[CLEANUP] Deprecate DataHandler property stripslashes_values
[Packages/TYPO3.CMS.git] / typo3 / sysext / beuser / Classes / Controller / PermissionAjaxController.php
1 <?php
2 namespace TYPO3\CMS\Beuser\Controller;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use TYPO3\CMS\Backend\Utility\BackendUtility;
18 use TYPO3\CMS\Backend\Utility\IconUtility;
19 use TYPO3\CMS\Core\DataHandling\DataHandler;
20 use TYPO3\CMS\Core\Http\AjaxRequestHandler;
21 use TYPO3\CMS\Core\Utility\GeneralUtility;
22 use TYPO3\CMS\Core\Utility\ExtensionManagementUtility;
23 use TYPO3\CMS\Fluid\View\StandaloneView;
24
25 /**
26 * This class extends the permissions module in the TYPO3 Backend to provide
27 * convenient methods of editing of page permissions (including page ownership
28 * (user and group)) via new AjaxRequestHandler facility
29 */
30 class PermissionAjaxController {
31
32 /**
33 * The local configuration array
34 *
35 * @var array
36 */
37 protected $conf = array();
38
39 /**
40 * The constructor of this class
41 */
42 public function __construct() {
43 $this->getLanguageService()->includeLLFile('EXT:lang/locallang_mod_web_perm.xlf');
44 // Configuration, variable assignment
45 $this->conf['page'] = GeneralUtility::_POST('page');
46 $this->conf['who'] = GeneralUtility::_POST('who');
47 $this->conf['mode'] = GeneralUtility::_POST('mode');
48 $this->conf['bits'] = (int)GeneralUtility::_POST('bits');
49 $this->conf['permissions'] = (int)GeneralUtility::_POST('permissions');
50 $this->conf['action'] = GeneralUtility::_POST('action');
51 $this->conf['ownerUid'] = (int)GeneralUtility::_POST('ownerUid');
52 $this->conf['username'] = GeneralUtility::_POST('username');
53 $this->conf['groupUid'] = (int)GeneralUtility::_POST('groupUid');
54 $this->conf['groupname'] = GeneralUtility::_POST('groupname');
55 $this->conf['editLockState'] = (int)GeneralUtility::_POST('editLockState');
56 $this->conf['new_owner_uid'] = (int)GeneralUtility::_POST('newOwnerUid');
57 $this->conf['new_group_uid'] = (int)GeneralUtility::_POST('newGroupUid');
58 }
59
60 /**
61 * The main dispatcher function. Collect data and prepare HTML output.
62 *
63 * @param array $params array of parameters from the AJAX interface, currently unused
64 * @param AjaxRequestHandler $ajaxObj object of type AjaxRequestHandler
65 * @return void
66 */
67 public function dispatch($params = array(), AjaxRequestHandler $ajaxObj = NULL) {
68 $extPath = ExtensionManagementUtility::extPath('beuser');
69
70 $view = GeneralUtility::makeInstance(StandaloneView::class);
71 $view->setPartialRootPaths(array('default' => ExtensionManagementUtility::extPath('beuser') . 'Resources/Private/Partials'));
72 $view->assign('pageId', $this->conf['page']);
73
74 $content = '';
75 // Basic test for required value
76 if ($this->conf['page'] > 0) {
77 // Init TCE for execution of update
78 /** @var $tce DataHandler */
79 $tce = GeneralUtility::makeInstance(DataHandler::class);
80 $tce->stripslashes_values = FALSE;
81 // Determine the scripts to execute
82 switch ($this->conf['action']) {
83 case 'show_change_owner_selector':
84 $content = $this->renderUserSelector($this->conf['page'], $this->conf['ownerUid'], $this->conf['username']);
85 break;
86 case 'change_owner':
87 $userId = $this->conf['new_owner_uid'];
88 if (is_int($userId)) {
89 // Prepare data to change
90 $data = array();
91 $data['pages'][$this->conf['page']]['perms_userid'] = $userId;
92 // Execute TCE Update
93 $tce->start($data, array());
94 $tce->process_datamap();
95
96 $view->setTemplatePathAndFilename($extPath . 'Resources/Private/Templates/PermissionAjax/ChangeOwner.html');
97 $view->assign('userId', $userId);
98 $usernameArray = BackendUtility::getUserNames('username', ' AND uid = ' . $userId);
99 $view->assign('username', $usernameArray[$userId]['username']);
