958fe365a2f930023aa66f6684e8bb246e103ea3
[Packages/TYPO3.CMS.git] / typo3 / sysext / core / Classes / FrontendEditing / FrontendEditingController.php
1 <?php
2 namespace TYPO3\CMS\Core\FrontendEditing;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use TYPO3\CMS\Core\Type\Bitmask\Permission;
18 use TYPO3\CMS\Core\Utility\GeneralUtility;
19
20 /**
21 * Controller class for frontend editing.
22 *
23 * @author Jeff Segars <jeff@webempoweredchurch.org>
24 * @author David Slayback <dave@webempoweredchurch.org>
25 */
26 class FrontendEditingController {
27
28 /**
29 * GET/POST parameters for the FE editing.
30 * Accessed as $GLOBALS['BE_USER']->frontendEdit->TSFE_EDIT, thus public
31 *
32 * @var array
33 */
34 public $TSFE_EDIT;
35
36 /**
37 * @var \TYPO3\CMS\Core\DataHandling\DataHandler
38 */
39 protected $tce;
40
41 /**
42 * Initializes configuration options.
43 *
44 * @return void
45 */
46 public function initConfigOptions() {
47 $this->TSFE_EDIT = GeneralUtility::_GP('TSFE_EDIT');
48 // Include classes for editing IF editing module in Admin Panel is open
49 if ($GLOBALS['BE_USER']->isFrontendEditingActive()) {
50 if ($this->isEditAction()) {
51 $this->editAction();
52 }
53 }
54 }
55
56 /**
57 * Generates the "edit panels" which can be shown for a page or records on a page when the Admin Panel is enabled for a backend users surfing the frontend.
58 * With the "edit panel" the user will see buttons with links to editing, moving, hiding, deleting the element
59 * This function is used for the cObject EDITPANEL and the stdWrap property ".editPanel"
60 *
61 * @param string $content A content string containing the content related to the edit panel. For cObject "EDITPANEL" this is empty but not so for the stdWrap property. The edit panel is appended to this string and returned.
62 * @param array $conf TypoScript configuration properties for the editPanel
63 * @param string $currentRecord The "table:uid" of the record being shown. If empty string then $this->currentRecord is used. For new records (set by $conf['newRecordFromTable']) it's auto-generated to "[tablename]:NEW
64 * @param array $dataArray Alternative data array to use. Default is $this->data
65 * @return string The input content string with the editPanel appended. This function returns only an edit panel appended to the content string if a backend user is logged in (and has the correct permissions). Otherwise the content string is directly returned.
66 */
67 public function displayEditPanel($content, array $conf, $currentRecord, array $dataArray) {
68 if ($conf['newRecordFromTable']) {
69 $currentRecord = $conf['newRecordFromTable'] . ':NEW';
70 $conf['allow'] = 'new';
71 $checkEditAccessInternals = FALSE;
72 } else {
73 $checkEditAccessInternals = TRUE;
74 }
75 list($table, $uid) = explode(':', $currentRecord);
76 // Page ID for new records, 0 if not specified
77 $newRecordPid = (int)$conf['newRecordInPid'];
78 if (!$conf['onlyCurrentPid'] || $dataArray['pid'] == $GLOBALS['TSFE']->id) {
79 if ($table == 'pages') {
80 $newUid = $uid;
81 } else {
82 if ($conf['newRecordFromTable']) {
83 $newUid = $GLOBALS['TSFE']->id;
84 if ($newRecordPid) {
85 $newUid = $newRecordPid;
86 }
87 } else {
88 $newUid = -1 * $uid;
89 }
90 }
91 }
92 if ($GLOBALS['TSFE']->displayEditIcons && $table && $this->allowedToEdit($table, $dataArray, $conf, $checkEditAccessInternals) && $this->allowedToEditLanguage($table, $dataArray)) {
93 $editClass = $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['typo3/classes/class.frontendedit.php']['edit'];
94 if ($editClass) {
95 $edit = GeneralUtility::getUserObj($editClass, FALSE);
96 if (is_object($edit)) {
97 $allowedActions = $this->getAllowedEditActions($table, $conf, $dataArray['pid']);
98 $content = $edit->editPanel($content, $conf, $currentRecord, $dataArray, $table, $allowedActions, $newUid, $this->getHiddenFields($dataArray));
99 }
100 }
101 }
102 return $content;
103 }
104
105 /**
106 * Adds an edit icon to the content string. The edit icon links to FormEngine with proper parameters for editing the table/fields of the context.
