
9 *
10 * This script is part of the TYPO3 project. The TYPO3 project is
11 * free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * The GNU General Public License can be found at
17 * http://www.gnu.org/copyleft/gpl.html.
18 *
19 * This script is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
23 *
24 * This copyright notice MUST APPEAR in all copies of the script!
25 ***************************************************************/
26
27 use TYPO3\CMS\Backend\Utility\BackendUtility;
28
29 /**
30 * This class extends the permissions module in the TYPO3 Backend to provide
31 * convenient methods of editing of page permissions (including page ownership
32 * (user and group)) via new AjaxRequestHandler facility
33 *
34 * @author Andreas Kundoch <typo3@mehrwert.de>
35 * @license GPL
36 * @since TYPO3_4-2
37 */
38 class PermissionAjaxController {
39
40 // The local configuration array
41 protected $conf = array();
42
43 // TYPO3 Back Path
44 protected $backPath = '../../../';
45
46 /********************************************
47 *
48 * Init method for this class
49 *
50 ********************************************/
51 /**
52 * The constructor of this class
53 */
54 public function __construct() {
55 $GLOBALS['LANG']->includeLLFile('EXT:lang/locallang_mod_web_perm.xlf');
56 // Configuration, variable assignment
57 $this->conf['page'] = \TYPO3\CMS\Core\Utility\GeneralUtility::_POST('page');
58 $this->conf['who'] = \TYPO3\CMS\Core\Utility\GeneralUtility::_POST('who');
59 $this->conf['mode'] = \TYPO3\CMS\Core\Utility\GeneralUtility::_POST('mode');
60 $this->conf['bits'] = intval(\TYPO3\CMS\Core\Utility\GeneralUtility::_POST('bits'));
61 $this->conf['permissions'] = intval(\TYPO3\CMS\Core\Utility\GeneralUtility::_POST('permissions'));
62 $this->conf['action'] = \TYPO3\CMS\Core\Utility\GeneralUtility::_POST('action');
63 $this->conf['ownerUid'] = intval(\TYPO3\CMS\Core\Utility\GeneralUtility::_POST('ownerUid'));
64 $this->conf['username'] = \TYPO3\CMS\Core\Utility\GeneralUtility::_POST('username');
65 $this->conf['groupUid'] = intval(\TYPO3\CMS\Core\Utility\GeneralUtility::_POST('groupUid'));
66 $this->conf['groupname'] = \TYPO3\CMS\Core\Utility\GeneralUtility::_POST('groupname');
67 $this->conf['editLockState'] = intval(\TYPO3\CMS\Core\Utility\GeneralUtility::_POST('editLockState'));
68 // User: Replace some parts of the posted values
69 $this->conf['new_owner_uid'] = intval(\TYPO3\CMS\Core\Utility\GeneralUtility::_POST('newOwnerUid'));
70 $temp_owner_data = BackendUtility::getUserNames('username, uid', ' AND uid = ' . $this->conf['new_owner_uid']);
71 $this->conf['new_owner_username'] = htmlspecialchars($temp_owner_data[$this->conf['new_owner_uid']]['username']);
72 // Group: Replace some parts of the posted values
73 $this->conf['new_group_uid'] = intval(\TYPO3\CMS\Core\Utility\GeneralUtility::_POST('newGroupUid'));
74 $temp_group_data = BackendUtility::getGroupNames('title,uid', ' AND uid = ' . $this->conf['new_group_uid']);
75 $this->conf['new_group_username'] = htmlspecialchars($temp_group_data[$this->conf['new_group_uid']]['title']);
76 }
77
78 /********************************************
79 *
80 * Main dispatcher method
81 *
82 ********************************************/
83 /**
84 * The main dispatcher function. Collect data and prepare HTML output.
