23c2f355a5d31eebe6e6861bd44d6fbb6d1c9308
[Packages/TYPO3.CMS.git] / typo3 / sysext / beuser / Classes / Controller / PermissionAjaxController.php
1 <?php
2 namespace TYPO3\CMS\Beuser\Controller;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use Psr\Http\Message\ResponseInterface;
18 use Psr\Http\Message\ServerRequestInterface;
19 use TYPO3\CMS\Backend\Utility\BackendUtility;
20 use TYPO3\CMS\Core\DataHandling\DataHandler;
21 use TYPO3\CMS\Core\Imaging\Icon;
22 use TYPO3\CMS\Core\Imaging\IconFactory;
23 use TYPO3\CMS\Core\Utility\ExtensionManagementUtility;
24 use TYPO3\CMS\Core\Utility\GeneralUtility;
25 use TYPO3\CMS\Fluid\View\StandaloneView;
26
27 /**
28 * This class extends the permissions module in the TYPO3 Backend to provide
29 * convenient methods of editing of page permissions (including page ownership
30 * (user and group)) via new AjaxRequestHandler facility
31 */
32 class PermissionAjaxController
33 {
34 /**
35 * The local configuration array
36 *
37 * @var array
38 */
39 protected $conf = [];
40
41 /**
42 * @var IconFactory
43 */
44 protected $iconFactory;
45
46 /**
47 * The constructor of this class
48 */
49 public function __construct()
50 {
51 $this->iconFactory = GeneralUtility::makeInstance(IconFactory::class);
52 $this->getLanguageService()->includeLLFile('EXT:lang/Resources/Private/Language/locallang_mod_web_perm.xlf');
53 // Configuration, variable assignment
54 $this->conf['page'] = GeneralUtility::_POST('page');
55 $this->conf['who'] = GeneralUtility::_POST('who');
56 $this->conf['mode'] = GeneralUtility::_POST('mode');
57 $this->conf['bits'] = (int)GeneralUtility::_POST('bits');
58 $this->conf['permissions'] = (int)GeneralUtility::_POST('permissions');
59 $this->conf['action'] = GeneralUtility::_POST('action');
60 $this->conf['ownerUid'] = (int)GeneralUtility::_POST('ownerUid');
61 $this->conf['username'] = GeneralUtility::_POST('username');
62 $this->conf['groupUid'] = (int)GeneralUtility::_POST('groupUid');
63 $this->conf['groupname'] = GeneralUtility::_POST('groupname');
64 $this->conf['editLockState'] = (int)GeneralUtility::_POST('editLockState');
65 $this->conf['new_owner_uid'] = (int)GeneralUtility::_POST('newOwnerUid');
66 $this->conf['new_group_uid'] = (int)GeneralUtility::_POST('newGroupUid');
67 }
68
69 /**
70 * The main dispatcher function. Collect data and prepare HTML output.
71 *
72 * @param ServerRequestInterface $request
73 * @param ResponseInterface $response
74 * @return ResponseInterface
75 */
76 public function dispatch(ServerRequestInterface $request, ResponseInterface $response)
77 {
78 $extPath = ExtensionManagementUtility::extPath('beuser');
79
80 $view = GeneralUtility::makeInstance(StandaloneView::class);
81 $view->setPartialRootPaths(['default' => ExtensionManagementUtility::extPath('beuser') . 'Resources/Private/Partials']);
82 $view->assign('pageId', $this->conf['page']);
83
84 $response = $response->withHeader('Content-Type', 'text/html; charset=utf-8');
85
86 // Basic test for required value
87 if ($this->conf['page'] <= 0) {
88 $response->getBody()->write('This script cannot be called directly');
89 $response = $response->withStatus(500);
90 return $response;
91 }
92
93 $content = '';
94 // Init TCE for execution of update
95 /** @var $tce DataHandler */
96 $tce = GeneralUtility::makeInstance(DataHandler::class);
97 // Determine the scripts to execute
98 switch ($this->conf['action']) {
99 case 'show_change_owner_selector':
100 $content = $this->renderUserSelector($this->conf['page'], $this->conf['ownerUid'], $this->conf['username']);
101 break;
102 case 'change_owner':
103 $userId = $this->conf['new_owner_uid'];
104 if (is_int($userId)) {
105 // Prepare data to change
106 $data = [];
107 $data['pages'][$this->conf['page']]['perms_userid'] = $userId;
108 // Execute TCE Update
109 $tce->start($data, []);
110 $tce->process_datamap();
111
112 $view->setTemplatePathAndFilename($extPath . 'Resources/Private/Templates/PermissionAjax/ChangeOwner.html');