107 * This implements TYPO3 context sensitive editing facilities. Only backend users will have access (if properly configured as well).
108 *
109 * @param string $content The content to which the edit icons should be appended
110 * @param string $params The parameters defining which table and fields to edit. Syntax is [tablename]:[fieldname],[fieldname],[fieldname],... OR [fieldname],[fieldname],[fieldname],... (basically "[tablename]:" is optional, default table is the one of the "current record" used in the function). The fieldlist is sent as "&columnsOnly=" parameter to FormEngine
111 * @param array $conf TypoScript properties for configuring the edit icons.
112 * @param string $currentRecord The "table:uid" of the record being shown. If empty string then $this->currentRecord is used. For new records (set by $conf['newRecordFromTable']) it's auto-generated to "[tablename]:NEW
113 * @param array $dataArray Alternative data array to use. Default is $this->data
114 * @param string $addUrlParamStr Additional URL parameters for the link pointing to FormEngine
115 * @return string The input content string, possibly with edit icons added (not necessarily in the end but just after the last string of normal content.
116 */
117 public function displayEditIcons($content, $params, array $conf = array(), $currentRecord = '', array $dataArray = array(), $addUrlParamStr = '') {
118 // Check incoming params:
119 list($currentRecordTable, $currentRecordUID) = explode(':', $currentRecord);
120 list($fieldList, $table) = array_reverse(GeneralUtility::trimExplode(':', $params, TRUE));
121 // Reverse the array because table is optional
122 if (!$table) {
123 $table = $currentRecordTable;
124 } elseif ($table != $currentRecordTable) {
125 // If the table is set as the first parameter, and does not match the table of the current record, then just return.
126 return $content;
127 }
128 $editUid = $dataArray['_LOCALIZED_UID'] ?: $currentRecordUID;
129 // Edit icons imply that the editing action is generally allowed, assuming page and content element permissions permit it.
130 if (!array_key_exists('allow', $conf)) {
131 $conf['allow'] = 'edit';
132 }
133 if ($GLOBALS['TSFE']->displayFieldEditIcons && $table && $this->allowedToEdit($table, $dataArray, $conf) && $fieldList && $this->allowedToEditLanguage($table, $dataArray)) {
134 $editClass = $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['typo3/classes/class.frontendedit.php']['edit'];
135 if ($editClass) {
136 $edit = GeneralUtility::getUserObj($editClass);
137 if (is_object($edit)) {
138 $content = $edit->editIcons($content, $params, $conf, $currentRecord, $dataArray, $addUrlParamStr, $table, $editUid, $fieldList);
139 }
140 }
141 }
142 return $content;
143 }
144
145 /*****************************************************
146 *
147 * Frontend Editing
148 *
149 ****************************************************/
150 /**
151 * Returns TRUE if an edit-action is sent from the Admin Panel
152 *
153 * @return bool
154 * @see index_ts.php
155 */
156 public function isEditAction() {
157 if (is_array($this->TSFE_EDIT)) {
158 if ($this->TSFE_EDIT['cancel']) {
159 unset($this->TSFE_EDIT['cmd']);
160 } else {
161 $cmd = (string)$this->TSFE_EDIT['cmd'];
162 if (($cmd != 'edit' || is_array($this->TSFE_EDIT['data']) && ($this->TSFE_EDIT['doSave'] || $this->TSFE_EDIT['update'] || $this->TSFE_EDIT['update_close'])) && $cmd != 'new') {
163 // $cmd can be a command like "hide" or "move". If $cmd is "edit" or "new" it's an indication to show the formfields. But if data is sent with update-flag then $cmd = edit is accepted because edit may be sent because of .keepGoing flag.