100 $content = $view->render();
101 } else {
102 $ajaxObj->setError('An error occurred: No page owner uid specified.');
103 }
104 break;
105 case 'show_change_group_selector':
106 $content = $this->renderGroupSelector($this->conf['page'], $this->conf['groupUid'], $this->conf['groupname']);
107 break;
108 case 'change_group':
109 $groupId = $this->conf['new_group_uid'];
110 if (is_int($groupId)) {
111 // Prepare data to change
112 $data = array();
113 $data['pages'][$this->conf['page']]['perms_groupid'] = $groupId;
114 // Execute TCE Update
115 $tce->start($data, array());
116 $tce->process_datamap();
117
118 $view->setTemplatePathAndFilename($extPath . 'Resources/Private/Templates/PermissionAjax/ChangeGroup.html');
119 $view->assign('groupId', $groupId);
120 $groupnameArray = BackendUtility::getGroupNames('title', ' AND uid = ' . $groupId);
121 $view->assign('groupname', $groupnameArray[$groupId]['title']);
122 $content = $view->render();
123 } else {
124 $ajaxObj->setError('An error occurred: No page group uid specified.');
125 }
126 break;
127 case 'toggle_edit_lock':
128 // Prepare data to change
129 $data = array();
130 $data['pages'][$this->conf['page']]['editlock'] = $this->conf['editLockState'] === 1 ? 0 : 1;
131 // Execute TCE Update
132 $tce->start($data, array());
133 $tce->process_datamap();
134 $content = $this->renderToggleEditLock($this->conf['page'], $data['pages'][$this->conf['page']]['editlock']);
135 break;
136 default:
137 if ($this->conf['mode'] === 'delete') {
138 $this->conf['permissions'] = (int)($this->conf['permissions'] - $this->conf['bits']);
139 } else {
140 $this->conf['permissions'] = (int)($this->conf['permissions'] + $this->conf['bits']);
141 }
142 // Prepare data to change
143 $data = array();
144 $data['pages'][$this->conf['page']]['perms_' . $this->conf['who']] = $this->conf['permissions'];
145 // Execute TCE Update
146 $tce->start($data, array());
147 $tce->process_datamap();
148
149 $view->setTemplatePathAndFilename($extPath . 'Resources/Private/Templates/PermissionAjax/ChangePermission.html');
150 $view->assign('permission', $this->conf['permissions']);
151 $view->assign('scope', $this->conf['who']);
152 $content = $view->render();
153 }
154 } else {
155 $ajaxObj->setError('This script cannot be called directly.');
156 }
157 $ajaxObj->addContent($this->conf['page'] . '_' . $this->conf['who'], $content);
158 }
159
160 /**
161 * Generate the user selector element
162 *
163 * @param int $page The page id to change the user for
164 * @param int $ownerUid The page owner uid
165 * @param string $username The username to display
166 * @return string The html select element
167 */
168 protected function renderUserSelector($page, $ownerUid, $username = '') {
169 // Get usernames
170 $beUsers = BackendUtility::getUserNames();
171 // Owner selector:
172 $options = '';
173 // Loop through the users
174 foreach ($beUsers as $uid => $row) {
175 $selected = $uid == $ownerUid ? ' selected="selected"' : '';
176 $options .= '<option value="' . $uid . '"' . $selected . '>' . htmlspecialchars($row['username']) . '</option>';
177 }
178 $elementId = 'o_' . $page;
179 $options = '<option value="0"></option>' . $options;
180 $selector = '<select name="new_page_owner" id="new_page_owner">' . $options . '</select>';
181 $saveButton = '<a class="saveowner" data-page="' . $page . '" data-owner="' . $ownerUid . '" data-element-id="' . $elementId . '" title="Change owner">' . IconUtility::getSpriteIcon('actions-document-save') . '</a>';
182 $cancelButton = '<a class="restoreowner" data-page="' . $page . '" data-owner="' . $ownerUid . '" data-element-id="' . $elementId . '"' . (!empty($username) ? ' data-username="' . htmlspecialchars($username) . '"' : '') . ' title="Cancel">' . IconUtility::getSpriteIcon('actions-document-close') . '</a>';