113 $view->assign('userId', $userId);
114 $usernameArray = BackendUtility::getUserNames('username', ' AND uid = ' . $userId);
115 $view->assign('username', $usernameArray[$userId]['username']);
116 $content = $view->render();
117 } else {
118 $response->getBody()->write('An error occurred: No page owner uid specified');
119 $response = $response->withStatus(500);
120 }
121 break;
122 case 'show_change_group_selector':
123 $content = $this->renderGroupSelector($this->conf['page'], $this->conf['groupUid'], $this->conf['groupname']);
124 break;
125 case 'change_group':
126 $groupId = $this->conf['new_group_uid'];
127 if (is_int($groupId)) {
128 // Prepare data to change
129 $data = [];
130 $data['pages'][$this->conf['page']]['perms_groupid'] = $groupId;
131 // Execute TCE Update
132 $tce->start($data, []);
133 $tce->process_datamap();
134
135 $view->setTemplatePathAndFilename($extPath . 'Resources/Private/Templates/PermissionAjax/ChangeGroup.html');
136 $view->assign('groupId', $groupId);
137 $groupnameArray = BackendUtility::getGroupNames('title', ' AND uid = ' . $groupId);
138 $view->assign('groupname', $groupnameArray[$groupId]['title']);
139 $content = $view->render();
140 } else {
141 $response->getBody()->write('An error occurred: No page group uid specified');
142 $response = $response->withStatus(500);
143 }
144 break;
145 case 'toggle_edit_lock':
146 // Prepare data to change
147 $data = [];
148 $data['pages'][$this->conf['page']]['editlock'] = $this->conf['editLockState'] === 1 ? 0 : 1;
149 // Execute TCE Update
150 $tce->start($data, []);
151 $tce->process_datamap();
152 $content = $this->renderToggleEditLock($this->conf['page'], $data['pages'][$this->conf['page']]['editlock']);
153 break;
154 default:
155 if ($this->conf['mode'] === 'delete') {
156 $this->conf['permissions'] = (int)($this->conf['permissions'] - $this->conf['bits']);
157 } else {
158 $this->conf['permissions'] = (int)($this->conf['permissions'] + $this->conf['bits']);
159 }
160 // Prepare data to change
161 $data = [];
162 $data['pages'][$this->conf['page']]['perms_' . $this->conf['who']] = $this->conf['permissions'];
163 // Execute TCE Update
164 $tce->start($data, []);
165 $tce->process_datamap();
166
167 $view->setTemplatePathAndFilename($extPath . 'Resources/Private/Templates/PermissionAjax/ChangePermission.html');
168 $view->assign('permission', $this->conf['permissions']);
169 $view->assign('scope', $this->conf['who']);
170 $content = $view->render();
171 }
172 $response->getBody()->write($content);
173 return $response;
174 }
175
176 /**
177 * Generate the user selector element
178 *
179 * @param int $page The page id to change the user for
180 * @param int $ownerUid The page owner uid
181 * @param string $username The username to display
182 * @return string The html select element
183 */
184 protected function renderUserSelector($page, $ownerUid, $username = '')
185 {
186 $page = (int)$page;
187 $ownerUid = (int)$ownerUid;
188 // Get usernames
189 $beUsers = BackendUtility::getUserNames();
190 // Owner selector:
191 $options = '';
192 // Loop through the users
193 foreach ($beUsers as $uid => $row) {
194 $uid = (int)$uid;
195 $selected = $uid === $ownerUid ? ' selected="selected"' : '';
196 $options .= '<option value="' . $uid . '"' . $selected . '>' . htmlspecialchars($row['username']) . '</option>';
197 }
198 $elementId = 'o_' . $page;
199 $options = '<option value="0"></option>' . $options;
200 $selector = '<select name="new_page_owner" id="new_page_owner">' . $options . '</select>';
201 $saveButton = '<a class="saveowner btn btn-default" data-page="' . $page . '" data-owner="' . $ownerUid
202 . '" data-element-id="' . $elementId . '" title="Change owner">'
203 . $this->iconFactory->getIcon('actions-document-save', Icon::SIZE_SMALL)->render()
204 . '</a>';
205 $cancelButton = '<a class="restoreowner btn btn-default" data-page="' . $page . '" data-owner="' . $ownerUid
206 . '" data-element-id="' . $elementId . '"'