164 return TRUE;
165 }
166 }
167 }
168 return FALSE;
169 }
170
171 /**
172 * Returns TRUE if an edit form is shown on the page.
173 * Used from index_ts.php where a TRUE return-value will result in classes etc. being included.
174 *
175 * @return bool
176 * @see index_ts.php
177 */
178 public function isEditFormShown() {
179 if (is_array($this->TSFE_EDIT)) {
180 $cmd = (string)$this->TSFE_EDIT['cmd'];
181 if ($cmd == 'edit' || $cmd == 'new') {
182 return TRUE;
183 }
184 }
185 }
186
187 /**
188 * Management of the on-page frontend editing forms and edit panels.
189 * Basically taking in the data and commands and passes them on to the proper classes as they should be.
190 *
191 * @return void
192 * @throws UnexpectedValueException if TSFE_EDIT[cmd] is not a valid command
193 * @see index_ts.php
194 */
195 public function editAction() {
196 // Commands
197 list($table, $uid) = explode(':', $this->TSFE_EDIT['record']);
198 $uid = (int)$uid;
199 $cmd = $this->TSFE_EDIT['cmd'];
200 // Look for some TSFE_EDIT data that indicates we should save.
201 if (($this->TSFE_EDIT['doSave'] || $this->TSFE_EDIT['update'] || $this->TSFE_EDIT['update_close']) && is_array($this->TSFE_EDIT['data'])) {
202 $cmd = 'save';
203 }
204 if ($cmd == 'save' || $cmd && $table && $uid && isset($GLOBALS['TCA'][$table])) {
205 // Hook for defining custom editing actions. Naming is incorrect, but preserves compatibility.
206 if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_tsfebeuserauth.php']['extEditAction'])) {
207 $_params = array();
208 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_tsfebeuserauth.php']['extEditAction'] as $_funcRef) {
209 GeneralUtility::callUserFunction($_funcRef, $_params, $this);
210 }
211 }
212 // Perform the requested editing command.
213 $cmdAction = 'do' . ucwords($cmd);
214 if (is_callable(array($this, $cmdAction))) {
215 $this->{$cmdAction}($table, $uid);
216 } else {
217 throw new \UnexpectedValueException('The specified frontend edit command (' . $cmd . ') is not valid.', 1225818120);
218 }
219 }
220 }
221
222 /**
223 * Hides a specific record.
224 *
225 * @param string $table The table name for the record to hide.
226 * @param int $uid The UID for the record to hide.
227 * @return void
228 */
229 public function doHide($table, $uid) {
230 $hideField = $GLOBALS['TCA'][$table]['ctrl']['enablecolumns']['disabled'];
231 if ($hideField) {
232 $recData = array();
233 $recData[$table][$uid][$hideField] = 1;
234 $this->initializeTceMain();
235 $this->tce->start($recData, array());
236 $this->tce->process_datamap();
237 }
238 }
239
240 /**
241 * Unhides (shows) a specific record.
242 *
243 * @param string $table The table name for the record to unhide.
244 * @param int $uid The UID for the record to unhide.
245 * @return void
246 */
247 public function doUnhide($table, $uid) {
248 $hideField = $GLOBALS['TCA'][$table]['ctrl']['enablecolumns']['disabled'];
249 if ($hideField) {
250 $recData = array();
251 $recData[$table][$uid][$hideField] = 0;
252 $this->initializeTceMain();
253 $this->tce->start($recData, array());
254 $this->tce->process_datamap();
255 }
256 }
257
258 /**
259 * Moves a record up.
260 *
261 * @param string $table The table name for the record to move.
262 * @param int $uid The UID for the record to hide.
263 * @return void
264 */
265 public function doUp($table, $uid) {
266 $this->move($table, $uid, 'up');
267 }
268
269 /**
270 * Moves a record down.
271 *
272 * @param string $table The table name for the record to move.
