[TASK] Cleanup
[Packages/TYPO3.CMS.git] / typo3 / sysext / core / Classes / Resource / Security / StoragePermissionsAspect.php
1 <?php
2 namespace TYPO3\CMS\Core\Resource\Security;
3
4 /***************************************************************
5 * Copyright notice
6 *
7 * (c) 2013 Helmut Hummel <helmut.hummel@typo3.org>
8 * All rights reserved
9 *
10 * This script is part of the TYPO3 project. The TYPO3 project is
11 * free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * The GNU General Public License can be found at
17 * http://www.gnu.org/copyleft/gpl.html.
18 * A copy is found in the textfile GPL.txt and important notices to the license
19 * from the author is found in LICENSE.txt distributed with these scripts.
20 *
21 *
22 * This script is distributed in the hope that it will be useful,
23 * but WITHOUT ANY WARRANTY; without even the implied warranty of
24 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
25 * GNU General Public License for more details.
26 *
27 * This copyright notice MUST APPEAR in all copies of the script!
28 ***************************************************************/
29
30 use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
31 use TYPO3\CMS\Core\Resource\Exception\FolderDoesNotExistException;
32 use TYPO3\CMS\Core\Resource\ResourceFactory;
33 use TYPO3\CMS\Core\Resource\ResourceStorage;
34
35 /**
36 * Class StoragePermissionsAspect
37 *
38 * We do not have AOP in TYPO3 for now, thus the acspect which
39 * deals with resource security is a slot which reacts on a signal
40 * on storage object creation.
41 *
42 * The aspect injects user permissions and mount points into the storage
43 * based on user or group configuration.
44 */
45 class StoragePermissionsAspect {
46
47 /**
48 * @var BackendUserAuthentication
49 */
50 protected $backendUserAuthentication;
51
52 /**
53 * @var array
54 */
55 protected $defaultStorageZeroPermissions = array(
56 'readFolder' => TRUE,
57 'readFile' => TRUE
58 );
59
60
61 /**
62 * @param BackendUserAuthentication|null $backendUserAuthentication
63 */
64 public function __construct($backendUserAuthentication = NULL) {
65 $this->backendUserAuthentication = $backendUserAuthentication ?: $GLOBALS['BE_USER'];
66 }
67
68 /**
69 * The slot for the signal in ResourceFactory where storage objects are created
70 *
71 * @param ResourceFactory $resourceFactory
72 * @param ResourceStorage $storage
73 * @return void
74 */
75 public function addUserPermissionsToStorage(ResourceFactory $resourceFactory, ResourceStorage $storage) {
76 if (!$this->backendUserAuthentication->isAdmin()) {
77 $storage->setEvaluatePermissions(TRUE);
78 if ($storage->getUid() > 0) {
79 $storage->setUserPermissions($this->backendUserAuthentication->getFilePermissionsForStorage($storage));
80 } else {
81 $storage->setEvaluatePermissions(FALSE);
82 }
83 $this->addFileMountsToStorage($storage);
84 }
85 }
86
87 /**
88 * Adds file mounts from the user's file mount records
89 *
90 * @param ResourceStorage $storage
91 * @return void
92 */
93 protected function addFileMountsToStorage(ResourceStorage $storage) {
94 foreach ($this->backendUserAuthentication->getFileMountRecords() as $fileMountRow) {
95 if ((int)$fileMountRow['base'] === (int)$storage->getUid()) {
96 try {
97 $storage->addFileMount($fileMountRow['path'], $fileMountRow);
98 } catch (FolderDoesNotExistException $e) {
99 // That file mount does not seem to be valid, fail silently
100 }
101 }
102 }
103 }
104 }
105 ?>