6ab20752a03d232f7b6af7d01b308fbbd24dcd8d
[Packages/TYPO3.CMS.git] / typo3 / sysext / beuser / Classes / Controller / PermissionAjaxController.php
1 <?php
2 namespace TYPO3\CMS\Beuser\Controller;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use Psr\Http\Message\ResponseInterface;
18 use Psr\Http\Message\ServerRequestInterface;
19 use TYPO3\CMS\Backend\Utility\BackendUtility;
20 use TYPO3\CMS\Core\DataHandling\DataHandler;
21 use TYPO3\CMS\Core\Imaging\Icon;
22 use TYPO3\CMS\Core\Imaging\IconFactory;
23 use TYPO3\CMS\Core\Utility\ExtensionManagementUtility;
24 use TYPO3\CMS\Core\Utility\GeneralUtility;
25 use TYPO3\CMS\Fluid\View\StandaloneView;
26
27 /**
28 * This class extends the permissions module in the TYPO3 Backend to provide
29 * convenient methods of editing of page permissions (including page ownership
30 * (user and group)) via new AjaxRequestHandler facility
31 */
32 class PermissionAjaxController
33 {
34 /**
35 * The local configuration array
36 *
37 * @var array
38 */
39 protected $conf = [];
40
41 /**
42 * @var IconFactory
43 */
44 protected $iconFactory;
45
46 /**
47 * The constructor of this class
48 */
49 public function __construct()
50 {
51 $this->iconFactory = GeneralUtility::makeInstance(IconFactory::class);
52 $this->getLanguageService()->includeLLFile('EXT:lang/Resources/Private/Language/locallang_mod_web_perm.xlf');
53 // Configuration, variable assignment
54 $this->conf['page'] = GeneralUtility::_POST('page');
55 $this->conf['who'] = GeneralUtility::_POST('who');
56 $this->conf['mode'] = GeneralUtility::_POST('mode');
57 $this->conf['bits'] = (int)GeneralUtility::_POST('bits');
58 $this->conf['permissions'] = (int)GeneralUtility::_POST('permissions');
59 $this->conf['action'] = GeneralUtility::_POST('action');
60 $this->conf['ownerUid'] = (int)GeneralUtility::_POST('ownerUid');
61 $this->conf['username'] = GeneralUtility::_POST('username');
62 $this->conf['groupUid'] = (int)GeneralUtility::_POST('groupUid');
63 $this->conf['groupname'] = GeneralUtility::_POST('groupname');
64 $this->conf['editLockState'] = (int)GeneralUtility::_POST('editLockState');
65 $this->conf['new_owner_uid'] = (int)GeneralUtility::_POST('newOwnerUid');
66 $this->conf['new_group_uid'] = (int)GeneralUtility::_POST('newGroupUid');
67 }
68
69 /**
70 * The main dispatcher function. Collect data and prepare HTML output.
71 *
72 * @param ServerRequestInterface $request
73 * @param ResponseInterface $response
74 * @return ResponseInterface
75 */
76 public function dispatch(ServerRequestInterface $request, ResponseInterface $response)
77 {
78 $extPath = ExtensionManagementUtility::extPath('beuser');
79
80 $view = GeneralUtility::makeInstance(StandaloneView::class);
81 $view->setPartialRootPaths(['default' => ExtensionManagementUtility::extPath('beuser') . 'Resources/Private/Partials']);
82 $view->assign('pageId', $this->conf['page']);
83
84 $content = '';
85 // Basic test for required value
86 if ($this->conf['page'] > 0) {
87 // Init TCE for execution of update
88 /** @var $tce DataHandler */
89 $tce = GeneralUtility::makeInstance(DataHandler::class);
90 // Determine the scripts to execute
91 switch ($this->conf['action']) {
92 case 'show_change_owner_selector':
93 $content = $this->renderUserSelector($this->conf['page'], $this->conf['ownerUid'], $this->conf['username']);
94 break;
95 case 'change_owner':
96 $userId = $this->conf['new_owner_uid'];
97 if (is_int($userId)) {
98 // Prepare data to change
99 $data = [];
100 $data['pages'][$this->conf['page']]['perms_userid'] = $userId;
101 // Execute TCE Update
102 $tce->start($data, []);
103 $tce->process_datamap();
104
105 $view->setTemplatePathAndFilename($extPath . 'Resources/Private/Templates/PermissionAjax/ChangeOwner.html');
106 $view->assign('userId', $userId);
107 $usernameArray = BackendUtility::getUserNames('username', ' AND uid = ' . $userId);
108 $view->assign('username', $usernameArray[$userId]['username']);
