2 namespace TYPO3\CMS\Perm\Controller
;
4 /***************************************************************
7 * (c) 2007-2013 mehrwert (typo3@mehrwert.de)
10 * This script is part of the TYPO3 project. The TYPO3 project is
11 * free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
16 * The GNU General Public License can be found at
17 * http://www.gnu.org/copyleft/gpl.html.
19 * This script is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
24 * This copyright notice MUST APPEAR in all copies of the script!
25 ***************************************************************/
27 use TYPO3\CMS\Backend\Utility\BackendUtility
;
30 * This class extends the permissions module in the TYPO3 Backend to provide
31 * convenient methods of editing of page permissions (including page ownership
32 * (user and group)) via new AjaxRequestHandler facility
34 * @author Andreas Kundoch <typo3@mehrwert.de>
38 class PermissionAjaxController
{
40 // The local configuration array
41 protected $conf = array();
44 protected $backPath = '../../../';
46 /********************************************
48 * Init method for this class
50 ********************************************/
52 * The constructor of this class
54 public function __construct() {
55 // Configuration, variable assignment
56 $this->conf
['page'] = \TYPO3\CMS\Core\Utility\GeneralUtility
::_POST('page');
57 $this->conf
['who'] = \TYPO3\CMS\Core\Utility\GeneralUtility
::_POST('who');
58 $this->conf
['mode'] = \TYPO3\CMS\Core\Utility\GeneralUtility
::_POST('mode');
59 $this->conf
['bits'] = intval(\TYPO3\CMS\Core\Utility\GeneralUtility
::_POST('bits'));
60 $this->conf
['permissions'] = intval(\TYPO3\CMS\Core\Utility\GeneralUtility
::_POST('permissions'));
61 $this->conf
['action'] = \TYPO3\CMS\Core\Utility\GeneralUtility
::_POST('action');
62 $this->conf
['ownerUid'] = intval(\TYPO3\CMS\Core\Utility\GeneralUtility
::_POST('ownerUid'));
63 $this->conf
['username'] = \TYPO3\CMS\Core\Utility\GeneralUtility
::_POST('username');
64 $this->conf
['groupUid'] = intval(\TYPO3\CMS\Core\Utility\GeneralUtility
::_POST('groupUid'));
65 $this->conf
['groupname'] = \TYPO3\CMS\Core\Utility\GeneralUtility
::_POST('groupname');
66 $this->conf
['editLockState'] = intval(\TYPO3\CMS\Core\Utility\GeneralUtility
::_POST('editLockState'));
67 // User: Replace some parts of the posted values
68 $this->conf
['new_owner_uid'] = intval(\TYPO3\CMS\Core\Utility\GeneralUtility
::_POST('newOwnerUid'));
69 $temp_owner_data = BackendUtility
::getUserNames('username, uid', ' AND uid = ' . $this->conf
['new_owner_uid']);
70 $this->conf
['new_owner_username'] = htmlspecialchars($temp_owner_data[$this->conf
['new_owner_uid']]['username']);
71 // Group: Replace some parts of the posted values
72 $this->conf
['new_group_uid'] = intval(\TYPO3\CMS\Core\Utility\GeneralUtility
::_POST('newGroupUid'));
73 $temp_group_data = BackendUtility
::getGroupNames('title,uid', ' AND uid = ' . $this->conf
['new_group_uid']);
74 $this->conf
['new_group_username'] = htmlspecialchars($temp_group_data[$this->conf
['new_group_uid']]['title']);
77 /********************************************
79 * Main dispatcher method
81 ********************************************/
83 * The main dispatcher function. Collect data and prepare HTML output.
