[CLEANUP] The correct case must be used for standard PHP types in phpdoc
[Packages/TYPO3.CMS.git] / typo3 / sysext / backend / Classes / Security / CategoryPermissionsAspect.php
1 <?php
2 namespace TYPO3\CMS\Backend\Security;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use TYPO3\CMS\Backend\Tree\TreeNode;
18 use TYPO3\CMS\Backend\Tree\TreeNodeCollection;
19 use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
20 use TYPO3\CMS\Core\Database\ConnectionPool;
21 use TYPO3\CMS\Core\Tree\TableConfiguration\DatabaseTreeDataProvider;
22 use TYPO3\CMS\Core\Utility\GeneralUtility;
23
24 /**
25 * We do not have AOP in TYPO3 for now, thus the aspect which
26 * deals with tree data security is a slot which reacts on a signal
27 * on data data object initialization.
28 *
29 * The aspect define category mount points according to BE User permissions.
30 */
31 class CategoryPermissionsAspect
32 {
33 /**
34 * @var string
35 */
36 protected $categoryTableName = 'sys_category';
37
38 /**
39 * @var BackendUserAuthentication
40 */
41 protected $backendUserAuthentication;
42
43 /**
44 * @param BackendUserAuthentication|null $backendUserAuthentication
45 */
46 public function __construct($backendUserAuthentication = null)
47 {
48 $this->backendUserAuthentication = $backendUserAuthentication ?: $GLOBALS['BE_USER'];
49 }
50
51 /**
52 * The slot for the signal in DatabaseTreeDataProvider, which only affects the TYPO3 Backend
53 *
54 * @param DatabaseTreeDataProvider $dataProvider
55 * @param TreeNode $treeData
56 */
57 public function addUserPermissionsToCategoryTreeData(DatabaseTreeDataProvider $dataProvider, $treeData)
58 {
59 // Only evaluate this in the backend
60 if (!(TYPO3_REQUESTTYPE & TYPO3_REQUESTTYPE_BE)) {
61 return;
62 }
63
64 if (!$this->backendUserAuthentication->isAdmin() && $dataProvider->getTableName() === $this->categoryTableName) {
65
66 // Get User permissions related to category
67 $categoryMountPoints = $this->backendUserAuthentication->getCategoryMountPoints();
68
69 // Backup child nodes to be processed.
70 $treeNodeCollection = $treeData->getChildNodes();
71
72 if (!empty($categoryMountPoints) && !empty($treeNodeCollection)) {
73
74 // Check the rootline against categoryMountPoints when tree was filtered
75 if ($dataProvider->getRootUid() !== null) {
76 $uidsInRootline = $this->findUidsInRootline($dataProvider->getRootUid());
77 if (!empty(array_intersect($categoryMountPoints, $uidsInRootline))) {
78 // One of the parents was found in categoryMountPoints so all children are secure
79 return;
80 }
81 }
82
83 // First, remove all child nodes which must be analysed to be considered as "secure".
84 // The nodes were backed up in variable $treeNodeCollection beforehand.
85 $treeData->removeChildNodes();
86
87 // Create an empty tree node collection to receive the secured nodes.
88 /** @var TreeNodeCollection $securedTreeNodeCollection */
89 $securedTreeNodeCollection = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance(\TYPO3\CMS\Backend\Tree\TreeNodeCollection::class);
90
91 foreach ($categoryMountPoints as $categoryMountPoint) {
92 $treeNode = $this->lookUpCategoryMountPointInTreeNodes((int)$categoryMountPoint, $treeNodeCollection);
93 if (!is_null($treeNode)) {
94 $securedTreeNodeCollection->append($treeNode);
95 }
96 }
97
98 // Reset child nodes.
99 $treeData->setChildNodes($securedTreeNodeCollection);
100 }
101 }
102 }
103
104 /**
105 * Recursively look up for a category mount point within a tree.
106 *
107 * @param int $categoryMountPoint
108 * @param TreeNodeCollection $treeNodeCollection
109 * @return null|TreeNode
110 */
111 protected function lookUpCategoryMountPointInTreeNodes($categoryMountPoint, TreeNodeCollection $treeNodeCollection)
112 {
113 $result = null;
114
115 // If any User permission, recursively traverse the tree and set tree part as mount point
116 foreach ($treeNodeCollection as $treeNode) {
117
118 /** @var \TYPO3\CMS\Backend\Tree\TreeNode $treeNode */
119 if ((int)$treeNode->getId() === $categoryMountPoint) {
120 $result = $treeNode;
121 break;
122 }
123
124 if ($treeNode->hasChildNodes()) {
125
126 /** @var TreeNode $node */
127 $node = $this->lookUpCategoryMountPointInTreeNodes($categoryMountPoint, $treeNode->getChildNodes());
128 if (! is_null($node)) {
129 $result = $node;
130 break;
131 }
132 }
133 }
134 return $result;
135 }
136
137 /**
138 * Find parent uids in rootline
139 *
140 * @param int $uid
141 * @return array
142 */
143 protected function findUidsInRootline($uid)
144 {
145 /** @var \TYPO3\CMS\Core\Database\Query\QueryBuilder $queryBuilder */
146 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($this->categoryTableName);
147 $row = $queryBuilder
148 ->select('parent')
149 ->from($this->categoryTableName)
150 ->where(
151 $queryBuilder->expr()->eq('uid', $queryBuilder->createNamedParameter($uid, \PDO::PARAM_INT))
152 )
153 ->execute()
154 ->fetch();
155
156 $parentUids = [];
157 if ($row['parent'] > 0) {
158 $parentUids = $this->findUidsInRootline($row['parent']);
159 $parentUids[] = $row['parent'];
160 }
161 return $parentUids;
162 }
163 }