88d3966d99ef531db96fc2f4dad295ffbac0ddbf
[Packages/TYPO3.CMS.git] / typo3 / sysext / core / Classes / Resource / Security / StoragePermissionsAspect.php
1 <?php
2 namespace TYPO3\CMS\Core\Resource\Security;
3
4 /***************************************************************
5 * Copyright notice
6 *
7 * (c) 2013 Helmut Hummel <helmut.hummel@typo3.org>
8 * All rights reserved
9 *
10 * This script is part of the TYPO3 project. The TYPO3 project is
11 * free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * The GNU General Public License can be found at
17 * http://www.gnu.org/copyleft/gpl.html.
18 * A copy is found in the textfile GPL.txt and important notices to the license
19 * from the author is found in LICENSE.txt distributed with these scripts.
20 *
21 *
22 * This script is distributed in the hope that it will be useful,
23 * but WITHOUT ANY WARRANTY; without even the implied warranty of
24 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
25 * GNU General Public License for more details.
26 *
27 * This copyright notice MUST APPEAR in all copies of the script!
28 ***************************************************************/
29
30 use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
31 use TYPO3\CMS\Core\Resource\Exception\FolderDoesNotExistException;
32 use TYPO3\CMS\Core\Resource\ResourceFactory;
33 use TYPO3\CMS\Core\Resource\ResourceStorage;
34
35 /**
36 * Class StoragePermissionsAspect
37 *
38 * We do not have AOP in TYPO3 for now, thus the acspect which
39 * deals with resource security is a slot which reacts on a signal
40 * on storage object creation.
41 *
42 * The aspect injects user permissions and mount points into the storage
43 * based on user or group configuration.
44 *
45 * @package TYPO3\CMS\Core\Resource\Security
46 */
47 class StoragePermissionsAspect {
48
49 /**
50 * @var BackendUserAuthentication
51 */
52 protected $backendUserAuthentication;
53
54 /**
55 * @var array
56 */
57 protected $defaultStorageZeroPermissions = array(
58 'readFolder' => TRUE,
59 'readFile' => TRUE
60 );
61
62
63 /**
64 * @param BackendUserAuthentication|null $backendUserAuthentication
65 */
66 public function __construct($backendUserAuthentication = NULL) {
67 $this->backendUserAuthentication = $backendUserAuthentication ?: $GLOBALS['BE_USER'];
68 }
69
70 /**
71 * The slot for the signal in ResourceFactory where storage objects are created
72 *
73 * @param ResourceFactory $resourceFactory
74 * @param ResourceStorage $storage
75 */
76 public function addUserPermissionsToStorage(ResourceFactory $resourceFactory, ResourceStorage $storage) {
77 if (!$this->backendUserAuthentication->isAdmin()) {
78 $storage->setEvaluatePermissions(TRUE);
79 if ($storage->getUid() > 0) {
80 $storage->setUserPermissions($this->backendUserAuthentication->getFilePermissionsForStorage($storage));
81 } else {
82 $storage->setEvaluatePermissions(FALSE);
83 }
84 $this->addFileMountsToStorage($storage);
85 }
86 }
87
88 /**
89 * Adds file mounts from the user's file mount records
90 *
91 * @param ResourceStorage $storage
92 */
93 protected function addFileMountsToStorage(ResourceStorage $storage) {
94 foreach ($this->backendUserAuthentication->getFileMountRecords() as $fileMountRow) {
95 if ((int)$fileMountRow['base'] === (int)$storage->getUid()) {
96 try {
97 $storage->addFileMount($fileMountRow['path'], $fileMountRow);
98 } catch (FolderDoesNotExistException $e) {
99 // That file mount does not seem to be valid, fail silently
100 }
101 }
102 }
103 }
104 }