[BUGFIX] tools_dbint needs to be called via mod.php
[Packages/TYPO3.CMS.git] / typo3 / sysext / sys_action / Classes / ActionTask.php
1 <?php
2 namespace TYPO3\CMS\SysAction;
3
4 /***************************************************************
5 * Copyright notice
6 *
7 * (c) 1999-2011 Kasper Skårhøj (kasperYYYY@typo3.com)
8 * (c) 2010-2011 Georg Ringer <typo3@ringerge.org>
9 * All rights reserved
10 *
11 * This script is part of the TYPO3 project. The TYPO3 project is
12 * free software; you can redistribute it and/or modify
13 * it under the terms of the GNU General Public License as published by
14 * the Free Software Foundation; either version 2 of the License, or
15 * (at your option) any later version.
16 *
17 * The GNU General Public License can be found at
18 * http://www.gnu.org/copyleft/gpl.html.
19 *
20 * This script is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 *
25 * This copyright notice MUST APPEAR in all copies of the script!
26 ***************************************************************/
27
28 /**
29 * This class provides a task for the taskcenter
30 *
31 * @author Kasper Skårhøj <kasperYYYY@typo3.com>
32 * @author Georg Ringer <typo3@ringerge.org>
33 */
34 class ActionTask implements \TYPO3\CMS\Taskcenter\TaskInterface {
35
36 /**
37 * @var \TYPO3\CMS\Taskcenter\Controller\TaskModuleController
38 */
39 protected $taskObject;
40
41 /**
42 * @var \TYPO3\CMS\Backend\Form\FormEngine
43 * @todo Define visibility
44 */
45 public $t3lib_TCEforms;
46
47 /**
48 * All hook objects get registered here for later use
49 *
50 * @var array
51 */
52 protected $hookObjects = array();
53
54 /**
55 * Constructor
56 */
57 public function __construct(\TYPO3\CMS\Taskcenter\Controller\TaskModuleController $taskObject) {
58 $this->taskObject = $taskObject;
59 $GLOBALS['LANG']->includeLLFile('EXT:sys_action/locallang.xml');
60 if (is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['sys_action']['tx_sysaction_task'])) {
61 foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['sys_action']['tx_sysaction_task'] as $classRef) {
62 $this->hookObjects[] = \TYPO3\CMS\Core\Utility\GeneralUtility::getUserObj($classRef);
63 }
64 }
65 }
66
67 /**
68 * This method renders the task
69 *
70 * @return string The task as HTML
71 */
72 public function getTask() {
73 $content = '';
74 $show = intval(\TYPO3\CMS\Core\Utility\GeneralUtility::_GP('show'));
75 foreach ($this->hookObjects as $hookObject) {
76 if (method_exists($hookObject, 'getTask')) {
77 $show = $hookObject->getTask($show, $this);
78 }
79 }
80 // If no task selected, render the menu
81 if ($show == 0) {
82 $content .= $this->taskObject->description($GLOBALS['LANG']->getLL('sys_action'), $GLOBALS['LANG']->getLL('description'));
83 $content .= $this->renderActionList();
84 } else {
85 $record = \TYPO3\CMS\Backend\Utility\BackendUtility::getRecord('sys_action', $show);
86 // If the action is not found
87 if (count($record) == 0) {
88 $flashMessage = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Messaging\\FlashMessage', $GLOBALS['LANG']->getLL('action_error-not-found', TRUE), $GLOBALS['LANG']->getLL('action_error'), \TYPO3\CMS\Core\Messaging\FlashMessage::ERROR);
89 $content .= $flashMessage->render();
90 } else {
91 // Render the task
92 $content .= $this->taskObject->description($record['title'], $record['description']);
93 // Output depends on the type
94 switch ($record['type']) {
95 case 1:
96 $content .= $this->viewNewBackendUser($record);
97 break;
98 case 2:
99 $content .= $this->viewSqlQuery($record);
100 break;
101 case 3:
102 $content .= $this->viewRecordList($record);
103 break;
104 case 4:
105 $content .= $this->viewEditRecord($record);
106 break;
107 case 5:
108 $content .= $this->viewNewRecord($record);
109 break;
110 default:
111 $flashMessage = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance(
112 'TYPO3\\CMS\\Core\\Messaging\\FlashMessage',
113 $GLOBALS['LANG']->getLL('action_noType', TRUE),
114 $GLOBALS['LANG']->getLL('action_error'),
115 \TYPO3\CMS\Core\Messaging\FlashMessage::ERROR
116 );
117 $content .= '<br />' . $flashMessage->render();
118 }
119 }
120 }
121 return $content;
122 }
123
124 /**
125 * Gemeral overview over the task in the taskcenter menu
126 *
127 * @return string Overview as HTML
128 */
129 public function getOverview() {
130 $content = '<p>' . $GLOBALS['LANG']->getLL('description') . '</p>';
131 // Get the actions
132 $actionList = $this->getActions();
133 if (count($actionList) > 0) {
134 $items = '';
135 // Render a single action menu item
136 foreach ($actionList as $action) {
137 $active = \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('show') === $action['uid'] ? ' class="active" ' : '';
138 $items .= '<li' . $active . '>
139 <a href="' . $action['link'] . '" title="' . htmlspecialchars($action['description']) . '">' . htmlspecialchars($action['title']) . '</a>
140 </li>';
141 }
142 $content .= '<ul>' . $items . '</ul>';
143 }
144 return $content;
145 }
146
147 /**
148 * Get all actions of an user. Admins can see any action, all others only those
149 * whic are allowed in sys_action record itself.