273 * @param int $uid The UID for the record to move.
274 * @return void
275 */
276 public function doDown($table, $uid) {
277 $this->move($table, $uid, 'down');
278 }
279
280 /**
281 * Moves a record after a given element. Used for drag.
282 *
283 * @param string $table The table name for the record to move.
284 * @param int $uid The UID for the record to move.
285 * @return void
286 */
287 public function doMoveAfter($table, $uid) {
288 $afterUID = $GLOBALS['BE_USER']->frontendEdit->TSFE_EDIT['moveAfter'];
289 $this->move($table, $uid, '', $afterUID);
290 }
291
292 /**
293 * Moves a record
294 *
295 * @param string $table The table name for the record to move.
296 * @param int $uid The UID for the record to move.
297 * @param string $direction The direction to move, either 'up' or 'down'.
298 * @param int $afterUID The UID of record to move after. This is specified for dragging only.
299 * @return void
300 */
301 protected function move($table, $uid, $direction = '', $afterUID = 0) {
302 $cmdData = array();
303 $sortField = $GLOBALS['TCA'][$table]['ctrl']['sortby'];
304 if ($sortField) {
305 // Get self
306 $fields = array_unique(GeneralUtility::trimExplode(',', $GLOBALS['TCA'][$table]['ctrl']['copyAfterDuplFields'] . ',uid,pid,' . $sortField, TRUE));
307 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(implode(',', $fields), $table, 'uid=' . $uid);
308 if ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
309 // Record before or after
310 if ($GLOBALS['BE_USER']->adminPanel instanceof \TYPO3\CMS\Frontend\View\AdminPanelView && $GLOBALS['BE_USER']->adminPanel->extGetFeAdminValue('preview')) {
311 $ignore = array('starttime' => 1, 'endtime' => 1, 'disabled' => 1, 'fe_group' => 1);
312 }
313 $copyAfterFieldsQuery = '';
314 if ($GLOBALS['TCA'][$table]['ctrl']['copyAfterDuplFields']) {
315 $cAFields = GeneralUtility::trimExplode(',', $GLOBALS['TCA'][$table]['ctrl']['copyAfterDuplFields'], TRUE);
316 foreach ($cAFields as $fieldName) {
317 $copyAfterFieldsQuery .= ' AND ' . $fieldName . '="' . $row[$fieldName] . '"';
318 }
319 }
320 if (!empty($direction)) {
321 if ($direction == 'up') {
322 $operator = '<';
323 $order = 'DESC';
324 } else {
325 $operator = '>';
326 $order = 'ASC';
327 }
328 $sortCheck = ' AND ' . $sortField . $operator . (int)$row[$sortField];
329 }
330 $GLOBALS['TYPO3_DB']->sql_free_result($res);
331 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('uid,pid', $table, 'pid=' . (int)$row['pid'] . $sortCheck . $copyAfterFieldsQuery . $GLOBALS['TSFE']->sys_page->enableFields($table, '', $ignore), '', $sortField . ' ' . $order, '2');
332 if ($row2 = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
333 if ($afterUID) {
334 $cmdData[$table][$uid]['move'] = -$afterUID;
335 } elseif ($direction == 'down') {
336 $cmdData[$table][$uid]['move'] = -$row2['uid'];
337 } elseif ($row3 = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
338 // Must take the second record above...
339 $cmdData[$table][$uid]['move'] = -$row3['uid'];
340 } else {
341 // ... and if that does not exist, use pid
342 $cmdData[$table][$uid]['move'] = $row['pid'];
343 }
344 } elseif ($direction == 'up') {
345 $cmdData[$table][$uid]['move'] = $row['pid'];
346 }
347 $GLOBALS['TYPO3_DB']->sql_free_result($res);
348 }
349 if (!empty($cmdData)) {
350 $this->initializeTceMain();
351 $this->tce->start(array(), $cmdData);
352 $this->tce->process_cmdmap();
353 }
354 }
355 }
356
357 /**
358 * Deletes a specific record.
359 *
360 * @param string $table The table name for the record to delete.
