[TASK] Remove superfluous parenthesis in sysexts
[Packages/TYPO3.CMS.git] / typo3 / sysext / perm / Classes / Controller / PermissionAjaxController.php
1 <?php
2 namespace TYPO3\CMS\Perm\Controller;
3
4 /**
5 * This class extends the permissions module in the TYPO3 Backend to provide
6 * convenient methods of editing of page permissions (including page ownership
7 * (user and group)) via new TYPO3AJAX facility
8 *
9 * @author Andreas Kundoch <typo3@mehrwert.de>
10 * @package TYPO3
11 * @subpackage core
12 * @license GPL
13 * @since TYPO3_4-2
14 */
15 class PermissionAjaxController {
16
17 // The local configuration array
18 protected $conf = array();
19
20 // TYPO3 Back Path
21 protected $backPath = '../../../';
22
23 /********************************************
24 *
25 * Init method for this class
26 *
27 ********************************************/
28 /**
29 * The constructor of this class
30 */
31 public function __construct() {
32 // Configuration, variable assignment
33 $this->conf['page'] = \TYPO3\CMS\Core\Utility\GeneralUtility::_POST('page');
34 $this->conf['who'] = \TYPO3\CMS\Core\Utility\GeneralUtility::_POST('who');
35 $this->conf['mode'] = \TYPO3\CMS\Core\Utility\GeneralUtility::_POST('mode');
36 $this->conf['bits'] = intval(\TYPO3\CMS\Core\Utility\GeneralUtility::_POST('bits'));
37 $this->conf['permissions'] = intval(\TYPO3\CMS\Core\Utility\GeneralUtility::_POST('permissions'));
38 $this->conf['action'] = \TYPO3\CMS\Core\Utility\GeneralUtility::_POST('action');
39 $this->conf['ownerUid'] = intval(\TYPO3\CMS\Core\Utility\GeneralUtility::_POST('ownerUid'));
40 $this->conf['username'] = \TYPO3\CMS\Core\Utility\GeneralUtility::_POST('username');
41 $this->conf['groupUid'] = intval(\TYPO3\CMS\Core\Utility\GeneralUtility::_POST('groupUid'));
42 $this->conf['groupname'] = \TYPO3\CMS\Core\Utility\GeneralUtility::_POST('groupname');
43 $this->conf['editLockState'] = intval(\TYPO3\CMS\Core\Utility\GeneralUtility::_POST('editLockState'));
44 // User: Replace some parts of the posted values
45 $this->conf['new_owner_uid'] = intval(\TYPO3\CMS\Core\Utility\GeneralUtility::_POST('newOwnerUid'));
46 $temp_owner_data = \TYPO3\CMS\Backend\Utility\BackendUtility::getUserNames('username, uid', ' AND uid = ' . $this->conf['new_owner_uid']);
47 $this->conf['new_owner_username'] = htmlspecialchars($temp_owner_data[$this->conf['new_owner_uid']]['username']);
48 // Group: Replace some parts of the posted values
49 $this->conf['new_group_uid'] = intval(\TYPO3\CMS\Core\Utility\GeneralUtility::_POST('newGroupUid'));
50 $temp_group_data = \TYPO3\CMS\Backend\Utility\BackendUtility::getGroupNames('title,uid', ' AND uid = ' . $this->conf['new_group_uid']);
51 $this->conf['new_group_username'] = htmlspecialchars($temp_group_data[$this->conf['new_group_uid']]['title']);
52 }
53
54 /********************************************
55 *
56 * Main dispatcher method
57 *
58 ********************************************/
59 /**
60 * The main dispatcher function. Collect data and prepare HTML output.