150 *
151 * @return array Array holding every needed information of a sys_action
152 */
153 protected function getActions() {
154 $actionList = array();
155 // admins can see any record
156 if ($GLOBALS['BE_USER']->isAdmin()) {
157 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('*', 'sys_action', '', '', 'sys_action.sorting');
158 } else {
159 // Editors can only see the actions which are assigned to a usergroup they belong to
160 $additionalWhere = 'be_groups.uid IN (' . ($GLOBALS['BE_USER']->groupList ? $GLOBALS['BE_USER']->groupList : 0) . ')';
161 $res = $GLOBALS['TYPO3_DB']->exec_SELECT_mm_query('sys_action.*', 'sys_action', 'sys_action_asgr_mm', 'be_groups', ' AND sys_action.hidden=0 AND ' . $additionalWhere, 'sys_action.uid', 'sys_action.sorting');
162 }
163 while ($actionRow = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
164 $editActionLink = '';
165 // Admins are allowed to edit sys_action records
166 if ($GLOBALS['BE_USER']->isAdmin()) {
167 $returnUrl = rawurlencode(\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('REQUEST_URI'));
168 $link = \TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('TYPO3_REQUEST_DIR') . $GLOBALS['BACK_PATH'] . 'alt_doc.php?returnUrl=' . $returnUrl . '&edit[sys_action][' . $actionRow['uid'] . ']=edit';
169 $editActionLink = '<a class="edit" href="' . $link . '">' . '<img class="icon"' . \TYPO3\CMS\Backend\Utility\IconUtility::skinImg($GLOBALS['BACK_PATH'], 'gfx/edit2.gif') . ' title="' . $GLOBALS['LANG']->getLL('edit-sys_action') . '" alt="" />' . $GLOBALS['LANG']->getLL('edit-sys_action') . '</a>';
170 }
171 $actionList[] = array(
172 'uid' => $actionRow['uid'],
173 'title' => $actionRow['title'],
174 'description' => $actionRow['description'],
175 'descriptionHtml' => nl2br(htmlspecialchars($actionRow['description'])) . $editActionLink,
176 'link' => 'mod.php?M=user_task&SET[function]=sys_action.tx_sysaction_task&show=' . $actionRow['uid'],
177 'icon' => 'EXT:sys_action/sys_action.gif'
178 );
179 }
180 $GLOBALS['TYPO3_DB']->sql_free_result($res);
181 return $actionList;
182 }
183
184 /**
185 * Render the menu of sys_actions
186 *
187 * @return string List of sys_actions as HTML
188 */
189 protected function renderActionList() {
190 $content = '';
191 // Get the sys_action records
192 $actionList = $this->getActions();
193 // If any actions are found for the current users
194 if (count($actionList) > 0) {
195 $content .= $this->taskObject->renderListMenu($actionList);
196 } else {
197 $flashMessage = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Messaging\\FlashMessage', $GLOBALS['LANG']->getLL('action_not-found-description', TRUE), $GLOBALS['LANG']->getLL('action_not-found'), \TYPO3\CMS\Core\Messaging\FlashMessage::INFO);
198 $content .= $flashMessage->render();
199 }
200 // Admin users can create a new action
201 if ($GLOBALS['BE_USER']->isAdmin()) {
202 $returnUrl = rawurlencode('mod.php?M=user_task');
203 $link = \TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('TYPO3_REQUEST_DIR') . $GLOBALS['BACK_PATH'] . 'alt_doc.php?returnUrl=' . $returnUrl . '&edit[sys_action][0]=new';
204 $content .= '<br />
205 <a href="' . $link . '" title="' . $GLOBALS['LANG']->getLL('new-sys_action') . '">' . '<img class="icon"' . \TYPO3\CMS\Backend\Utility\IconUtility::skinImg($GLOBALS['BACK_PATH'], 'gfx/new_record.gif') . ' title="' . $GLOBALS['LANG']->getLL('new-sys_action') . '" alt="" /> ' . $GLOBALS['LANG']->getLL('new-sys_action') . '</a>';
206 }
207 return $content;
208 }
209
210 /**
211 * Action to create a new BE user
212 *
213 * @param array $record sys_action record
214 * @return string form to create a new user
215 */
216 protected function viewNewBackendUser($record) {
217 $content = '';
218 $beRec = \TYPO3\CMS\Backend\Utility\BackendUtility::getRecord('be_users', intval($record['t1_copy_of_user']));
219 // A record is neeed which is used as copy for the new user
220 if (!is_array($beRec)) {
221 $flashMessage = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Messaging\\FlashMessage', $GLOBALS['LANG']->getLL('action_notReady', TRUE), $GLOBALS['LANG']->getLL('action_error'), \TYPO3\CMS\Core\Messaging\FlashMessage::ERROR);
222 $content .= $flashMessage->render();
223 return $content;
224 }
225 $vars = \TYPO3\CMS\Core\Utility\GeneralUtility::_POST('data');
226 $key = 'NEW';
227 if ($vars['sent'] == 1) {
228 $errors = array();
229 // Basic error checks
230 if (!empty($vars['email']) && !\TYPO3\CMS\Core\Utility\GeneralUtility::validEmail($vars['email'])) {
231 $errors[] = $GLOBALS['LANG']->getLL('error-wrong-email');
232 }
233 if (empty($vars['username'])) {
234 $errors[] = $GLOBALS['LANG']->getLL('error-username-empty');
235 }
236 if (empty($vars['password'])) {
237 $errors[] = $GLOBALS['LANG']->getLL('error-password-empty');
238 }
239 if ($vars['key'] !== 'NEW' && !$this->isCreatedByUser($vars['key'], $record)) {
240 $errors[] = $GLOBALS['LANG']->getLL('error-wrong-user');
241 }
242 foreach ($this->hookObjects as $hookObject) {