361 * @param int $uid The UID for the record to delete.
362 * @return void
363 */
364 public function doDelete($table, $uid) {
365 $cmdData[$table][$uid]['delete'] = 1;
366 if (!empty($cmdData)) {
367 $this->initializeTceMain();
368 $this->tce->start(array(), $cmdData);
369 $this->tce->process_cmdmap();
370 }
371 }
372
373 /**
374 * Saves a record based on its data array.
375 *
376 * @param string $table The table name for the record to save.
377 * @param int $uid The UID for the record to save.
378 * @return void
379 */
380 public function doSave($table, $uid) {
381 $data = $this->TSFE_EDIT['data'];
382 if (!empty($data)) {
383 $this->initializeTceMain();
384 $this->tce->start($data, array());
385 $this->tce->process_uploads($_FILES);
386 $this->tce->process_datamap();
387 // Save the new UID back into TSFE_EDIT
388 $newUID = $this->tce->substNEWwithIDs['NEW'];
389 if ($newUID) {
390 $GLOBALS['BE_USER']->frontendEdit->TSFE_EDIT['newUID'] = $newUID;
391 }
392 }
393 }
394
395 /**
396 * Saves a record based on its data array and closes it.
397 *
398 * @param string $table The table name for the record to save.
399 * @param int $uid The UID for the record to save.
400 * @return void
401 * @note This method is only a wrapper for doSave() but is needed so
402 */
403 public function doSaveAndClose($table, $uid) {
404 $this->doSave($table, $uid);
405 }
406
407 /**
408 * Stub for closing a record. No real functionality needed since content
409 * element rendering will take care of everything.
410 *
411 * @param string $table The table name for the record to close.
412 * @param int $uid The UID for the record to close.
413 * @return void
414 */
415 public function doClose($table, $uid) {
416
417 }
418
419 /**
420 * Checks whether the user has access to edit the language for the
421 * requested record.
422 *
423 * @param string $table The name of the table.
424 * @param array $currentRecord The record.
425 * @return bool
426 */
427 protected function allowedToEditLanguage($table, array $currentRecord) {
428 // If no access right to record languages, return immediately
429 if ($table === 'pages') {
430 $lang = $GLOBALS['TSFE']->sys_language_uid;
431 } elseif ($table === 'tt_content') {
432 $lang = $GLOBALS['TSFE']->sys_language_content;
433 } elseif ($GLOBALS['TCA'][$table]['ctrl']['languageField']) {
434 $lang = $currentRecord[$GLOBALS['TCA'][$table]['ctrl']['languageField']];
435 } else {
436 $lang = -1;
437 }
438 if ($GLOBALS['BE_USER']->checkLanguageAccess($lang)) {
439 $languageAccess = TRUE;
440 } else {
441 $languageAccess = FALSE;
442 }
443 return $languageAccess;
444 }
445
446 /**
447 * Checks whether the user is allowed to edit the requested table.
448 *
449 * @param string $table The name of the table.
450 * @param array $dataArray The data array.
451 * @param array $conf The configuration array for the edit panel.
452 * @param bool $checkEditAccessInternals Boolean indicating whether recordEditAccessInternals should not be checked. Defaults
453 * @return bool
454 */
455 protected function allowedToEdit($table, array $dataArray, array $conf, $checkEditAccessInternals = TRUE) {
456 // Unless permissions specifically allow it, editing is not allowed.