61 *
62 * @param array $params array of parameters from the AJAX interface, currently unused
63 * @param \TYPO3\CMS\Core\Http\AjaxRequestHandler $ajaxObj object of type TYPO3AJAX
64 * @return void
65 */
66 public function dispatch($params = array(), \TYPO3\CMS\Core\Http\AjaxRequestHandler &$ajaxObj = NULL) {
67 $content = '';
68 // Basic test for required value
69 if ($this->conf['page'] > 0) {
70 // Init TCE for execution of update
71 /** @var $tce \TYPO3\CMS\Core\DataHandler\DataHandler */
72 $tce = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\DataHandler\\DataHandler');
73 $tce->stripslashes_values = 1;
74 // Determine the scripts to execute
75 switch ($this->conf['action']) {
76 case 'show_change_owner_selector':
77 $content = $this->renderUserSelector($this->conf['page'], $this->conf['ownerUid'], $this->conf['username']);
78 break;
79 case 'change_owner':
80 if (is_int($this->conf['new_owner_uid'])) {
81 // Prepare data to change
82 $data = array();
83 $data['pages'][$this->conf['page']]['perms_userid'] = $this->conf['new_owner_uid'];
84 // Execute TCE Update
85 $tce->start($data, array());
86 $tce->process_datamap();
87 $content = self::renderOwnername($this->conf['page'], $this->conf['new_owner_uid'], $this->conf['new_owner_username']);
88 } else {
89 $ajaxObj->setError('An error occured: No page owner uid specified.');
90 }
91 break;
92 case 'show_change_group_selector':
93 $content = $this->renderGroupSelector($this->conf['page'], $this->conf['groupUid'], $this->conf['groupname']);
94 break;
95 case 'change_group':
96 if (is_int($this->conf['new_group_uid'])) {
97 // Prepare data to change
98 $data = array();
99 $data['pages'][$this->conf['page']]['perms_groupid'] = $this->conf['new_group_uid'];
100 // Execute TCE Update
101 $tce->start($data, array());
102 $tce->process_datamap();
103 $content = self::renderGroupname($this->conf['page'], $this->conf['new_group_uid'], $this->conf['new_group_username']);
104 } else {
105 $ajaxObj->setError('An error occured: No page group uid specified.');
106 }
107 break;
108 case 'toggle_edit_lock':
109 // Prepare data to change
110 $data = array();
111 $data['pages'][$this->conf['page']]['editlock'] = $this->conf['editLockState'] === 1 ? 0 : 1;
112 // Execute TCE Update
113 $tce->start($data, array());
114 $tce->process_datamap();
115 $content = $this->renderToggleEditLock($this->conf['page'], $data['pages'][$this->conf['page']]['editlock']);
116 break;
117 default:
118 if ($this->conf['mode'] == 'delete') {
119 $this->conf['permissions'] = intval($this->conf['permissions'] - $this->conf['bits']);
120 } else {
121 $this->conf['permissions'] = intval($this->conf['permissions'] + $this->conf['bits']);
122 }
123 // Prepare data to change
124 $data = array();
125 $data['pages'][$this->conf['page']]['perms_' . $this->conf['who']] = $this->conf['permissions'];
126 // Execute TCE Update
127 $tce->start($data, array());
128 $tce->process_datamap();
129 $content = self::renderPermissions($this->conf['permissions'], $this->conf['page'], $this->conf['who']);
130 }
131 } else {
132 $ajaxObj->setError('This script cannot be called directly.');
133 }
134 $ajaxObj->addContent($this->conf['page'] . '_' . $this->conf['who'], $content);
135 }
136
137 /********************************************
138 *
139 * Helpers for this script
140 *
141 ********************************************/
142 /**
143 * Generate the user selector element
144 *
145 * @param integer $page The page id to change the user for
146 * @param integer $ownerUid The page owner uid
147 * @param string $username The username to display
148 * @return string The html select element
149 */
150 protected function renderUserSelector($page, $ownerUid, $username = '') {
151 // Get usernames
152 $beUsers = \TYPO3\CMS\Backend\Utility\BackendUtility::getUserNames();
153 // Init groupArray
154 $groups = array();
155 if (!$GLOBALS['BE_USER']->isAdmin()) {
156 $beUsers = \TYPO3\CMS\Backend\Utility\BackendUtility::blindUserNames($beUsers, $groups, 1);