243 if (method_exists($hookObject, 'viewNewBackendUser_Error')) {
244 $errors = $hookObject->viewNewBackendUser_Error($vars, $errors, $this);
245 }
246 }
247 // Show errors if there are any
248 if (count($errors) > 0) {
249 $flashMessage = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Messaging\\FlashMessage', implode('<br />', $errors), $GLOBALS['LANG']->getLL('action_error'), \TYPO3\CMS\Core\Messaging\FlashMessage::ERROR);
250 $content .= $flashMessage->render() . '<br />';
251 } else {
252 // Save user
253 $key = $this->saveNewBackendUser($record, $vars);
254 // Success messsage
255 $flashMessage = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Messaging\\FlashMessage', $vars['key'] === 'NEW' ? $GLOBALS['LANG']->getLL('success-user-created') : $GLOBALS['LANG']->getLL('success-user-updated'), $GLOBALS['LANG']->getLL('success'), \TYPO3\CMS\Core\Messaging\FlashMessage::OK);
256 $content .= $flashMessage->render() . '<br />';
257 }
258 }
259 // Load BE user to edit
260 if (intval(\TYPO3\CMS\Core\Utility\GeneralUtility::_GP('be_users_uid')) > 0) {
261 $tmpUserId = intval(\TYPO3\CMS\Core\Utility\GeneralUtility::_GP('be_users_uid'));
262 // Check if the selected user is created by the current user
263 $rawRecord = $this->isCreatedByUser($tmpUserId, $record);
264 if ($rawRecord) {
265 // Delete user
266 if (\TYPO3\CMS\Core\Utility\GeneralUtility::_GP('delete') == 1) {
267 $this->deleteUser($tmpUserId, $record['uid']);
268 }
269 $key = $tmpUserId;
270 $vars = $rawRecord;
271 }
272 }
273 $this->JScode();
274 $loadDB = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Database\\RelationHandler');
275 $loadDB->start($vars['db_mountpoints'], 'pages');
276 $content .= '<form action="" method="post" enctype="multipart/form-data">
277 <fieldset class="fields">
278 <legend>General fields</legend>
279 <div class="row">
280 <label for="field_disable">' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_general.xml:LGL.disable') . '</label>
281 <input type="checkbox" id="field_disable" name="data[disable]" value="1" class="checkbox" ' . ($vars['disable'] == 1 ? ' checked="checked" ' : '') . ' />
282 </div>
283 <div class="row">
284 <label for="field_realname">' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_general.xml:LGL.name') . '</label>
285 <input type="text" id="field_realname" name="data[realName]" value="' . htmlspecialchars($vars['realName']) . '" />
286 </div>
287 <div class="row">
288 <label for="field_username">' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_tca.xml:be_users.username') . '</label>
289 <input type="text" id="field_username" name="data[username]" value="' . htmlspecialchars($vars['username']) . '" />
290 </div>
291 <div class="row">
292 <label for="field_password">' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_tca.xml:be_users.password') . '</label>
293 <input type="password" id="field_password" name="data[password]" value="" />
294 </div>
295 <div class="row">
296 <label for="field_email">' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_general.xml:LGL.email') . '</label>
297 <input type="text" id="field_email" name="data[email]" value="' . htmlspecialchars($vars['email']) . '" />
298 </div>
299 </fieldset>
300 <fieldset class="fields">
301 <legend>Configuration</legend>
302
303 <div class="row">
304 <label for="field_usergroup">' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_tca.xml:be_users.usergroup') . '</label>
305 <select id="field_usergroup" name="data[usergroup][]" multiple="multiple">
306 ' . $this->getUsergroups($record, $vars) . '
307 </select>
308 </div>
309 <div class="row">
310 <label for="field_db_mountpoints">' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_tca.xml:be_users.options_db_mounts') . '</label>
311 ' . $this->t3lib_TCEforms->dbFileIcons('data[db_mountpoints]', 'db', 'pages', $loadDB->itemArray, '', array('size' => 3)) . '
312 </div>
313 <div class="row">
314 <input type="hidden" name="data[key]" value="' . $key . '" />
315 <input type="hidden" name="data[sent]" value="1" />
316 <input type="submit" value="' . ($key === 'NEW' ? $GLOBALS['LANG']->getLL('action_Create') : $GLOBALS['LANG']->getLL('action_Update')) . '" />
317 </div>
318 </fieldset>
319 </form>';
320 $content .= $this->getCreatedUsers($record, $key);
321 return $content;
322 }
323
324 /**
325 * Delete a BE user and redirect to the action by its id
326 *
327 * @param integer $userId Id of the BE user
328 * @param integer $actionId Id of the action
329 * @return void
330 */
331 protected function deleteUser($userId, $actionId) {
332 $GLOBALS['TYPO3_DB']->exec_UPDATEquery('be_users', 'uid=' . $userId, array(
333 'deleted' => 1,
334 'tstamp' => $GLOBALS['ACCESS_TIME']
335 ));
336 // redirect to the original task
337 $redirectUrl = 'mod.php?M=user_task&show=' . $actionId;
338 \TYPO3\CMS\Core\Utility\HttpUtility::redirect($redirectUrl);
339 }
340
341 /**
342 * Check if a BE user is created by the current user
343 *
344 * @param integer $id Id of the BE user
345 * @param array $action sys_action record.