457 $mayEdit = FALSE;
458 if ($checkEditAccessInternals) {
459 $editAccessInternals = $GLOBALS['BE_USER']->recordEditAccessInternals($table, $dataArray, FALSE, FALSE);
460 } else {
461 $editAccessInternals = TRUE;
462 }
463 if ($editAccessInternals) {
464 if ($table == 'pages') {
465 // 2 = permission to edit the page
466 if ($GLOBALS['BE_USER']->isAdmin() || $GLOBALS['BE_USER']->doesUserHaveAccess($dataArray, 2)) {
467 $mayEdit = TRUE;
468 }
469 } else {
470 // 16 = permission to edit content on the page
471 if ($GLOBALS['BE_USER']->isAdmin() || $GLOBALS['BE_USER']->doesUserHaveAccess(\TYPO3\CMS\Backend\Utility\BackendUtility::getRecord('pages', $dataArray['pid']), 16)) {
472 $mayEdit = TRUE;
473 }
474 }
475 if (!$conf['onlyCurrentPid'] || $dataArray['pid'] == $GLOBALS['TSFE']->id) {
476 // Permissions:
477 $types = GeneralUtility::trimExplode(',', GeneralUtility::strtolower($conf['allow']), TRUE);
478 $allow = array_flip($types);
479 $perms = $GLOBALS['BE_USER']->calcPerms($GLOBALS['TSFE']->page);
480 if ($table == 'pages') {
481 $allow = $this->getAllowedEditActions($table, $conf, $dataArray['pid'], $allow);
482 // Can only display editbox if there are options in the menu
483 if (!empty($allow)) {
484 $mayEdit = TRUE;
485 }
486 } else {
487 $mayEdit = !empty($allow) && $perms & Permission::CONTENT_EDIT;
488 }
489 }
490 }
491 return $mayEdit;
492 }
493
494 /**
495 * Takes an array of generally allowed actions and filters that list based on page and content permissions.
496 *
497 * @param string $table The name of the table.
498 * @param array $conf The configuration array.
499 * @param int $pid The PID where editing will occur.
500 * @param string $allow Comma-separated list of actions that are allowed in general.
501 * @return array
502 */
503 protected function getAllowedEditActions($table, array $conf, $pid, $allow = '') {
504 if (!$allow) {
505 $types = GeneralUtility::trimExplode(',', GeneralUtility::strtolower($conf['allow']), TRUE);
506 $allow = array_flip($types);
507 }
508 if (!$conf['onlyCurrentPid'] || $pid == $GLOBALS['TSFE']->id) {
509 // Permissions
510 $types = GeneralUtility::trimExplode(',', GeneralUtility::strtolower($conf['allow']), TRUE);
511 $allow = array_flip($types);
512 $perms = $GLOBALS['BE_USER']->calcPerms($GLOBALS['TSFE']->page);
513 if ($table == 'pages') {
514 // Rootpage
515 if (count($GLOBALS['TSFE']->config['rootLine']) == 1) {
516 unset($allow['move']);
517 unset($allow['hide']);
518 unset($allow['delete']);
519 }
520 if (!($perms & Permission::PAGE_EDIT)) {
521 unset($allow['edit']);
522 unset($allow['move']);
523 unset($allow['hide']);
524 }
525 if (!($perms & Permission::PAGE_DELETE)) {
526 unset($allow['delete']);
527 }
528 if (!($perms & Permission::PAGE_NEW)) {
529 unset($allow['new']);
530 }
531 }
532 }
533 return $allow;
534 }
535
536 /**
537 * Adds any extra Javascript includes needed for Front-end editing
538 *
539 * @return string
540 */
541 public function getJavascriptIncludes() {
542 // No extra JS includes needed
543 return '';
544 }
545
546 /**
547 * Gets the hidden fields (array key=field name, value=field value) to be used in the edit panel for a particular content element.
548 * In the normal case, no hidden fields are needed but special controllers such as TemplaVoila need to track flexform pointers, etc.
549 *
550 * @param array $dataArray The data array for a specific content element.
551 * @return array
552 */
553 public function getHiddenFields(array $dataArray) {
554 // No special hidden fields needed.
555 return array();
556 }
557
558 /**
559 * Initializes \TYPO3\CMS\Core\DataHandling\DataHandler since it is used on modification actions.
560 *
561 * @return void
562 */
563 protected function initializeTceMain() {
564 if (!isset($this->tce)) {
565 $this->tce = GeneralUtility::makeInstance(\TYPO3\CMS\Core\DataHandling\DataHandler::class);
566 $this->tce->stripslashes_values = 0;
567 }
568 }
569
570 }