183 return '<span id="' . $elementId . '">' . $selector . $saveButton . $cancelButton . '</span>';
184 }
185
186 /**
187 * Generate the group selector element
188 *
189 * @param int $page The page id to change the user for
190 * @param int $groupUid The page group uid
191 * @param string $groupname The groupname to display
192 * @return string The html select element
193 */
194 protected function renderGroupSelector($page, $groupUid, $groupname = '') {
195 // Get usernames
196 $beGroupsO = $beGroups = BackendUtility::getGroupNames();
197 // Group selector:
198 $options = '';
199 // flag: is set if the page-groupid equals one from the group-list
200 $userset = 0;
201 // Loop through the groups
202 foreach ($beGroups as $uid => $row) {
203 if ($uid == $groupUid) {
204 $userset = 1;
205 $selected = ' selected="selected"';
206 } else {
207 $selected = '';
208 }
209 $options .= '<option value="' . $uid . '"' . $selected . '>' . htmlspecialchars($row['title']) . '</option>';
210 }
211 // If the group was not set AND there is a group for the page
212 if (!$userset && $groupUid) {
213 $options = '<option value="' . $groupUid . '" selected="selected">' .
214 htmlspecialchars($beGroupsO[$groupUid]['title']) . '</option>' . $options;
215 }
216 $elementId = 'g_' . $page;
217 $options = '<option value="0"></option>' . $options;
218 $selector = '<select name="new_page_group" id="new_page_group">' . $options . '</select>';
219 $saveButton = '<a class="savegroup" data-page="' . $page . '" data-group="' . $groupUid . '" data-element-id="' . $elementId . '" title="Change group">' . IconUtility::getSpriteIcon('actions-document-save') . '</a>';
220 $cancelButton = '<a class="restoregroup" data-page="' . $page . '" data-group="' . $groupUid . '" data-element-id="' . $elementId . '"' . (!empty($groupname) ? ' data-groupname="' . htmlspecialchars($groupname) . '"' : '') . ' title="Cancel">' . IconUtility::getSpriteIcon('actions-document-close') . '</a>';
221 return '<span id="' . $elementId . '">' . $selector . $saveButton . $cancelButton . '</span>';
222 }
223
224 /**
225 * Print the string with the new owner of a page record
226 *
227 * @param int $page The TYPO3 page id
228 * @param int $ownerUid The new page user uid
229 * @param string $username The TYPO3 BE username (used to display in the element)
230 * @param bool $validUser Must be set to FALSE, if the user has no name or is deleted
231 * @return string The new group wrapped in HTML
232 * @deprecated since TYPO3 CMS 7, will be removed in TYPO3 CMS 8. This is now solved with fluid.
233 */
234 static public function renderOwnername($page, $ownerUid, $username, $validUser = TRUE) {
235 GeneralUtility::logDeprecatedFunction();
236 $elementId = 'o_' . $page;
237 return '<span id="' . $elementId . '"><a class="ug_selector changeowner" data-page="' . $page . '" data-owner="' . $ownerUid . '" data-username="' . htmlspecialchars($username) . '">' . ($validUser ? ($username == '' ? '<span class=not_set>[' . $GLOBALS['LANG']->getLL('notSet') . ']</span>' : htmlspecialchars(GeneralUtility::fixed_lgd_cs($username, 20))) : '<span class=not_set title="' . htmlspecialchars(GeneralUtility::fixed_lgd_cs($username, 20)) . '">[' . $GLOBALS['LANG']->getLL('deleted') . ']</span>') . '</a></span>';
238 }
239
240 /**
241 * Print the string with the new group of a page record
242 *
243 * @param int $page The TYPO3 page id
244 * @param int $groupUid The new page group uid
245 * @param string $groupname The TYPO3 BE groupname (used to display in the element)
246 * @param bool $validGroup Must be set to FALSE, if the group has no name or is deleted
247 * @return string The new group wrapped in HTML
248 * @deprecated since TYPO3 CMS 7, will be removed in TYPO3 CMS 8. This is now solved with fluid.