346 * @return mixed The record of the BE user if found, otherwise FALSE
347 */
348 protected function isCreatedByUser($id, $action) {
349 $record = \TYPO3\CMS\Backend\Utility\BackendUtility::getRecord('be_users', $id, '*', ' AND cruser_id=' . $GLOBALS['BE_USER']->user['uid'] . ' AND createdByAction=' . $action['uid']);
350 if (is_array($record)) {
351 return $record;
352 } else {
353 return FALSE;
354 }
355 }
356
357 /**
358 * Render all users who are created by the current BE user including a link to edit the record
359 *
360 * @param array $action sys_action record.
361 * @param integer $selectedUser Id of a selected user
362 * @return string html list of users
363 */
364 protected function getCreatedUsers($action, $selectedUser) {
365 $content = '';
366 $userList = array();
367 // List of users
368 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('*', 'be_users', 'cruser_id=' . $GLOBALS['BE_USER']->user['uid'] . ' AND createdByAction=' . intval($action['uid']) . \TYPO3\CMS\Backend\Utility\BackendUtility::deleteClause('be_users'), '', 'username');
369 // Render the user records
370 while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
371 $icon = \t3lib_iconworks::getSpriteIconForRecord('be_users', $row, array('title' => 'uid=' . $row['uid']));
372 $line = $icon . $this->action_linkUserName($row['username'], $row['realName'], $action['uid'], $row['uid']);
373 // Selected user
374 if ($row['uid'] == $selectedUser) {
375 $line = '<strong>' . $line . '</strong>';
376 }
377 $userList[] = $line;
378 }
379 $GLOBALS['TYPO3_DB']->sql_free_result($res);
380 // If any records found
381 if (count($userList)) {
382 $content .= '<br />' . $this->taskObject->doc->section($GLOBALS['LANG']->getLL('action_t1_listOfUsers'), implode('<br />', $userList));
383 }
384 return $content;
385 }
386
387 /**
388 * Create a link to edit a user
389 *
390 * @param string $username Username
391 * @param string $realName Real name of the user
392 * @param integer $sysActionUid Id of the sys_action record
393 * @param integer $userId Id of the user
394 * @return string html link
395 */
396 protected function action_linkUserName($username, $realName, $sysActionUid, $userId) {
397 if (!empty($realName)) {
398 $username .= ' (' . $realName . ')';
399 }
400 // Link to update the user record
401 $href = 'mod.php?M=user_task&SET[function]=sys_action.tx_sysaction_task&show=' . intval($sysActionUid) . '&be_users_uid=' . intval($userId);
402 $link = '<a href="' . htmlspecialchars($href) . '">' . htmlspecialchars($username) . '</a>';
403 // Link to delete the user record
404 $onClick = ' onClick="return confirm(' . $GLOBALS['LANG']->JScharCode($GLOBALS['LANG']->getLL('lDelete_warning')) . ');"';
405 $link .= '
406 <a href="' . htmlspecialchars(($href . '&delete=1')) . '" ' . $onClick . '>
407 <img' . \TYPO3\CMS\Backend\Utility\IconUtility::skinImg($GLOBALS['BACK_PATH'], 'gfx/delete_record.gif') . ' alt="" />
408 </a>';
409 return $link;
410 }
411
412 /**
413 * Save/Update a BE user
414 *
415 * @param array $record Current action record
416 * @param array $vars POST vars
417 * @return integer Id of the new/updated user
418 */
419 protected function saveNewBackendUser($record, $vars) {
420 // Check if the db mount is a page the current user is allowed to.);
421 $vars['db_mountpoints'] = $this->fixDbMount($vars['db_mountpoints']);
422 // Check if the usergroup is allowed
423 $vars['usergroup'] = $this->fixUserGroup($vars['usergroup'], $record);
424 // Check if md5 is used as password encryption
425 if (strpos($GLOBALS['TCA']['be_users']['columns']['password']['config']['eval'], 'md5') !== FALSE) {
426 $vars['password'] = md5($vars['password']);
427 }
428 $key = $vars['key'];
429 $data = '';
430 $newUserId = 0;
431 if ($key === 'NEW') {
432 $beRec = \TYPO3\CMS\Backend\Utility\BackendUtility::getRecord('be_users', intval($record['t1_copy_of_user']));
433 if (is_array($beRec)) {
434 $data = array();
435 $data['be_users'][$key] = $beRec;
436 $data['be_users'][$key]['username'] = $this->fixUsername($vars['username'], $record['t1_userprefix']);
437 $data['be_users'][$key]['password'] = trim($vars['password']);
438 $data['be_users'][$key]['realName'] = $vars['realName'];
439 $data['be_users'][$key]['email'] = $vars['email'];
440 $data['be_users'][$key]['disable'] = intval($vars['disable']);
441 $data['be_users'][$key]['admin'] = 0;
442 $data['be_users'][$key]['usergroup'] = $vars['usergroup'];
443 $data['be_users'][$key]['db_mountpoints'] = $vars['db_mountpoints'];
444 $data['be_users'][$key]['createdByAction'] = $record['uid'];
445 }
446 } else {
447 // Check ownership