157 }
158 // Owner selector:
159 $options = '';
160 // Loop through the users
161 foreach ($beUsers as $uid => $row) {
162 $selected = $uid == $ownerUid ? ' selected="selected"' : '';
163 $options .= '<option value="' . $uid . '"' . $selected . '>' . htmlspecialchars($row['username']) . '</option>';
164 }
165 $elementId = 'o_' . $page;
166 $options = '<option value="0"></option>' . $options;
167 $selector = '<select name="new_page_owner" id="new_page_owner">' . $options . '</select>';
168 $saveButton = '<a onclick="WebPermissions.changeOwner(' . $page . ', ' . $ownerUid . ', \'' . $elementId . '\');" title="Change owner">' . \TYPO3\CMS\Backend\Utility\IconUtility::getSpriteIcon('actions-document-save') . '</a>';
169 $cancelButton = '<a onclick="WebPermissions.restoreOwner(' . $page . ', ' . $ownerUid . ', \'' . ($username == '' ? '<span class=not_set>[not set]</span>' : htmlspecialchars($username)) . '\', \'' . $elementId . '\');" title="Cancel">' . \TYPO3\CMS\Backend\Utility\IconUtility::getSpriteIcon('actions-document-close') . '</a>';
170 $ret = $selector . $saveButton . $cancelButton;
171 return $ret;
172 }
173
174 /**
175 * Generate the group selector element
176 *
177 * @param integer $page The page id to change the user for
178 * @param integer $groupUid The page group uid
179 * @param string $username The username to display
180 * @return string The html select element
181 */
182 protected function renderGroupSelector($page, $groupUid, $groupname = '') {
183 // Get usernames
184 $beGroups = \TYPO3\CMS\Backend\Utility\BackendUtility::getListGroupNames('title,uid');
185 $beGroupKeys = array_keys($beGroups);
186 $beGroupsO = ($beGroups = \TYPO3\CMS\Backend\Utility\BackendUtility::getGroupNames());
187 if (!$GLOBALS['BE_USER']->isAdmin()) {
188 $beGroups = \TYPO3\CMS\Backend\Utility\BackendUtility::blindGroupNames($beGroupsO, $beGroupKeys, 1);
189 }
190 // Group selector:
191 $options = '';
192 // flag: is set if the page-groupid equals one from the group-list
193 $userset = 0;
194 // Loop through the groups
195 foreach ($beGroups as $uid => $row) {
196 if ($uid == $groupUid) {
197 $userset = 1;
198 $selected = ' selected="selected"';
199 } else {
200 $selected = '';
201 }
202 $options .= '<option value="' . $uid . '"' . $selected . '>' . htmlspecialchars($row['title']) . '</option>';
203 }
204 // If the group was not set AND there is a group for the page
205 if (!$userset && $groupUid) {
206 $options = '<option value="' . $groupUid . '" selected="selected">' . htmlspecialchars($beGroupsO[$groupUid]['title']) . '</option>' . $options;
207 }
208 $elementId = 'g_' . $page;
209 $options = '<option value="0"></option>' . $options;
210 $selector = '<select name="new_page_group" id="new_page_group">' . $options . '</select>';
211 $saveButton = '<a onclick="WebPermissions.changeGroup(' . $page . ', ' . $groupUid . ', \'' . $elementId . '\');" title="Change group">' . \TYPO3\CMS\Backend\Utility\IconUtility::getSpriteIcon('actions-document-save') . '</a>';
212 $cancelButton = '<a onclick="WebPermissions.restoreGroup(' . $page . ', ' . $groupUid . ', \'' . ($groupname == '' ? '<span class=not_set>[not set]</span>' : htmlspecialchars($groupname)) . '\', \'' . $elementId . '\');" title="Cancel">' . \TYPO3\CMS\Backend\Utility\IconUtility::getSpriteIcon('actions-document-close') . '</a>';
213 $ret = $selector . $saveButton . $cancelButton;
214 return $ret;
215 }
216
217 /**
218 * Print the string with the new owner of a page record
219 *
220 * @param integer $page The TYPO3 page id
221 * @param integer $ownerUid The new page user uid
222 * @param string $username The TYPO3 BE username (used to display in the element)
223 * @param boolean $validUser Must be set to FALSE, if the user has no name or is deleted
224 * @return string The new group wrapped in HTML
225 */
226 static public function renderOwnername($page, $ownerUid, $username, $validUser = TRUE) {
227 $elementId = 'o_' . $page;
