[SECURITY] Respect permissions of storages in a file collection
[Packages/TYPO3.CMS.git] / typo3 / sysext / backend / Classes / Form / FormDataProvider / TcaSelectItems.php
1 <?php
2 namespace TYPO3\CMS\Backend\Form\FormDataProvider;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use TYPO3\CMS\Backend\Form\FormDataProviderInterface;
18
19 /**
20 * Resolve select items, set processed item list in processedTca, sanitize and resolve database field
21 */
22 class TcaSelectItems extends AbstractItemProvider implements FormDataProviderInterface
23 {
24 /**
25 * Resolve select items
26 *
27 * @param array $result
28 * @return array
29 * @throws \UnexpectedValueException
30 */
31 public function addData(array $result)
32 {
33 $table = $result['tableName'];
34
35 foreach ($result['processedTca']['columns'] as $fieldName => $fieldConfig) {
36 if (empty($fieldConfig['config']['type']) || $fieldConfig['config']['type'] !== 'select') {
37 continue;
38 }
39
40 // Make sure we are only processing supported renderTypes
41 if (!$this->isTargetRenderType($fieldConfig)) {
42 continue;
43 }
44
45 $fieldConfig['config']['items'] = $this->sanitizeItemArray($fieldConfig['config']['items'], $table, $fieldName);
46 $fieldConfig['config']['maxitems'] = $this->sanitizeMaxItems($fieldConfig['config']['maxitems']);
47
48 $fieldConfig['config']['items'] = $this->addItemsFromSpecial($result, $fieldName, $fieldConfig['config']['items']);
49 $fieldConfig['config']['items'] = $this->addItemsFromFolder($result, $fieldName, $fieldConfig['config']['items']);
50 $staticItems = $fieldConfig['config']['items'];
51
52 $fieldConfig['config']['items'] = $this->addItemsFromForeignTable($result, $fieldName, $fieldConfig['config']['items']);
53 // removing items before $dynamicItems and $removedItems have been built results in having them
54 // not populated to the dynamic database row and displayed as "invalid value" in the forms view
55 $fieldConfig['config']['items'] = $this->removeItemsByUserStorageRestriction($result, $fieldName, $fieldConfig['config']['items']);
56
57 $dynamicItems = array_diff_key($fieldConfig['config']['items'], $staticItems);
58 $removedItems = $fieldConfig['config']['items'];
59
60 $fieldConfig['config']['items'] = $this->removeItemsByKeepItemsPageTsConfig($result, $fieldName, $fieldConfig['config']['items']);
61 $fieldConfig['config']['items'] = $this->addItemsFromPageTsConfig($result, $fieldName, $fieldConfig['config']['items']);
62 $fieldConfig['config']['items'] = $this->removeItemsByRemoveItemsPageTsConfig($result, $fieldName, $fieldConfig['config']['items']);
63
64 $fieldConfig['config']['items'] = $this->removeItemsByUserLanguageFieldRestriction($result, $fieldName, $fieldConfig['config']['items']);
65 $fieldConfig['config']['items'] = $this->removeItemsByUserAuthMode($result, $fieldName, $fieldConfig['config']['items']);
66 $fieldConfig['config']['items'] = $this->removeItemsByDoktypeUserRestriction($result, $fieldName, $fieldConfig['config']['items']);
67
68 $removedItems = array_diff_key($removedItems, $fieldConfig['config']['items']);
69
70 // Resolve "itemsProcFunc"
71 if (!empty($fieldConfig['config']['itemsProcFunc'])) {
72 $fieldConfig['config']['items'] = $this->resolveItemProcessorFunction($result, $fieldName, $fieldConfig['config']['items']);
73 // itemsProcFunc must not be used anymore
74 unset($fieldConfig['config']['itemsProcFunc']);
75 }
76
77 // needed to determine the items for invalid values
78 $currentDatabaseValuesArray = $this->processDatabaseFieldValue($result['databaseRow'], $fieldName);
79 $result['databaseRow'][$fieldName] = $currentDatabaseValuesArray;
80
81 $staticValues = $this->getStaticValues($fieldConfig['config']['items'], $dynamicItems);
82 $result['databaseRow'][$fieldName] = $this->processSelectFieldValue($result, $fieldName, $staticValues);
83
84 $fieldConfig['config']['items'] = $this->addInvalidItemsFromDatabase(
85 $result,
86 $table,
87 $fieldName,
88 $fieldConfig,
89 $currentDatabaseValuesArray,
90 $removedItems
91 );
92
93 // Translate labels
94 $fieldConfig['config']['items'] = $this->translateLabels($result, $fieldConfig['config']['items'], $table, $fieldName);
95
96 // Keys may contain table names, so a numeric array is created
97 $fieldConfig['config']['items'] = array_values($fieldConfig['config']['items']);
98
99 $result['processedTca']['columns'][$fieldName] = $fieldConfig;
100 }
101
102 return $result;
103 }
104
105 /**
106 * Add values that are currently listed in the database columns but not in the selectable items list
107 * back to the list.
108 *
109 * @param array $result The current result array.
110 * @param string $table The current table name
111 * @param string $fieldName The current field name
112 * @param array $fieldConf The configuration of the current field.
113 * @param array $databaseValues The item values from the database, can contain invalid items!
114 * @param array $removedItems Items removed by access checks and restrictions, must not be added as invalid values
115 * @return array
116 */
117 public function addInvalidItemsFromDatabase(array $result, $table, $fieldName, array $fieldConf, array $databaseValues, array $removedItems)
118 {
119 // Early return if there are no items or invalid values should not be displayed
120 if (empty($fieldConf['config']['items'])
121 || $fieldConf['config']['renderType'] !== 'selectSingle'
122 || $result['pageTsConfig']['TCEFORM.'][$table . '.'][$fieldName . '.']['disableNoMatchingValueElement']
123 || $fieldConf['config']['disableNoMatchingValueElement']
124 ) {
125 return $fieldConf['config']['items'];
126 }
127
128 $languageService = $this->getLanguageService();
129 $noMatchingLabel = isset($result['pageTsConfig']['TCEFORM.'][$table . '.'][$fieldName . '.']['noMatchingValue_label'])
130 ? $languageService->sL(trim($result['pageTsConfig']['TCEFORM.'][$table . '.'][$fieldName . '.']['noMatchingValue_label']))
131 : '[ ' . $languageService->sL('LLL:EXT:lang/locallang_core.xlf:labels.noMatchingValue') . ' ]';
132
133 $unmatchedValues = array_diff(
134 array_values($databaseValues),
135 array_column($fieldConf['config']['items'], 1),
136 array_column($removedItems, 1)
137 );
138
139 foreach ($unmatchedValues as $unmatchedValue) {
140 $invalidItem = [
141 @sprintf($noMatchingLabel, $unmatchedValue),
142 $unmatchedValue
143 ];
144 array_unshift($fieldConf['config']['items'], $invalidItem);
145 }
146
147 return $fieldConf['config']['items'];
148 }
149
150 /**
151 * Determines whether the current field is a valid target for this DataProvider
152 *
153 * @param array $fieldConfig
154 * @return bool
155 */
156 protected function isTargetRenderType(array $fieldConfig)
157 {
158 return $fieldConfig['config']['renderType'] !== 'selectTree';
159 }
160 }