448 $beRec = \TYPO3\CMS\Backend\Utility\BackendUtility::getRecord('be_users', intval($key));
449 if (is_array($beRec) && $beRec['cruser_id'] == $GLOBALS['BE_USER']->user['uid']) {
450 $data = array();
451 $data['be_users'][$key]['username'] = $this->fixUsername($vars['username'], $record['t1_userprefix']);
452 if (trim($vars['password'])) {
453 $data['be_users'][$key]['password'] = trim($vars['password']);
454 }
455 $data['be_users'][$key]['realName'] = $vars['realName'];
456 $data['be_users'][$key]['email'] = $vars['email'];
457 $data['be_users'][$key]['disable'] = intval($vars['disable']);
458 $data['be_users'][$key]['admin'] = 0;
459 $data['be_users'][$key]['usergroup'] = $vars['usergroup'];
460 $data['be_users'][$key]['db_mountpoints'] = $vars['db_mountpoints'];
461 $newUserId = $key;
462 }
463 }
464 // Save/update user by using TCEmain
465 if (is_array($data)) {
466 $tce = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\DataHandling\\DataHandler');
467 $tce->stripslashes_values = 0;
468 $tce->start($data, array(), $GLOBALS['BE_USER']);
469 $tce->admin = 1;
470 $tce->process_datamap();
471 $newUserId = intval($tce->substNEWwithIDs['NEW']);
472 if ($newUserId) {
473 // Create
474 $this->action_createDir($newUserId);
475 } else {
476 // Update
477 $newUserId = intval($key);
478 }
479 unset($tce);
480 }
481 return $newUserId;
482 }
483
484 /**
485 * Create the username based on the given username and the prefix
486 *
487 * @param string $username Username
488 * @param string $prefix Prefix
489 * @return string Combined username
490 */
491 protected function fixUsername($username, $prefix) {
492 return trim($prefix) . trim($username);
493 }
494
495 /**
496 * Clean the to be applied usergroups from not allowed ones
497 *
498 * @param array $appliedUsergroups Array of to be applied user groups
499 * @param array $actionRecord The action record
500 * @return array Cleaned array
501 */
502 protected function fixUserGroup($appliedUsergroups, $actionRecord) {
503 if (is_array($appliedUsergroups)) {
504 $cleanGroupList = array();
505 // Create an array from the allowed usergroups using the uid as key
506 $allowedUsergroups = array_flip(explode(',', $actionRecord['t1_allowed_groups']));
507 // Walk through the array and check every uid if it is undder the allowed ines
508 foreach ($appliedUsergroups as $group) {
509 if (isset($allowedUsergroups[$group])) {
510 $cleanGroupList[] = $group;
511 }
512 }
513 $appliedUsergroups = $cleanGroupList;
514 }
515 return $appliedUsergroups;
516 }
517
518 /**
519 * Clean the to be applied DB-Mounts from not allowed ones
520 *
521 * @param string $appliedDbMounts List of pages like pages_123,pages456
522 * @return string Cleaned list
523 */
524 protected function fixDbMount($appliedDbMounts) {
525 // Admins can see any page, no need to check there
526 if (!empty($appliedDbMounts) && !$GLOBALS['BE_USER']->isAdmin()) {
527 $cleanDbMountList = array();
528 $dbMounts = \TYPO3\CMS\Core\Utility\GeneralUtility::trimExplode(',', $appliedDbMounts, 1);
529 // Walk through every wanted DB-Mount and check if it allowed for the current user
530 foreach ($dbMounts as $dbMount) {
531 $uid = intval(substr($dbMount, strrpos($dbMount, '_') + 1));
532 $page = \TYPO3\CMS\Backend\Utility\BackendUtility::getRecord('pages', $uid);
533 // Check rootline and access rights
534 if ($this->checkRootline($uid) && $GLOBALS['BE_USER']->calcPerms($page)) {
535 $cleanDbMountList[] = 'pages_' . $uid;
536 }
537 }
538 // Build the clean list
539 $appliedDbMounts = implode(',', $cleanDbMountList);
540 }
541 return $appliedDbMounts;
542 }
543
544 /**
545 * Check if a page is inside the rootline the current user can see
546 *
547 * @param integer $pageId Id of the the page to be checked
548 * @return boolean Access to the page
549 */
550 protected function checkRootline($pageId) {
551 $access = FALSE;
552 $dbMounts = array_flip(explode(',', trim($GLOBALS['BE_USER']->dataLists['webmount_list'], ',')));
553 $rootline = \TYPO3\CMS\Backend\Utility\BackendUtility::BEgetRootLine($pageId);
554 foreach ($rootline as $page) {
555 if (isset($dbMounts[$page['uid']]) && !$access) {
556 $access = TRUE;
557 }
558 }
559 return $access;
560 }
561
562 /**
563 * Add additional JavaScript to use the tceform select box
564 *
565 * @return void
566 */
567 protected function JScode() {
568 $this->t3lib_TCEforms = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Backend\\Form\\FormEngine');
569 $this->t3lib_TCEforms->backPath = $GLOBALS['BACK_PATH'];
570 $js = $this->t3lib_TCEforms->dbFileCon();
571 $this->taskObject->doc->JScodeArray[] = $js;
572 return $js;