249 */
250 static public function renderGroupname($page, $groupUid, $groupname, $validGroup = TRUE) {
251 GeneralUtility::logDeprecatedFunction();
252 $elementId = 'g_' . $page;
253 return '<span id="' . $elementId . '"><a class="ug_selector changegroup" data-page="' . $page . '" data-group="' . $groupUid . '" data-groupname="' . htmlspecialchars($groupname) . '">' . ($validGroup ? ($groupname == '' ? '<span class=not_set>[' . $GLOBALS['LANG']->getLL('notSet') . ']</span>' : htmlspecialchars(GeneralUtility::fixed_lgd_cs($groupname, 20))) : '<span class=not_set title="' . htmlspecialchars(GeneralUtility::fixed_lgd_cs($groupname, 20)) . '">[' . $GLOBALS['LANG']->getLL('deleted') . ']</span>') . '</a></span>';
254 }
255
256 /**
257 * Print the string with the new edit lock state of a page record
258 *
259 * @param int $page The TYPO3 page id
260 * @param string $editLockState The state of the TYPO3 page (locked, unlocked)
261 * @return string The new edit lock string wrapped in HTML
262 */
263 protected function renderToggleEditLock($page, $editLockState) {
264 if ($editLockState === 1) {
265 $ret = '<span id="el_' . $page . '"><a class="editlock" data-page="' . (int)$page . '" data-lockstate="1" title="The page and all content is locked for editing by all non-Admin users.">' . IconUtility::getSpriteIcon('status-warning-lock') . '</a></span>';
266 } else {
267 $ret = '<span id="el_' . $page . '"><a class="editlock" data-page="' . (int)$page . '" data-lockstate="0" title="Enable the &raquo;Admin-only&laquo; edit lock for this page">[+]</a></span>';
268 }
269 return $ret;
270 }
271
272 /**
273 * Print a set of permissions. Also used in index.php
274 *
275 * @param int $int Permission integer (bits)
276 * @param int $pageId The TYPO3 page id
277 * @param string $who The scope (user, group or everybody)
278 * @return string HTML marked up x/* indications.
279 * @deprecated since TYPO3 CMS 7, will be removed in TYPO3 CMS 8. This is now solved with fluid.
280 */
281 static public function renderPermissions($int, $pageId = 0, $who = 'user') {
282 GeneralUtility::logDeprecatedFunction();
283 $str = '';
284 $permissions = array(1, 16, 2, 4, 8);
285 foreach ($permissions as $permission) {
286 if ($int & $permission) {
287 $str .= IconUtility::getSpriteIcon('status-status-permission-granted', array(
288 'title' => $GLOBALS['LANG']->getLL($permission, TRUE),
289 'class' => 'change-permission text-success',
290 'data-page' => $pageId,
291 'data-permissions' => $int,
292 'data-mode' => 'delete',
293 'data-who' => $who,
294 'data-bits' => $permission,
295 'style' => 'cursor:pointer'
296 ));
297 } else {
298 $str .= IconUtility::getSpriteIcon('status-status-permission-denied', array(
299 'title' => $GLOBALS['LANG']->getLL($permission, TRUE),
300 'class' => 'change-permission text-danger',
301 'data-page' => $pageId,
302 'data-permissions' => $int,
303 'data-mode' => 'add',
304 'data-who' => $who,
305 'data-bits' => $permission,
306 'style' => 'cursor:pointer'
307 ));
308 }
309 }
310 return '<span id="' . $pageId . '_' . $who . '">' . $str . '</span>';
311 }
312
313 /**
314 * @return \TYPO3\CMS\Lang\LanguageService
315 */
316 protected function getLanguageService() {
317 return $GLOBALS['LANG'];
318 }
319
320 /**
321 * @return \TYPO3\CMS\Core\Authentication\BackendUserAuthentication
322 */
323 protected function getBackendUser() {
324 return $GLOBALS['BE_USER'];
325 }
326
327 }