207 . (!empty($username) ? ' data-username="' . htmlspecialchars($username) . '"' : '')
208 . ' title="Cancel">'
209 . $this->iconFactory->getIcon('actions-close', Icon::SIZE_SMALL)->render()
210 . '</a>';
211 return '<span id="' . $elementId . '">'
212 . $selector
213 . '<span class="btn-group">'
214 . $saveButton
215 . $cancelButton
216 . '</span>'
217 . '</span>';
218 }
219
220 /**
221 * Generate the group selector element
222 *
223 * @param int $page The page id to change the user for
224 * @param int $groupUid The page group uid
225 * @param string $groupname The groupname to display
226 * @return string The html select element
227 */
228 protected function renderGroupSelector($page, $groupUid, $groupname = '')
229 {
230 $page = (int)$page;
231 $groupUid = (int)$groupUid;
232
233 // Get group names
234 $beGroupsO = $beGroups = BackendUtility::getGroupNames();
235 // Group selector:
236 $options = '';
237 // flag: is set if the page-groupid equals one from the group-list
238 $userset = 0;
239 // Loop through the groups
240 foreach ($beGroups as $uid => $row) {
241 $uid = (int)$uid;
242 if ($uid === $groupUid) {
243 $userset = 1;
244 $selected = ' selected="selected"';
245 } else {
246 $selected = '';
247 }
248 $options .= '<option value="' . $uid . '"' . $selected . '>' . htmlspecialchars($row['title']) . '</option>';
249 }
250 // If the group was not set AND there is a group for the page
251 if (!$userset && $groupUid) {
252 $options = '<option value="' . $groupUid . '" selected="selected">' .
253 htmlspecialchars($beGroupsO[$groupUid]['title']) . '</option>' . $options;
254 }
255 $elementId = 'g_' . $page;
256 $options = '<option value="0"></option>' . $options;
257 $selector = '<select name="new_page_group" id="new_page_group">' . $options . '</select>';
258 $saveButton = '<a class="savegroup btn btn-default" data-page="' . $page . '" data-group-id="' . $groupUid
259 . '" data-element-id="' . $elementId . '" title="Change group">'
260 . $this->iconFactory->getIcon('actions-document-save', Icon::SIZE_SMALL)->render()
261 . '</a>';
262 $cancelButton = '<a class="restoregroup btn btn-default" data-page="' . $page . '" data-group-id="' . $groupUid
263 . '" data-element-id="' . $elementId . '"'
264 . (!empty($groupname) ? ' data-groupname="' . htmlspecialchars($groupname) . '"' : '')
265 . ' title="Cancel">'
266 . $this->iconFactory->getIcon('actions-close', Icon::SIZE_SMALL)->render()
267 . '</a>';
268 return '<span id="' . $elementId . '">'
269 . $selector
270 . '<span class="btn-group">'
271 . $saveButton
272 . $cancelButton
273 . '</span>'
274 . '</span>';
275 }
276
277 /**
278 * Print the string with the new edit lock state of a page record
279 *
280 * @param int $page The TYPO3 page id
281 * @param string $editLockState The state of the TYPO3 page (locked, unlocked)
282 * @return string The new edit lock string wrapped in HTML
283 */
284 protected function renderToggleEditLock($page, $editLockState)
285 {
286 $page = (int)$page;
287 if ($editLockState === 1) {
288 $ret = '<span id="el_' . $page . '"><a class="editlock btn btn-default" data-page="' . $page
289 . '" data-lockstate="1" title="The page and all content is locked for editing by all non-Admin users.">'
290 . $this->iconFactory->getIcon('actions-lock', Icon::SIZE_SMALL)->render() . '</a></span>';
291 } else {
292 $ret = '<span id="el_' . $page . '"><a class="editlock btn btn-default" data-page="' . $page .
293 '" data-lockstate="0" title="Enable the &raquo;Admin-only&laquo; edit lock for this page">'
294 . $this->iconFactory->getIcon('actions-unlock', Icon::SIZE_SMALL)->render() . '</a></span>';
295 }
296 return $ret;
297 }
298
299 /**
300 * @return \TYPO3\CMS\Core\Localization\LanguageService
301 */
302 protected function getLanguageService()
303 {
304 return $GLOBALS['LANG'];
305 }
306
307 /**
308 * @return \TYPO3\CMS\Core\Authentication\BackendUserAuthentication
309 */
310 protected function getBackendUser()
311 {
312 return $GLOBALS['BE_USER'];
313 }
314 }