d704b47419d2a9767b5e94ed693532b625c54086
[Packages/TYPO3.CMS.git] / typo3 / sysext / perm / Classes / Controller / PermissionAjaxController.php
1 <?php
2 namespace TYPO3\CMS\Perm\Controller;
3
4 /***************************************************************
5 * Copyright notice
6 *
7 * (c) 2007-2013 mehrwert (typo3@mehrwert.de)
8 * All rights reserved
9 *
10 * This script is part of the TYPO3 project. The TYPO3 project is
11 * free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * The GNU General Public License can be found at
17 * http://www.gnu.org/copyleft/gpl.html.
18 *
19 * This script is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
23 *
24 * This copyright notice MUST APPEAR in all copies of the script!
25 ***************************************************************/
26
27 use TYPO3\CMS\Backend\Utility\BackendUtility;
28
29 /**
30 * This class extends the permissions module in the TYPO3 Backend to provide
31 * convenient methods of editing of page permissions (including page ownership
32 * (user and group)) via new AjaxRequestHandler facility
33 *
34 * @author Andreas Kundoch <typo3@mehrwert.de>
35 * @license GPL
36 * @since TYPO3_4-2
37 */
38 class PermissionAjaxController {
39
40 // The local configuration array
41 protected $conf = array();
42
43 // TYPO3 Back Path
44 protected $backPath = '../../../';
45
46 /********************************************
47 *
48 * Init method for this class
49 *
50 ********************************************/
51 /**
52 * The constructor of this class
53 */
54 public function __construct() {
55 // Configuration, variable assignment
56 $this->conf['page'] = \TYPO3\CMS\Core\Utility\GeneralUtility::_POST('page');
57 $this->conf['who'] = \TYPO3\CMS\Core\Utility\GeneralUtility::_POST('who');
58 $this->conf['mode'] = \TYPO3\CMS\Core\Utility\GeneralUtility::_POST('mode');
59 $this->conf['bits'] = intval(\TYPO3\CMS\Core\Utility\GeneralUtility::_POST('bits'));
60 $this->conf['permissions'] = intval(\TYPO3\CMS\Core\Utility\GeneralUtility::_POST('permissions'));
61 $this->conf['action'] = \TYPO3\CMS\Core\Utility\GeneralUtility::_POST('action');
62 $this->conf['ownerUid'] = intval(\TYPO3\CMS\Core\Utility\GeneralUtility::_POST('ownerUid'));
63 $this->conf['username'] = \TYPO3\CMS\Core\Utility\GeneralUtility::_POST('username');
64 $this->conf['groupUid'] = intval(\TYPO3\CMS\Core\Utility\GeneralUtility::_POST('groupUid'));
65 $this->conf['groupname'] = \TYPO3\CMS\Core\Utility\GeneralUtility::_POST('groupname');
66 $this->conf['editLockState'] = intval(\TYPO3\CMS\Core\Utility\GeneralUtility::_POST('editLockState'));
67 // User: Replace some parts of the posted values
68 $this->conf['new_owner_uid'] = intval(\TYPO3\CMS\Core\Utility\GeneralUtility::_POST('newOwnerUid'));
69 $temp_owner_data = BackendUtility::getUserNames('username, uid', ' AND uid = ' . $this->conf['new_owner_uid']);
70 $this->conf['new_owner_username'] = htmlspecialchars($temp_owner_data[$this->conf['new_owner_uid']]['username']);
71 // Group: Replace some parts of the posted values
72 $this->conf['new_group_uid'] = intval(\TYPO3\CMS\Core\Utility\GeneralUtility::_POST('newGroupUid'));
73 $temp_group_data = BackendUtility::getGroupNames('title,uid', ' AND uid = ' . $this->conf['new_group_uid']);
74 $this->conf['new_group_username'] = htmlspecialchars($temp_group_data[$this->conf['new_group_uid']]['title']);
75 }
76
77 /********************************************
78 *
79 * Main dispatcher method
80 *
81 ********************************************/
82 /**
83 * The main dispatcher function. Collect data and prepare HTML output.