85 *
86 * @param array $params array of parameters from the AJAX interface, currently unused
87 * @param \TYPO3\CMS\Core\Http\AjaxRequestHandler $ajaxObj object of type AjaxRequestHandler
88 * @return void
89 */
90 public function dispatch($params = array(), \TYPO3\CMS\Core\Http\AjaxRequestHandler &$ajaxObj = NULL) {
91 $content = '';
92 // Basic test for required value
93 if ($this->conf['page'] > 0) {
94 // Init TCE for execution of update
95 /** @var $tce \TYPO3\CMS\Core\DataHandling\DataHandler */
96 $tce = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\DataHandling\\DataHandler');
97 $tce->stripslashes_values = 1;
98 // Determine the scripts to execute
99 switch ($this->conf['action']) {
100 case 'show_change_owner_selector':
101 $content = $this->renderUserSelector($this->conf['page'], $this->conf['ownerUid'], $this->conf['username']);
102 break;
103 case 'change_owner':
104 if (is_int($this->conf['new_owner_uid'])) {
105 // Prepare data to change
106 $data = array();
107 $data['pages'][$this->conf['page']]['perms_userid'] = $this->conf['new_owner_uid'];
108 // Execute TCE Update
109 $tce->start($data, array());
110 $tce->process_datamap();
111 $content = self::renderOwnername($this->conf['page'], $this->conf['new_owner_uid'], $this->conf['new_owner_username']);
112 } else {
113 $ajaxObj->setError('An error occured: No page owner uid specified.');
114 }
115 break;
116 case 'show_change_group_selector':
117 $content = $this->renderGroupSelector($this->conf['page'], $this->conf['groupUid'], $this->conf['groupname']);
118 break;
119 case 'change_group':
120 if (is_int($this->conf['new_group_uid'])) {
121 // Prepare data to change
122 $data = array();
123 $data['pages'][$this->conf['page']]['perms_groupid'] = $this->conf['new_group_uid'];
124 // Execute TCE Update
125 $tce->start($data, array());
126 $tce->process_datamap();
127 $content = self::renderGroupname($this->conf['page'], $this->conf['new_group_uid'], $this->conf['new_group_username']);
128 } else {
129 $ajaxObj->setError('An error occured: No page group uid specified.');
130 }
131 break;
132 case 'toggle_edit_lock':
133 // Prepare data to change
134 $data = array();
135 $data['pages'][$this->conf['page']]['editlock'] = $this->conf['editLockState'] === 1 ? 0 : 1;
136 // Execute TCE Update
137 $tce->start($data, array());
138 $tce->process_datamap();
139 $content = $this->renderToggleEditLock($this->conf['page'], $data['pages'][$this->conf['page']]['editlock']);
140 break;
141 default:
142 if ($this->conf['mode'] == 'delete') {
143 $this->conf['permissions'] = intval($this->conf['permissions'] - $this->conf['bits']);
144 } else {
145 $this->conf['permissions'] = intval($this->conf['permissions'] + $this->conf['bits']);
146 }
147 // Prepare data to change
148 $data = array();
149 $data['pages'][$this->conf['page']]['perms_' . $this->conf['who']] = $this->conf['permissions'];
150 // Execute TCE Update
151 $tce->start($data, array());
152 $tce->process_datamap();
153 $content = self::renderPermissions($this->conf['permissions'], $this->conf['page'], $this->conf['who']);
154 }
155 } else {
156 $ajaxObj->setError('This script cannot be called directly.');
157 }
158 $ajaxObj->addContent($this->conf['page'] . '_' . $this->conf['who'], $content);
159 }
160
161 /********************************************
162 *
163 * Helpers for this script
164 *
165 ********************************************/
166 /**
167 * Generate the user selector element
168 *
169 * @param integer $page The page id to change the user for
170 * @param integer $ownerUid The page owner uid
171 * @param string $username The username to display
172 * @return string The html select element
173 */
174 protected function renderUserSelector($page, $ownerUid, $username = '') {
175 // Get usernames
176 $beUsers = BackendUtility::getUserNames();
177 // Init groupArray
178 $groups = array();
179 if (!$GLOBALS['BE_USER']->isAdmin()) {