109 $content = $view->render();
110 } else {
111 $response->getBody()->write('An error occurred: No page owner uid specified');
112 $response = $response->withStatus(500);
113 }
114 break;
115 case 'show_change_group_selector':
116 $content = $this->renderGroupSelector($this->conf['page'], $this->conf['groupUid'], $this->conf['groupname']);
117 break;
118 case 'change_group':
119 $groupId = $this->conf['new_group_uid'];
120 if (is_int($groupId)) {
121 // Prepare data to change
122 $data = [];
123 $data['pages'][$this->conf['page']]['perms_groupid'] = $groupId;
124 // Execute TCE Update
125 $tce->start($data, []);
126 $tce->process_datamap();
127
128 $view->setTemplatePathAndFilename($extPath . 'Resources/Private/Templates/PermissionAjax/ChangeGroup.html');
129 $view->assign('groupId', $groupId);
130 $groupnameArray = BackendUtility::getGroupNames('title', ' AND uid = ' . $groupId);
131 $view->assign('groupname', $groupnameArray[$groupId]['title']);
132 $content = $view->render();
133 } else {
134 $response->getBody()->write('An error occurred: No page group uid specified');
135 $response = $response->withStatus(500);
136 }
137 break;
138 case 'toggle_edit_lock':
139 // Prepare data to change
140 $data = [];
141 $data['pages'][$this->conf['page']]['editlock'] = $this->conf['editLockState'] === 1 ? 0 : 1;
142 // Execute TCE Update
143 $tce->start($data, []);
144 $tce->process_datamap();
145 $content = $this->renderToggleEditLock($this->conf['page'], $data['pages'][$this->conf['page']]['editlock']);
146 break;
147 default:
148 if ($this->conf['mode'] === 'delete') {
149 $this->conf['permissions'] = (int)($this->conf['permissions'] - $this->conf['bits']);
150 } else {
151 $this->conf['permissions'] = (int)($this->conf['permissions'] + $this->conf['bits']);
152 }
153 // Prepare data to change
154 $data = [];
155 $data['pages'][$this->conf['page']]['perms_' . $this->conf['who']] = $this->conf['permissions'];
156 // Execute TCE Update
157 $tce->start($data, []);
158 $tce->process_datamap();
159
160 $view->setTemplatePathAndFilename($extPath . 'Resources/Private/Templates/PermissionAjax/ChangePermission.html');
161 $view->assign('permission', $this->conf['permissions']);
162 $view->assign('scope', $this->conf['who']);
163 $content = $view->render();
164 }
165 } else {
166 $response->getBody()->write('This script cannot be called directly');
167 $response = $response->withStatus(500);
168 }
169 $response->getBody()->write($content);
170 $response = $response->withHeader('Content-Type', 'text/html; charset=utf-8');
171 return $response;
172 }
173
174 /**
175 * Generate the user selector element
176 *
177 * @param int $page The page id to change the user for
178 * @param int $ownerUid The page owner uid
179 * @param string $username The username to display
180 * @return string The html select element
181 */
182 protected function renderUserSelector($page, $ownerUid, $username = '')
183 {
184 $page = (int)$page;
185 $ownerUid = (int)$ownerUid;
186 // Get usernames
187 $beUsers = BackendUtility::getUserNames();
188 // Owner selector:
189 $options = '';
190 // Loop through the users
191 foreach ($beUsers as $uid => $row) {
192 $uid = (int)$uid;
193 $selected = $uid === $ownerUid ? ' selected="selected"' : '';
194 $options .= '<option value="' . $uid . '"' . $selected . '>' . htmlspecialchars($row['username']) . '</option>';
195 }
196 $elementId = 'o_' . $page;
197 $options = '<option value="0"></option>' . $options;
198 $selector = '<select name="new_page_owner" id="new_page_owner">' . $options . '</select>';
199 $saveButton = '<a class="saveowner btn btn-default" data-page="' . $page . '" data-owner="' . $ownerUid . '" data-element-id="' . $elementId . '" title="Change owner">' . $this->iconFactory->getIcon('actions-document-save', Icon::SIZE_SMALL)->render() . '</a>';