84 *
85 * @param array $params array of parameters from the AJAX interface, currently unused
86 * @param \TYPO3\CMS\Core\Http\AjaxRequestHandler $ajaxObj object of type AjaxRequestHandler
87 * @return void
88 */
89 public function dispatch($params = array(), \TYPO3\CMS\Core\Http\AjaxRequestHandler &$ajaxObj = NULL) {
90 $content = '';
91 // Basic test for required value
92 if ($this->conf['page'] > 0) {
93 // Init TCE for execution of update
94 /** @var $tce \TYPO3\CMS\Core\DataHandling\DataHandler */
95 $tce = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\DataHandling\\DataHandler');
96 $tce->stripslashes_values = 1;
97 // Determine the scripts to execute
98 switch ($this->conf['action']) {
99 case 'show_change_owner_selector':
100 $content = $this->renderUserSelector($this->conf['page'], $this->conf['ownerUid'], $this->conf['username']);
101 break;
102 case 'change_owner':
103 if (is_int($this->conf['new_owner_uid'])) {
104 // Prepare data to change
105 $data = array();
106 $data['pages'][$this->conf['page']]['perms_userid'] = $this->conf['new_owner_uid'];
107 // Execute TCE Update
108 $tce->start($data, array());
109 $tce->process_datamap();
110 $content = self::renderOwnername($this->conf['page'], $this->conf['new_owner_uid'], $this->conf['new_owner_username']);
111 } else {
112 $ajaxObj->setError('An error occured: No page owner uid specified.');
113 }
114 break;
115 case 'show_change_group_selector':
116 $content = $this->renderGroupSelector($this->conf['page'], $this->conf['groupUid'], $this->conf['groupname']);
117 break;
118 case 'change_group':
119 if (is_int($this->conf['new_group_uid'])) {
120 // Prepare data to change
121 $data = array();
122 $data['pages'][$this->conf['page']]['perms_groupid'] = $this->conf['new_group_uid'];
123 // Execute TCE Update
124 $tce->start($data, array());
125 $tce->process_datamap();
126 $content = self::renderGroupname($this->conf['page'], $this->conf['new_group_uid'], $this->conf['new_group_username']);
127 } else {
128 $ajaxObj->setError('An error occured: No page group uid specified.');
129 }
130 break;
131 case 'toggle_edit_lock':
132 // Prepare data to change
133 $data = array();
134 $data['pages'][$this->conf['page']]['editlock'] = $this->conf['editLockState'] === 1 ? 0 : 1;
135 // Execute TCE Update
136 $tce->start($data, array());
137 $tce->process_datamap();
138 $content = $this->renderToggleEditLock($this->conf['page'], $data['pages'][$this->conf['page']]['editlock']);
139 break;
140 default:
141 if ($this->conf['mode'] == 'delete') {
142 $this->conf['permissions'] = intval($this->conf['permissions'] - $this->conf['bits']);
143 } else {
144 $this->conf['permissions'] = intval($this->conf['permissions'] + $this->conf['bits']);
145 }
146 // Prepare data to change
147 $data = array();
148 $data['pages'][$this->conf['page']]['perms_' . $this->conf['who']] = $this->conf['permissions'];
149 // Execute TCE Update
150 $tce->start($data, array());
151 $tce->process_datamap();
152 $content = self::renderPermissions($this->conf['permissions'], $this->conf['page'], $this->conf['who']);
153 }
154 } else {
155 $ajaxObj->setError('This script cannot be called directly.');
156 }
157 $ajaxObj->addContent($this->conf['page'] . '_' . $this->conf['who'], $content);
158 }
159
160 /********************************************
161 *
162 * Helpers for this script
163 *
164 ********************************************/
165 /**
166 * Generate the user selector element
167 *
168 * @param integer $page The page id to change the user for
169 * @param integer $ownerUid The page owner uid
170 * @param string $username The username to display
171 * @return string The html select element
172 */
173 protected function renderUserSelector($page, $ownerUid, $username = '') {
174 // Get usernames
175 $beUsers = BackendUtility::getUserNames();
176 // Init groupArray
177 $groups = array();
178 if (!$GLOBALS['BE_USER']->isAdmin()) {
179 $beUsers = BackendUtility::blindUserNames($beUsers, $groups, 1);
