[FEATURE] Add Contexts for storing data access modes
[Packages/TYPO3.CMS.git] / typo3 / sysext / frontend / Classes / Middleware / PageResolver.php
1 <?php
2 declare(strict_types = 1);
3 namespace TYPO3\CMS\Frontend\Middleware;
4
5 /*
6 * This file is part of the TYPO3 CMS project.
7 *
8 * It is free software; you can redistribute it and/or modify it under
9 * the terms of the GNU General Public License, either version 2
10 * of the License, or any later version.
11 *
12 * For the full copyright and license information, please read the
13 * LICENSE.txt file that was distributed with this source code.
14 *
15 * The TYPO3 project - inspiring people to share!
16 */
17
18 use Psr\Http\Message\ResponseInterface;
19 use Psr\Http\Message\ServerRequestInterface;
20 use Psr\Http\Server\MiddlewareInterface;
21 use Psr\Http\Server\RequestHandlerInterface;
22 use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
23 use TYPO3\CMS\Core\Context\Context;
24 use TYPO3\CMS\Core\Context\UserAspect;
25 use TYPO3\CMS\Core\Context\WorkspaceAspect;
26 use TYPO3\CMS\Core\Type\Bitmask\Permission;
27 use TYPO3\CMS\Core\Utility\GeneralUtility;
28 use TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController;
29
30 /**
31 * Process the ID, type and other parameters.
32 * After this point we have an array, TSFE->page, which is the page-record of the current page, $TSFE->id.
33 *
34 * Now, if there is a backend user logged in and he has NO access to this page,
35 * then re-evaluate the id shown!
36 */
37 class PageResolver implements MiddlewareInterface
38 {
39 /**
40 * Resolve the page ID
41 *
42 * @param ServerRequestInterface $request
43 * @param RequestHandlerInterface $handler
44 * @return ResponseInterface
45 */
46 public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
47 {
48 $GLOBALS['TSFE']->siteScript = $request->getAttribute('normalizedParams')->getSiteScript();
49 $this->checkAlternativeIdMethods($GLOBALS['TSFE']);
50 $GLOBALS['TSFE']->determineId();
51
52 // No access? Then remove user & Re-evaluate the page-id
53 if ($GLOBALS['TSFE']->isBackendUserLoggedIn() && !$GLOBALS['BE_USER']->doesUserHaveAccess($GLOBALS['TSFE']->page, Permission::PAGE_SHOW)) {
54 unset($GLOBALS['BE_USER']);
55 // Register an empty backend user as aspect
56 $this->setBackendUserAspect(GeneralUtility::makeInstance(Context::class), null);
57 $this->checkAlternativeIdMethods($GLOBALS['TSFE']);
58 $GLOBALS['TSFE']->determineId();
59 }
60
61 // Evaluate the cache hash parameter
62 $GLOBALS['TSFE']->makeCacheHash();
63
64 return $handler->handle($request);
65 }
66
67 /**
68 * Provides ways to bypass the '?id=[xxx]&type=[xx]' format, using either PATH_INFO or Server Rewrites
69 *
70 * Two options:
71 * 1) Use PATH_INFO (also Apache) to extract id and type from that var. Does not require any special modules compiled with apache. (less typical)
72 * 2) Using hook which enables features like those provided from "realurl" extension (AKA "Speaking URLs")
73 *
74 * @param TypoScriptFrontendController $tsfe
75 */
76 protected function checkAlternativeIdMethods(TypoScriptFrontendController $tsfe)
77 {
78 // Call post processing function for custom URL methods.
79 $_params = ['pObj' => &$tsfe];
80 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tslib/class.tslib_fe.php']['checkAlternativeIdMethods-PostProc'] ?? [] as $_funcRef) {
81 GeneralUtility::callUserFunction($_funcRef, $_params, $tsfe);
82 }
83 }
84
85 /**
86 * Register the backend user as aspect
87 *
88 * @param Context $context
89 * @param BackendUserAuthentication $user
90 */
91 protected function setBackendUserAspect(Context $context, BackendUserAuthentication $user = null)
92 {
93 $context->setAspect('backend.user', GeneralUtility::makeInstance(UserAspect::class, $user));
94 $context->setAspect('workspace', GeneralUtility::makeInstance(WorkspaceAspect::class, $user ? $user->workspace : 0));
95 }
96 }