180 $beUsers = BackendUtility::blindUserNames($beUsers, $groups, 1);
181 }
182 // Owner selector:
183 $options = '';
184 // Loop through the users
185 foreach ($beUsers as $uid => $row) {
186 $selected = $uid == $ownerUid ? ' selected="selected"' : '';
187 $options .= '<option value="' . $uid . '"' . $selected . '>' . htmlspecialchars($row['username']) . '</option>';
188 }
189 $elementId = 'o_' . $page;
190 $options = '<option value="0"></option>' . $options;
191 $selector = '<select name="new_page_owner" id="new_page_owner">' . $options . '</select>';
192 $saveButton = '<a onclick="WebPermissions.changeOwner(' . $page . ', ' . $ownerUid . ', \'' . $elementId . '\');" title="Change owner">' . \TYPO3\CMS\Backend\Utility\IconUtility::getSpriteIcon('actions-document-save') . '</a>';
193 $cancelButton = '<a onclick="WebPermissions.restoreOwner(' . $page . ', ' . $ownerUid . ', \'' . ($username == '' ? '<span class=not_set>[not set]</span>' : htmlspecialchars($username)) . '\', \'' . $elementId . '\');" title="Cancel">' . \TYPO3\CMS\Backend\Utility\IconUtility::getSpriteIcon('actions-document-close') . '</a>';
194 $ret = $selector . $saveButton . $cancelButton;
195 return $ret;
196 }
197
198 /**
199 * Generate the group selector element
200 *
201 * @param integer $page The page id to change the user for
202 * @param integer $groupUid The page group uid
203 * @param string $username The username to display
204 * @return string The html select element
205 */
206 protected function renderGroupSelector($page, $groupUid, $groupname = '') {
207 // Get usernames
208 $beGroups = BackendUtility::getListGroupNames('title,uid');
209 $beGroupKeys = array_keys($beGroups);
210 $beGroupsO = ($beGroups = BackendUtility::getGroupNames());
211 if (!$GLOBALS['BE_USER']->isAdmin()) {
212 $beGroups = BackendUtility::blindGroupNames($beGroupsO, $beGroupKeys, 1);
213 }
214 // Group selector:
215 $options = '';
216 // flag: is set if the page-groupid equals one from the group-list
217 $userset = 0;
218 // Loop through the groups
219 foreach ($beGroups as $uid => $row) {
220 if ($uid == $groupUid) {
221 $userset = 1;
222 $selected = ' selected="selected"';
223 } else {
224 $selected = '';
225 }
226 $options .= '<option value="' . $uid . '"' . $selected . '>' . htmlspecialchars($row['title']) . '</option>';
227 }
228 // If the group was not set AND there is a group for the page
229 if (!$userset && $groupUid) {
230 $options = '<option value="' . $groupUid . '" selected="selected">' . htmlspecialchars($beGroupsO[$groupUid]['title']) . '</option>' . $options;
231 }
232 $elementId = 'g_' . $page;
233 $options = '<option value="0"></option>' . $options;
234 $selector = '<select name="new_page_group" id="new_page_group">' . $options . '</select>';
235 $saveButton = '<a onclick="WebPermissions.changeGroup(' . $page . ', ' . $groupUid . ', \'' . $elementId . '\');" title="Change group">' . \TYPO3\CMS\Backend\Utility\IconUtility::getSpriteIcon('actions-document-save') . '</a>';
236 $cancelButton = '<a onclick="WebPermissions.restoreGroup(' . $page . ', ' . $groupUid . ', \'' . ($groupname == '' ? '<span class=not_set>[not set]</span>' : htmlspecialchars($groupname)) . '\', \'' . $elementId . '\');" title="Cancel">' . \TYPO3\CMS\Backend\Utility\IconUtility::getSpriteIcon('actions-document-close') . '</a>';
237 $ret = $selector . $saveButton . $cancelButton;
238 return $ret;
239 }
240
241 /**
242 * Print the string with the new owner of a page record
243 *
244 * @param integer $page The TYPO3 page id
245 * @param integer $ownerUid The new page user uid
246 * @param string $username The TYPO3 BE username (used to display in the element)
247 * @param boolean $validUser Must be set to FALSE, if the user has no name or is deleted
248 * @return string The new group wrapped in HTML
249 */
250 static public function renderOwnername($page, $ownerUid, $username, $validUser = TRUE) {
251 $elementId = 'o_' . $page;