180 }
181 // Owner selector:
182 $options = '';
183 // Loop through the users
184 foreach ($beUsers as $uid => $row) {
185 $selected = $uid == $ownerUid ? ' selected="selected"' : '';
186 $options .= '<option value="' . $uid . '"' . $selected . '>' . htmlspecialchars($row['username']) . '</option>';
187 }
188 $elementId = 'o_' . $page;
189 $options = '<option value="0"></option>' . $options;
190 $selector = '<select name="new_page_owner" id="new_page_owner">' . $options . '</select>';
191 $saveButton = '<a onclick="WebPermissions.changeOwner(' . $page . ', ' . $ownerUid . ', \'' . $elementId . '\');" title="Change owner">' . \TYPO3\CMS\Backend\Utility\IconUtility::getSpriteIcon('actions-document-save') . '</a>';
192 $cancelButton = '<a onclick="WebPermissions.restoreOwner(' . $page . ', ' . $ownerUid . ', \'' . ($username == '' ? '<span class=not_set>[not set]</span>' : htmlspecialchars($username)) . '\', \'' . $elementId . '\');" title="Cancel">' . \TYPO3\CMS\Backend\Utility\IconUtility::getSpriteIcon('actions-document-close') . '</a>';
193 $ret = $selector . $saveButton . $cancelButton;
194 return $ret;
195 }
196
197 /**
198 * Generate the group selector element
199 *
200 * @param integer $page The page id to change the user for
201 * @param integer $groupUid The page group uid
202 * @param string $username The username to display
203 * @return string The html select element
204 */
205 protected function renderGroupSelector($page, $groupUid, $groupname = '') {
206 // Get usernames
207 $beGroups = BackendUtility::getListGroupNames('title,uid');
208 $beGroupKeys = array_keys($beGroups);
209 $beGroupsO = ($beGroups = BackendUtility::getGroupNames());
210 if (!$GLOBALS['BE_USER']->isAdmin()) {
211 $beGroups = BackendUtility::blindGroupNames($beGroupsO, $beGroupKeys, 1);
212 }
213 // Group selector:
214 $options = '';
215 // flag: is set if the page-groupid equals one from the group-list
216 $userset = 0;
217 // Loop through the groups
218 foreach ($beGroups as $uid => $row) {
219 if ($uid == $groupUid) {
220 $userset = 1;
221 $selected = ' selected="selected"';
222 } else {
223 $selected = '';
224 }
225 $options .= '<option value="' . $uid . '"' . $selected . '>' . htmlspecialchars($row['title']) . '</option>';
226 }
227 // If the group was not set AND there is a group for the page
228 if (!$userset && $groupUid) {
229 $options = '<option value="' . $groupUid . '" selected="selected">' . htmlspecialchars($beGroupsO[$groupUid]['title']) . '</option>' . $options;
230 }
231 $elementId = 'g_' . $page;
232 $options = '<option value="0"></option>' . $options;
233 $selector = '<select name="new_page_group" id="new_page_group">' . $options . '</select>';
234 $saveButton = '<a onclick="WebPermissions.changeGroup(' . $page . ', ' . $groupUid . ', \'' . $elementId . '\');" title="Change group">' . \TYPO3\CMS\Backend\Utility\IconUtility::getSpriteIcon('actions-document-save') . '</a>';
235 $cancelButton = '<a onclick="WebPermissions.restoreGroup(' . $page . ', ' . $groupUid . ', \'' . ($groupname == '' ? '<span class=not_set>[not set]</span>' : htmlspecialchars($groupname)) . '\', \'' . $elementId . '\');" title="Cancel">' . \TYPO3\CMS\Backend\Utility\IconUtility::getSpriteIcon('actions-document-close') . '</a>';
236 $ret = $selector . $saveButton . $cancelButton;
237 return $ret;
238 }
239
240 /**
241 * Print the string with the new owner of a page record
242 *
243 * @param integer $page The TYPO3 page id
244 * @param integer $ownerUid The new page user uid
245 * @param string $username The TYPO3 BE username (used to display in the element)
246 * @param boolean $validUser Must be set to FALSE, if the user has no name or is deleted
247 * @return string The new group wrapped in HTML
248 */
249 static public function renderOwnername($page, $ownerUid, $username, $validUser = TRUE) {
250 $elementId = 'o_' . $page;
