6174be3f54509ac643b48b77c419bb40ca32852a
[Packages/TYPO3.CMS.git] / typo3 / sysext / backend / Classes / Security / CategoryPermissionsAspect.php
1 <?php
2 namespace TYPO3\CMS\Backend\Security;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use TYPO3\CMS\Backend\Tree\TreeNode;
18 use TYPO3\CMS\Backend\Tree\TreeNodeCollection;
19 use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
20 use TYPO3\CMS\Core\Tree\TableConfiguration\DatabaseTreeDataProvider;
21
22 /**
23 * We do not have AOP in TYPO3 for now, thus the aspect which
24 * deals with tree data security is a slot which reacts on a signal
25 * on data data object initialization.
26 *
27 * The aspect define category mount points according to BE User permissions.
28 */
29 class CategoryPermissionsAspect
30 {
31 /**
32 * @var string
33 */
34 protected $categoryTableName = 'sys_category';
35
36 /**
37 * @var BackendUserAuthentication
38 */
39 protected $backendUserAuthentication;
40
41 /**
42 * @param BackendUserAuthentication|null $backendUserAuthentication
43 */
44 public function __construct($backendUserAuthentication = null)
45 {
46 $this->backendUserAuthentication = $backendUserAuthentication ?: $GLOBALS['BE_USER'];
47 }
48
49 /**
50 * The slot for the signal in DatabaseTreeDataProvider, which only affects the TYPO3 Backend
51 *
52 * @param DatabaseTreeDataProvider $dataProvider
53 * @param TreeNode $treeData
54 */
55 public function addUserPermissionsToCategoryTreeData(DatabaseTreeDataProvider $dataProvider, $treeData)
56 {
57 if ((TYPO3_REQUESTTYPE & TYPO3_REQUESTTYPE_BE) && !$this->backendUserAuthentication->isAdmin() && $dataProvider->getTableName() === $this->categoryTableName) {
58
59 // Get User permissions related to category
60 $categoryMountPoints = $this->backendUserAuthentication->getCategoryMountPoints();
61
62 // Backup child nodes to be processed.
63 $treeNodeCollection = $treeData->getChildNodes();
64
65 if (!empty($categoryMountPoints) && !empty($treeNodeCollection)) {
66
67 // First, remove all child nodes which must be analysed to be considered as "secure".
68 // The nodes were backed up in variable $treeNodeCollection beforehand.
69 $treeData->removeChildNodes();
70
71 // Create an empty tree node collection to receive the secured nodes.
72 /** @var TreeNodeCollection $securedTreeNodeCollection */
73 $securedTreeNodeCollection = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance(\TYPO3\CMS\Backend\Tree\TreeNodeCollection::class);
74
75 foreach ($categoryMountPoints as $categoryMountPoint) {
76 $treeNode = $this->lookUpCategoryMountPointInTreeNodes((int)$categoryMountPoint, $treeNodeCollection);
77 if (!is_null($treeNode)) {
78 $securedTreeNodeCollection->append($treeNode);
79 }
80 }
81
82 // Reset child nodes.
83 $treeData->setChildNodes($securedTreeNodeCollection);
84 }
85 }
86 }
87
88 /**
89 * Recursively look up for a category mount point within a tree.
90 *
91 * @param int $categoryMountPoint
92 * @param TreeNodeCollection $treeNodeCollection
93 * @return null|TreeNode
94 */
95 protected function lookUpCategoryMountPointInTreeNodes($categoryMountPoint, TreeNodeCollection $treeNodeCollection)
96 {
97 $result = null;
98
99 // If any User permission, recursively traverse the tree and set tree part as mount point
100 foreach ($treeNodeCollection as $treeNode) {
101
102 /** @var \TYPO3\CMS\Backend\Tree\TreeNode $treeNode */
103 if ((int)$treeNode->getId() === $categoryMountPoint) {
104 $result = $treeNode;
105 break;
106 }
107
108 if ($treeNode->hasChildNodes()) {
109
110 /** @var TreeNode $node */
111 $node = $this->lookUpCategoryMountPointInTreeNodes($categoryMountPoint, $treeNode->getChildNodes());
112 if (! is_null($node)) {
113 $result = $node;
114 break;
115 }
116 }
117 }
118 return $result;
119 }
120 }