200 $cancelButton = '<a class="restoreowner btn btn-default" data-page="' . $page . '" data-owner="' . $ownerUid . '" data-element-id="' . $elementId . '"' . (!empty($username) ? ' data-username="' . htmlspecialchars($username) . '"' : '') . ' title="Cancel">' . $this->iconFactory->getIcon('actions-close', Icon::SIZE_SMALL)->render() . '</a>';
201 return '<span id="' . $elementId . '">'
202 . $selector
203 . '<span class="btn-group">'
204 . $saveButton
205 . $cancelButton
206 . '</span>'
207 . '</span>';
208 }
209
210 /**
211 * Generate the group selector element
212 *
213 * @param int $page The page id to change the user for
214 * @param int $groupUid The page group uid
215 * @param string $groupname The groupname to display
216 * @return string The html select element
217 */
218 protected function renderGroupSelector($page, $groupUid, $groupname = '')
219 {
220 $page = (int)$page;
221 $groupUid = (int)$groupUid;
222
223 // Get usernames
224 $beGroupsO = $beGroups = BackendUtility::getGroupNames();
225 // Group selector:
226 $options = '';
227 // flag: is set if the page-groupid equals one from the group-list
228 $userset = 0;
229 // Loop through the groups
230 foreach ($beGroups as $uid => $row) {
231 $uid = (int)$uid;
232 if ($uid === $groupUid) {
233 $userset = 1;
234 $selected = ' selected="selected"';
235 } else {
236 $selected = '';
237 }
238 $options .= '<option value="' . $uid . '"' . $selected . '>' . htmlspecialchars($row['title']) . '</option>';
239 }
240 // If the group was not set AND there is a group for the page
241 if (!$userset && $groupUid) {
242 $options = '<option value="' . $groupUid . '" selected="selected">' .
243 htmlspecialchars($beGroupsO[$groupUid]['title']) . '</option>' . $options;
244 }
245 $elementId = 'g_' . $page;
246 $options = '<option value="0"></option>' . $options;
247 $selector = '<select name="new_page_group" id="new_page_group">' . $options . '</select>';
248 $saveButton = '<a class="savegroup btn btn-default" data-page="' . $page . '" data-group="' . $groupUid . '" data-element-id="' . $elementId . '" title="Change group">' . $this->iconFactory->getIcon('actions-document-save', Icon::SIZE_SMALL)->render() . '</a>';
249 $cancelButton = '<a class="restoregroup btn btn-default" data-page="' . $page . '" data-group="' . $groupUid . '" data-element-id="' . $elementId . '"' . (!empty($groupname) ? ' data-groupname="' . htmlspecialchars($groupname) . '"' : '') . ' title="Cancel">' . $this->iconFactory->getIcon('actions-close', Icon::SIZE_SMALL)->render() . '</a>';
250 return '<span id="' . $elementId . '">'
251 . $selector
252 . '<span class="btn-group">'
253 . $saveButton
254 . $cancelButton
255 . '</span>'
256 . '</span>';
257 }
258
259 /**
260 * Print the string with the new edit lock state of a page record
261 *
262 * @param int $page The TYPO3 page id
263 * @param string $editLockState The state of the TYPO3 page (locked, unlocked)
264 * @return string The new edit lock string wrapped in HTML
265 */
266 protected function renderToggleEditLock($page, $editLockState)
267 {
268 $page = (int)$page;
269 if ($editLockState === 1) {
270 $ret = '<span id="el_' . $page . '"><a class="editlock btn btn-default" data-page="' . $page . '" data-lockstate="1" title="The page and all content is locked for editing by all non-Admin users.">' . $this->iconFactory->getIcon('actions-lock', Icon::SIZE_SMALL)->render() . '</a></span>';
271 } else {
272 $ret = '<span id="el_' . $page . '"><a class="editlock btn btn-default" data-page="' . $page . '" data-lockstate="0" title="Enable the &raquo;Admin-only&laquo; edit lock for this page">' . $this->iconFactory->getIcon('actions-unlock', Icon::SIZE_SMALL)->render() . '</a></span>';
273 }
274 return $ret;
275 }
276
277 /**
278 * @return \TYPO3\CMS\Core\Localization\LanguageService
279 */
280 protected function getLanguageService()
281 {
282 return $GLOBALS['LANG'];
283 }
284
285 /**
286 * @return \TYPO3\CMS\Core\Authentication\BackendUserAuthentication
287 */
288 protected function getBackendUser()
289 {
290 return $GLOBALS['BE_USER'];
291 }
292 }