251 $ret = '<span id="' . $elementId . '"><a class="ug_selector" onclick="WebPermissions.showChangeOwnerSelector(' . $page . ', ' . $ownerUid . ', \'' . $elementId . '\', \'' . htmlspecialchars($username) . '\');">' . ($validUser ? ($username == '' ? '<span class=not_set>[' . $GLOBALS['LANG']->getLL('notSet') . ']</span>' : htmlspecialchars(\TYPO3\CMS\Core\Utility\GeneralUtility::fixed_lgd_cs($username, 20))) : '<span class=not_set title="' . htmlspecialchars(\TYPO3\CMS\Core\Utility\GeneralUtility::fixed_lgd_cs($username, 20)) . '">[' . $GLOBALS['LANG']->getLL('deleted') . ']</span>') . '</a></span>';
252 return $ret;
253 }
254
255 /**
256 * Print the string with the new group of a page record
257 *
258 * @param integer $page The TYPO3 page id
259 * @param integer $groupUid The new page group uid
260 * @param string $groupname The TYPO3 BE groupname (used to display in the element)
261 * @param boolean $validGroup Must be set to FALSE, if the group has no name or is deleted
262 * @return string The new group wrapped in HTML
263 */
264 static public function renderGroupname($page, $groupUid, $groupname, $validGroup = TRUE) {
265 $elementId = 'g_' . $page;
266 $ret = '<span id="' . $elementId . '"><a class="ug_selector" onclick="WebPermissions.showChangeGroupSelector(' . $page . ', ' . $groupUid . ', \'' . $elementId . '\', \'' . htmlspecialchars($groupname) . '\');">' . ($validGroup ? ($groupname == '' ? '<span class=not_set>[' . $GLOBALS['LANG']->getLL('notSet') . ']</span>' : htmlspecialchars(\TYPO3\CMS\Core\Utility\GeneralUtility::fixed_lgd_cs($groupname, 20))) : '<span class=not_set title="' . htmlspecialchars(\TYPO3\CMS\Core\Utility\GeneralUtility::fixed_lgd_cs($groupname, 20)) . '">[' . $GLOBALS['LANG']->getLL('deleted') . ']</span>') . '</a></span>';
267 return $ret;
268 }
269
270 /**
271 * Print the string with the new edit lock state of a page record
272 *
273 * @param integer $page The TYPO3 page id
274 * @param string $editlockstate The state of the TYPO3 page (locked, unlocked)
275 * @return string The new edit lock string wrapped in HTML
276 */
277 protected function renderToggleEditLock($page, $editLockState) {
278 if ($editLockState === 1) {
279 $ret = '<a class="editlock" onclick="WebPermissions.toggleEditLock(' . $page . ', 1);" title="The page and all content is locked for editing by all non-Admin users.">' . \TYPO3\CMS\Backend\Utility\IconUtility::getSpriteIcon('status-warning-lock') . '</a>';
280 } else {
281 $ret = '<a class="editlock" onclick="WebPermissions.toggleEditLock(' . $page . ', 0);" title="Enable the &raquo;Admin-only&laquo; edit lock for this page">[+]</a>';
282 }
283 return $ret;
284 }
285
286 /**
287 * Print a set of permissions. Also used in index.php
288 *
289 * @param integer $int Permission integer (bits)
290 * @param integer $page The TYPO3 page id
291 * @param string $who The scope (user, group or everybody)
292 * @return string HTML marked up x/* indications.
293 */
294 static public function renderPermissions($int, $pageId = 0, $who = 'user') {
295 $str = '';
296 $permissions = array(1, 16, 2, 4, 8);
297 foreach ($permissions as $permission) {
298 if ($int & $permission) {
299 $str .= \TYPO3\CMS\Backend\Utility\IconUtility::getSpriteIcon('status-status-permission-granted', array(
300 'tag' => 'a',
301 'title' => $GLOBALS['LANG']->getLL($permission, TRUE),
302 'onclick' => 'WebPermissions.setPermissions(' . $pageId . ', ' . $permission . ', \'delete\', \'' . $who . '\', ' . $int . ');',
303 'style' => 'cursor:pointer'
304 ));
305 } else {
306 $str .= \TYPO3\CMS\Backend\Utility\IconUtility::getSpriteIcon('status-status-permission-denied', array(
307 'tag' => 'a',
308 'title' => $GLOBALS['LANG']->getLL($permission, TRUE),
309 'onclick' => 'WebPermissions.setPermissions(' . $pageId . ', ' . $permission . ', \'add\', \'' . $who . '\', ' . $int . ');',
310 'style' => 'cursor:pointer'
311 ));
312 }
313 }
314 return '<span id="' . $pageId . '_' . $who . '">' . $str . '</span>';
315 }
316
317 }
318
319
320 ?>