573 }
574
575 /**
576 * Create a user directory if defined
577 *
578 * @param integer $uid Id of the user record
579 * @return void
580 */
581 protected function action_createDir($uid) {
582 $path = $this->action_getUserMainDir();
583 if ($path) {
584 \TYPO3\CMS\Core\Utility\GeneralUtility::mkdir($path . $uid);
585 \TYPO3\CMS\Core\Utility\GeneralUtility::mkdir($path . $uid . '/_temp_/');
586 }
587 }
588
589 /**
590 * Get the path to the user home directory which is set in the localconf.php
591 *
592 * @return string Path
593 */
594 protected function action_getUserMainDir() {
595 $path = $GLOBALS['TYPO3_CONF_VARS']['BE']['userHomePath'];
596 // If path is set and a valid directory
597 if ($path && @is_dir($path) && $GLOBALS['TYPO3_CONF_VARS']['BE']['lockRootPath'] && \TYPO3\CMS\Core\Utility\GeneralUtility::isFirstPartOfStr($path, $GLOBALS['TYPO3_CONF_VARS']['BE']['lockRootPath']) && substr($path, -1) == '/') {
598 return $path;
599 }
600 }
601
602 /**
603 * Get all allowed usergroups which can be applied to a user record
604 *
605 * @param array $record sys_action record
606 * @param array $vars Selected be_user record
607 * @return string Rendered user groups
608 */
609 protected function getUsergroups($record, $vars) {
610 $content = '';
611 // Do nothing if no groups are allowed
612 if (empty($record['t1_allowed_groups'])) {
613 return $content;
614 }
615 $content .= '<option value=""></option>';
616 $grList = \TYPO3\CMS\Core\Utility\GeneralUtility::trimExplode(',', $record['t1_allowed_groups'], 1);
617 foreach ($grList as $group) {
618 $checkGroup = \TYPO3\CMS\Backend\Utility\BackendUtility::getRecord('be_groups', $group);
619 if (is_array($checkGroup)) {
620 $selected = \TYPO3\CMS\Core\Utility\GeneralUtility::inList($vars['usergroup'], $checkGroup['uid']) ? ' selected="selected" ' : '';
621 $content .= '<option ' . $selected . 'value="' . $checkGroup['uid'] . '">' . htmlspecialchars($checkGroup['title']) . '</option>';
622 }
623 }
624 return $content;
625 }
626
627 /**
628 * Action to create a new record
629 *
630 * @param array $record sys_action record
631 * @return void Redirect to form to create a record
632 */
633 protected function viewNewRecord($record) {
634 $returnUrl = rawurlencode('mod.php?M=user_task');
635 $link = \TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('TYPO3_REQUEST_DIR') . $GLOBALS['BACK_PATH'] . 'alt_doc.php?returnUrl=' . $returnUrl . '&edit[' . $record['t3_tables'] . '][' . intval($record['t3_listPid']) . ']=new';
636 \TYPO3\CMS\Core\Utility\HttpUtility::redirect($link);
637 }
638
639 /**
640 * Action to edit records
641 *
642 * @param array $record sys_action record
643 * @return string list of records
644 */
645 protected function viewEditRecord($record) {
646 $content = '';
647 $actionList = array();
648 $dbAnalysis = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Database\\RelationHandler');
649 $dbAnalysis->fromTC = 0;
650 $dbAnalysis->start($record['t4_recordsToEdit'], '*');
651 $dbAnalysis->getFromDB();
652 // collect the records
653 foreach ($dbAnalysis->itemArray as $el) {
654 $path = \TYPO3\CMS\Backend\Utility\BackendUtility::getRecordPath($el['id'], $this->taskObject->perms_clause, $GLOBALS['BE_USER']->uc['titleLen']);
655 $record = \TYPO3\CMS\Backend\Utility\BackendUtility::getRecord($el['table'], $dbAnalysis->results[$el['table']][$el['id']]);
656 $title = \TYPO3\CMS\Backend\Utility\BackendUtility::getRecordTitle($el['table'], $dbAnalysis->results[$el['table']][$el['id']]);
657 $description = $GLOBALS['LANG']->sL($GLOBALS['TCA'][$el['table']]['ctrl']['title'], 1);
658 // @todo: which information could be needfull
659 if (isset($record['crdate'])) {
660 $description .= ' - ' . \TYPO3\CMS\Backend\Utility\BackendUtility::dateTimeAge($record['crdate']);
661 }
662 $actionList[$el['id']] = array(
663 'title' => $title,
664 'description' => \TYPO3\CMS\Backend\Utility\BackendUtility::getRecordTitle($el['table'], $dbAnalysis->results[$el['table']][$el['id']]),
665 'descriptionHtml' => $description,
666 'link' => $GLOBALS['BACK_PATH'] . 'alt_doc.php?returnUrl=' . rawurlencode(\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('REQUEST_URI')) . '&edit[' . $el['table'] . '][' . $el['id'] . ']=edit',
667 'icon' => \t3lib_iconworks::getSpriteIconForRecord($el['table'], $dbAnalysis->results[$el['table']][$el['id']], array('title' => htmlspecialchars($path)))
668 );
669 }
670 // Render the record list
671 $content .= $this->taskObject->renderListMenu($actionList);
672 return $content;
673 }
674
675 /**
676 * Action to view the result of a SQL query
677 *
678 * @param array $record sys_action record