252 $ret = '<span id="' . $elementId . '"><a class="ug_selector" onclick="WebPermissions.showChangeOwnerSelector(' . $page . ', ' . $ownerUid . ', \'' . $elementId . '\', \'' . htmlspecialchars($username) . '\');">' . ($validUser ? ($username == '' ? '<span class=not_set>[' . $GLOBALS['LANG']->getLL('notSet') . ']</span>' : htmlspecialchars(\TYPO3\CMS\Core\Utility\GeneralUtility::fixed_lgd_cs($username, 20))) : '<span class=not_set title="' . htmlspecialchars(\TYPO3\CMS\Core\Utility\GeneralUtility::fixed_lgd_cs($username, 20)) . '">[' . $GLOBALS['LANG']->getLL('deleted') . ']</span>') . '</a></span>';
253 return $ret;
254 }
255
256 /**
257 * Print the string with the new group of a page record
258 *
259 * @param integer $page The TYPO3 page id
260 * @param integer $groupUid The new page group uid
261 * @param string $groupname The TYPO3 BE groupname (used to display in the element)
262 * @param boolean $validGroup Must be set to FALSE, if the group has no name or is deleted
263 * @return string The new group wrapped in HTML
264 */
265 static public function renderGroupname($page, $groupUid, $groupname, $validGroup = TRUE) {
266 $elementId = 'g_' . $page;
267 $ret = '<span id="' . $elementId . '"><a class="ug_selector" onclick="WebPermissions.showChangeGroupSelector(' . $page . ', ' . $groupUid . ', \'' . $elementId . '\', \'' . htmlspecialchars($groupname) . '\');">' . ($validGroup ? ($groupname == '' ? '<span class=not_set>[' . $GLOBALS['LANG']->getLL('notSet') . ']</span>' : htmlspecialchars(\TYPO3\CMS\Core\Utility\GeneralUtility::fixed_lgd_cs($groupname, 20))) : '<span class=not_set title="' . htmlspecialchars(\TYPO3\CMS\Core\Utility\GeneralUtility::fixed_lgd_cs($groupname, 20)) . '">[' . $GLOBALS['LANG']->getLL('deleted') . ']</span>') . '</a></span>';
268 return $ret;
269 }
270
271 /**
272 * Print the string with the new edit lock state of a page record
273 *
274 * @param integer $page The TYPO3 page id
275 * @param string $editlockstate The state of the TYPO3 page (locked, unlocked)
276 * @return string The new edit lock string wrapped in HTML
277 */
278 protected function renderToggleEditLock($page, $editLockState) {
279 if ($editLockState === 1) {
280 $ret = '<a class="editlock" onclick="WebPermissions.toggleEditLock(' . $page . ', 1);" title="The page and all content is locked for editing by all non-Admin users.">' . \TYPO3\CMS\Backend\Utility\IconUtility::getSpriteIcon('status-warning-lock') . '</a>';
281 } else {
282 $ret = '<a class="editlock" onclick="WebPermissions.toggleEditLock(' . $page . ', 0);" title="Enable the &raquo;Admin-only&laquo; edit lock for this page">[+]</a>';
283 }
284 return $ret;
285 }
286
287 /**
288 * Print a set of permissions. Also used in index.php
289 *
290 * @param integer $int Permission integer (bits)
291 * @param integer $page The TYPO3 page id
292 * @param string $who The scope (user, group or everybody)
293 * @return string HTML marked up x/* indications.
294 */
295 static public function renderPermissions($int, $pageId = 0, $who = 'user') {
296 $str = '';
297 $permissions = array(1, 16, 2, 4, 8);
298 foreach ($permissions as $permission) {
299 if ($int & $permission) {
300 $str .= \TYPO3\CMS\Backend\Utility\IconUtility::getSpriteIcon('status-status-permission-granted', array(
301 'tag' => 'a',
302 'title' => $GLOBALS['LANG']->getLL($permission, TRUE),
303 'onclick' => 'WebPermissions.setPermissions(' . $pageId . ', ' . $permission . ', \'delete\', \'' . $who . '\', ' . $int . ');',
304 'style' => 'cursor:pointer'
305 ));
306 } else {
307 $str .= \TYPO3\CMS\Backend\Utility\IconUtility::getSpriteIcon('status-status-permission-denied', array(
308 'tag' => 'a',
309 'title' => $GLOBALS['LANG']->getLL($permission, TRUE),
310 'onclick' => 'WebPermissions.setPermissions(' . $pageId . ', ' . $permission . ', \'add\', \'' . $who . '\', ' . $int . ');',
311 'style' => 'cursor:pointer'
312 ));
313 }
314 }
315 return '<span id="' . $pageId . '_' . $who . '">' . $str . '</span>';
316 }
317
318 }
319
320
321 ?>