228 $ret = '<span id="' . $elementId . '"><a class="ug_selector" onclick="WebPermissions.showChangeOwnerSelector(' . $page . ', ' . $ownerUid . ', \'' . $elementId . '\', \'' . htmlspecialchars($username) . '\');">' . ($validUser ? ($username == '' ? '<span class=not_set>[' . $GLOBALS['LANG']->getLL('notSet') . ']</span>' : htmlspecialchars(\TYPO3\CMS\Core\Utility\GeneralUtility::fixed_lgd_cs($username, 20))) : '<span class=not_set title="' . htmlspecialchars(\TYPO3\CMS\Core\Utility\GeneralUtility::fixed_lgd_cs($username, 20)) . '">[' . $GLOBALS['LANG']->getLL('deleted') . ']</span>') . '</a></span>';
229 return $ret;
230 }
231
232 /**
233 * Print the string with the new group of a page record
234 *
235 * @param integer $page The TYPO3 page id
236 * @param integer $groupUid The new page group uid
237 * @param string $groupname The TYPO3 BE groupname (used to display in the element)
238 * @param boolean $validGroup Must be set to FALSE, if the group has no name or is deleted
239 * @return string The new group wrapped in HTML
240 */
241 static public function renderGroupname($page, $groupUid, $groupname, $validGroup = TRUE) {
242 $elementId = 'g_' . $page;
243 $ret = '<span id="' . $elementId . '"><a class="ug_selector" onclick="WebPermissions.showChangeGroupSelector(' . $page . ', ' . $groupUid . ', \'' . $elementId . '\', \'' . htmlspecialchars($groupname) . '\');">' . ($validGroup ? ($groupname == '' ? '<span class=not_set>[' . $GLOBALS['LANG']->getLL('notSet') . ']</span>' : htmlspecialchars(\TYPO3\CMS\Core\Utility\GeneralUtility::fixed_lgd_cs($groupname, 20))) : '<span class=not_set title="' . htmlspecialchars(\TYPO3\CMS\Core\Utility\GeneralUtility::fixed_lgd_cs($groupname, 20)) . '">[' . $GLOBALS['LANG']->getLL('deleted') . ']</span>') . '</a></span>';
244 return $ret;
245 }
246
247 /**
248 * Print the string with the new edit lock state of a page record
249 *
250 * @param integer $page The TYPO3 page id
251 * @param string $editlockstate The state of the TYPO3 page (locked, unlocked)
252 * @return string The new edit lock string wrapped in HTML
253 */
254 protected function renderToggleEditLock($page, $editLockState) {
255 if ($editLockState === 1) {
256 $ret = '<a class="editlock" onclick="WebPermissions.toggleEditLock(' . $page . ', 1);" title="The page and all content is locked for editing by all non-Admin users.">' . \TYPO3\CMS\Backend\Utility\IconUtility::getSpriteIcon('status-warning-lock') . '</a>';
257 } else {
258 $ret = '<a class="editlock" onclick="WebPermissions.toggleEditLock(' . $page . ', 0);" title="Enable the &raquo;Admin-only&laquo; edit lock for this page">[+]</a>';
259 }
260 return $ret;
261 }
262
263 /**
264 * Print a set of permissions. Also used in index.php
265 *
266 * @param integer $int Permission integer (bits)
267 * @param integer $page The TYPO3 page id
268 * @param string $who The scope (user, group or everybody)
269 * @return string HTML marked up x/* indications.
270 */
271 static public function renderPermissions($int, $pageId = 0, $who = 'user') {
272 $str = '';
273 $permissions = array(1, 16, 2, 4, 8);
274 foreach ($permissions as $permission) {
275 if ($int & $permission) {
276 $str .= \TYPO3\CMS\Backend\Utility\IconUtility::getSpriteIcon('status-status-permission-granted', array(
277 'tag' => 'a',
278 'title' => $GLOBALS['LANG']->getLL($permission, TRUE),
279 'onclick' => 'WebPermissions.setPermissions(' . $pageId . ', ' . $permission . ', \'delete\', \'' . $who . '\', ' . $int . ');',
280 'style' => 'cursor:pointer'
281 ));
282 } else {
283 $str .= \TYPO3\CMS\Backend\Utility\IconUtility::getSpriteIcon('status-status-permission-denied', array(
284 'tag' => 'a',
285 'title' => $GLOBALS['LANG']->getLL($permission, TRUE),
286 'onclick' => 'WebPermissions.setPermissions(' . $pageId . ', ' . $permission . ', \'add\', \'' . $who . '\', ' . $int . ');',
287 'style' => 'cursor:pointer'
288 ));
289 }
290 }
291 return '<span id="' . $pageId . '_' . $who . '">' . $str . '</span>';
292 }
293
294 }
295
296
297 ?>