679 * @return string Result of the query
680 */
681 protected function viewSqlQuery($record) {
682 $content = '';
683 if (\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::isLoaded('lowlevel')) {
684 $sql_query = unserialize($record['t2_data']);
685 if (!is_array($sql_query) || is_array($sql_query) && strtoupper(substr(trim($sql_query['qSelect']), 0, 6)) === 'SELECT') {
686 $actionContent = '';
687 $fullsearch = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Database\\QueryView');
688 $fullsearch->formW = 40;
689 $fullsearch->noDownloadB = 1;
690 $type = $sql_query['qC']['search_query_makeQuery'];
691 if ($sql_query['qC']['labels_noprefix'] === 'on') {
692 $GLOBALS['SOBE']->MOD_SETTINGS['labels_noprefix'] = 'on';
693 }
694 $sqlQuery = $sql_query['qSelect'];
695 $queryIsEmpty = FALSE;
696 if ($sqlQuery) {
697 $res = $GLOBALS['TYPO3_DB']->sql_query($sqlQuery);
698 if (!$GLOBALS['TYPO3_DB']->sql_error()) {
699 $fullsearch->formW = 48;
700 // Additional configuration
701 $GLOBALS['SOBE']->MOD_SETTINGS['search_result_labels'] = 1;
702 $cP = $fullsearch->getQueryResultCode($type, $res, $sql_query['qC']['queryTable']);
703 $actionContent = $cP['content'];
704 // If the result is rendered as csv or xml, show a download link
705 if ($type === 'csv' || $type === 'xml') {
706 $actionContent .= '<br /><br /><a href="' . \TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('REQUEST_URI') . '&download_file=1"><strong>' . $GLOBALS['LANG']->getLL('action_download_file') . '</strong></a>';
707 }
708 } else {
709 $actionContent .= $GLOBALS['TYPO3_DB']->sql_error();
710 }
711 } else {
712 // Query is empty (not built)
713 $queryIsEmpty = TRUE;
714 $flashMessage = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Messaging\\FlashMessage', $GLOBALS['LANG']->getLL('action_emptyQuery', TRUE), $GLOBALS['LANG']->getLL('action_error'), \TYPO3\CMS\Core\Messaging\FlashMessage::ERROR);
715 $content .= '<br />' . $flashMessage->render();
716 }
717 // Admin users are allowed to see and edit the query
718 if ($GLOBALS['BE_USER']->isAdmin()) {
719 if (!$queryIsEmpty) {
720 $actionContent .= '<hr /> ' . $fullsearch->tableWrap($sql_query['qSelect']);
721 }
722 $actionContent .= '<br /><a title="' . $GLOBALS['LANG']->getLL('action_editQuery') . '" href="'
723 . \TYPO3\CMS\Backend\Utility\BackendUtility::getModuleUrl('tools_dbint')
724 . '&id=' . '&SET[function]=search' . '&SET[search]=query'
725 . '&storeControl[STORE]=-' . $record['uid'] . '&storeControl[LOAD]=1' . '">
726 <img class="icon"' . \TYPO3\CMS\Backend\Utility\IconUtility::skinImg($GLOBALS['BACK_PATH'],
727 'gfx/edit2.gif') . ' alt="" />' . $GLOBALS['LANG']->getLL(($queryIsEmpty ? 'action_createQuery'
728 : 'action_editQuery')) . '</a><br /><br />';
729 }
730 $content .= $this->taskObject->doc->section($GLOBALS['LANG']->getLL('action_t2_result'), $actionContent, 0, 1);
731 } else {
732 // Query is not configured
733 $flashMessage = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Messaging\\FlashMessage', $GLOBALS['LANG']->getLL('action_notReady', TRUE), $GLOBALS['LANG']->getLL('action_error'), \TYPO3\CMS\Core\Messaging\FlashMessage::ERROR);
734 $content .= '<br />' . $flashMessage->render();
735 }
736 } else {
737 // Required sysext lowlevel is not installed
738 $flashMessage = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Messaging\\FlashMessage', $GLOBALS['LANG']->getLL('action_lowlevelMissing', TRUE), $GLOBALS['LANG']->getLL('action_error'), \TYPO3\CMS\Core\Messaging\FlashMessage::ERROR);
739 $content .= '<br />' . $flashMessage->render();
740 }
741 return $content;
742 }
743
744 /**
745 * Action to create a list of records of a specific table and pid
746 *
747 * @param array $record sys_action record
748 * @return string list of records
749 */
750 protected function viewRecordList($record) {
751 $content = '';
752 $this->id = intval($record['t3_listPid']);
753 $this->table = $record['t3_tables'];
754 if ($this->id == 0 || $this->table == '') {
755 $flashMessage = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Messaging\\FlashMessage', $GLOBALS['LANG']->getLL('action_notReady', TRUE), $GLOBALS['LANG']->getLL('action_error'), \TYPO3\CMS\Core\Messaging\FlashMessage::ERROR);
756 $content .= '<br />' . $flashMessage->render();
757 return $content;
758 }
759 // Loading current page record and checking access:
760 $this->pageinfo = \TYPO3\CMS\Backend\Utility\BackendUtility::readPageAccess($this->id, $this->taskObject->perms_clause);
761 $access = is_array($this->pageinfo) ? 1 : 0;
762 // If there is access to the page, then render the list contents and set up the document template object:
763 if ($access) {
764 // Initialize the dblist object:
765 $dblist = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\SysAction\\ActionList');
766 $dblist->script = \TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('REQUEST_URI');
767 $dblist->backPath = $GLOBALS['BACK_PATH'];
768 $dblist->calcPerms = $GLOBALS['BE_USER']->calcPerms($this->pageinfo);
769 $dblist->thumbs = $GLOBALS['BE_USER']->uc['thumbnailsByDefault'];
770 $dblist->returnUrl = $this->taskObject->returnUrl;
771 $dblist->allFields = 1;
772 $dblist->localizationView = 1;
773 $dblist->showClipboard = 0;
774 $dblist->disableSingleTableView = 1;
775 $dblist->pageRow = $this->pageinfo;
776 $dblist->counter++;
777 $dblist->MOD_MENU = array('bigControlPanel' => '', 'clipBoard' => '', 'localization' => '');
778 $dblist->modTSconfig = $this->taskObject->modTSconfig;
779 $dblist->dontShowClipControlPanels = $CLIENT['FORMSTYLE'] && !$this->taskObject->MOD_SETTINGS['bigControlPanel'] && $dblist->clipObj->current == 'normal' && !$this->modTSconfig['properties']['showClipControlPanelsDespiteOfCMlayers'];
780 // Initialize the listing object, dblist, for rendering the list:
781 $this->pointer = \TYPO3\CMS\Core\Utility\MathUtility::forceIntegerInRange(\TYPO3\CMS\Core\Utility\GeneralUtility::_GP('pointer'), 0, 100000);
782 $dblist->start($this->id, $this->table, $this->pointer, $this->taskObject->search_field, $this->taskObject->search_levels, $this->taskObject->showLimit);
783 $dblist->setDispFields();
784 // Render the list of tables:
785 $dblist->generateList();
786 // Add JavaScript functions to the page:
787 $this->taskObject->doc->JScode = $this->taskObject->doc->wrapScriptTags('
788
789 function jumpToUrl(URL) {
790 window.location.href = URL;
791 return false;
792 }
793 function jumpExt(URL,anchor) {
794 var anc = anchor?anchor:"";
795 window.location.href = URL+(T3_THIS_LOCATION?"&returnUrl="+T3_THIS_LOCATION:"")+anc;
796 return false;
797 }
798 function jumpSelf(URL) {
799 window.location.href = URL+(T3_RETURN_URL?"&returnUrl="+T3_RETURN_URL:"");
800 return false;
801 }
802
803 function setHighlight(id) {
804 top.fsMod.recentIds["web"]=id;
805 top.fsMod.navFrameHighlightedID["web"]="pages"+id+"_"+top.fsMod.currentBank; // For highlighting
806
807 if (top.content && top.content.nav_frame && top.content.nav_frame.refresh_nav) {
808 top.content.nav_frame.refresh_nav();
809 }
810 }
811
812 ' . $dblist->CBfunctions() . '
813 function editRecords(table,idList,addParams,CBflag) {
814 window.location.href="' . $GLOBALS['BACK_PATH'] . 'alt_doc.php?returnUrl=' . rawurlencode(\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('REQUEST_URI')) . '&edit["+table+"]["+idList+"]=edit"+addParams;
815 }
816 function editList(table,idList) {
817 var list="";
818
819 // Checking how many is checked, how many is not
820 var pointer=0;
821 var pos = idList.indexOf(",");
822 while (pos!=-1) {
823 if (cbValue(table+"|"+idList.substr(pointer,pos-pointer))) {
824 list+=idList.substr(pointer,pos-pointer)+",";
825 }
826 pointer=pos+1;
827 pos = idList.indexOf(",",pointer);
828 }
829 if (cbValue(table+"|"+idList.substr(pointer))) {
830 list+=idList.substr(pointer)+",";
831 }
832
833 return list ? list : idList;
834 }
835 T3_THIS_LOCATION = "' . rawurlencode(\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('REQUEST_URI')) . '";
836
837 if (top.fsMod) top.fsMod.recentIds["web"] = ' . intval($this->id) . ';
838 ');
839 // Setting up the context sensitive menu:
840 $this->taskObject->doc->getContextMenuCode();
841 // Begin to compile the whole page
842 $content .= '<form action="' . htmlspecialchars($dblist->listURL()) . '" method="post" name="dblistForm">' . $dblist->HTMLcode . '<input type="hidden" name="cmd_table" /><input type="hidden" name="cmd" />
843 </form>';
844 // If a listing was produced, create the page footer with search form etc:
845 if ($dblist->HTMLcode) {
846 // Making field select box (when extended view for a single table is enabled):
847 if ($dblist->table) {
848 $tmpBackpath = $GLOBALS['BACK_PATH'];
849 $GLOBALS['BACK_PATH'] = '';
850 $content .= $dblist->fieldSelectBox($dblist->table);
851 $GLOBALS['BACK_PATH'] = $tmpBackpath;
852 }
853 }
854 } else {
855 // Not enough rights to access the list view or the page
856 $flashMessage = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Messaging\\FlashMessage', $GLOBALS['LANG']->getLL('action_error-access', TRUE), $GLOBALS['LANG']->getLL('action_error'), \TYPO3\CMS\Core\Messaging\FlashMessage::ERROR);
857 $content .= $flashMessage->render();
858 }
859 return $content;
860 }
861
862 }
863
864
865 ?>