85 * @param array $params array of parameters from the AJAX interface, currently unused
86 * @param \TYPO3\CMS\Core\Http\AjaxRequestHandler $ajaxObj object of type AjaxRequestHandler
89 public function dispatch($params = array(), \TYPO3\CMS\Core\Http\AjaxRequestHandler
&$ajaxObj = NULL) {
91 // Basic test for required value
92 if ($this->conf
['page'] > 0) {
93 // Init TCE for execution of update
94 /** @var $tce \TYPO3\CMS\Core\DataHandling\DataHandler */
95 $tce = \TYPO3\CMS\Core\Utility\GeneralUtility
::makeInstance('TYPO3\\CMS\\Core\\DataHandling\\DataHandler');
96 $tce->stripslashes_values
= 1;
97 // Determine the scripts to execute
98 switch ($this->conf
['action']) {
99 case 'show_change_owner_selector':
100 $content = $this->renderUserSelector($this->conf
['page'], $this->conf
['ownerUid'], $this->conf
['username']);
103 if (is_int($this->conf
['new_owner_uid'])) {
104 // Prepare data to change
106 $data['pages'][$this->conf
['page']]['perms_userid'] = $this->conf
['new_owner_uid'];
107 // Execute TCE Update
108 $tce->start($data, array());
109 $tce->process_datamap();
110 $content = self
::renderOwnername($this->conf
['page'], $this->conf
['new_owner_uid'], $this->conf
['new_owner_username']);
112 $ajaxObj->setError('An error occured: No page owner uid specified.');
115 case 'show_change_group_selector':
116 $content = $this->renderGroupSelector($this->conf
['page'], $this->conf
['groupUid'], $this->conf
['groupname']);
119 if (is_int($this->conf
['new_group_uid'])) {
120 // Prepare data to change
122 $data['pages'][$this->conf
['page']]['perms_groupid'] = $this->conf
['new_group_uid'];
123 // Execute TCE Update
124 $tce->start($data, array());
125 $tce->process_datamap();
126 $content = self
::renderGroupname($this->conf
['page'], $this->conf
['new_group_uid'], $this->conf
['new_group_username']);
128 $ajaxObj->setError('An error occured: No page group uid specified.');
131 case 'toggle_edit_lock':
132 // Prepare data to change
134 $data['pages'][$this->conf
['page']]['editlock'] = $this->conf
['editLockState'] === 1 ?
0 : 1;
135 // Execute TCE Update
136 $tce->start($data, array());
137 $tce->process_datamap();
138 $content = $this->renderToggleEditLock($this->conf
['page'], $data['pages'][$this->conf
['page']]['editlock']);
141 if ($this->conf
['mode'] == 'delete') {
142 $this->conf
['permissions'] = intval($this->conf
['permissions'] - $this->conf
['bits']);
144 $this->conf
['permissions'] = intval($this->conf
['permissions'] +
$this->conf
['bits']);
146 // Prepare data to change
148 $data['pages'][$this->conf
['page']]['perms_' . $this->conf
['who']] = $this->conf
['permissions'];
149 // Execute TCE Update
150 $tce->start($data, array());
151 $tce->process_datamap();
152 $content = self
::renderPermissions($this->conf
['permissions'], $this->conf
['page'], $this->conf
['who']);
155 $ajaxObj->setError('This script cannot be called directly.');
157 $ajaxObj->addContent($this->conf
['page'] . '_' . $this->conf
['who'], $content);
160 /********************************************
162 * Helpers for this script
164 ********************************************/
166 * Generate the user selector element
168 * @param integer $page The page id to change the user for
169 * @param integer $ownerUid The page owner uid
170 * @param string $username The username to display
171 * @return string The html select element
173 protected function renderUserSelector($page, $ownerUid, $username = '') {
175 $beUsers = BackendUtility
::getUserNames();
178 if (!$GLOBALS['BE_USER']->isAdmin()) {
179 $beUsers = BackendUtility
::blindUserNames($beUsers, $groups, 1);
183 // Loop through the users
184 foreach ($beUsers as $uid => $row) {
185 $selected = $uid == $ownerUid ?
' selected="selected"' : '';
186 $options .= '<option value="' . $uid . '"' . $selected . '>' . htmlspecialchars($row['username']) . '</option>';
188 $elementId = 'o_' . $page;
189 $options = '<option value="0"></option>' . $options;
190 $selector = '<select name="new_page_owner" id="new_page_owner">' . $options . '</select>';
191 $saveButton = '<a onclick="WebPermissions.changeOwner(' . $page . ', ' . $ownerUid . ', \'' . $elementId . '\');" title="Change owner">' . \TYPO3\CMS\Backend\Utility\IconUtility
::getSpriteIcon('actions-document-save') . '</a>';
192 $cancelButton = '<a onclick="WebPermissions.restoreOwner(' . $page . ', ' . $ownerUid . ', \'' . ($username == '' ?
'<span class=not_set>[not set]</span>' : htmlspecialchars($username)) . '\', \'' . $elementId . '\');" title="Cancel">' . \TYPO3\CMS\Backend\Utility\IconUtility
::getSpriteIcon('actions-document-close') . '</a>';
193 $ret = $selector . $saveButton . $cancelButton;
198 * Generate the group selector element
200 * @param integer $page The page id to change the user for
201 * @param integer $groupUid The page group uid
202 * @param string $username The username to display
203 * @return string The html select element
205 protected function renderGroupSelector($page, $groupUid, $groupname = '') {
207 $beGroups = BackendUtility
::getListGroupNames('title,uid');
208 $beGroupKeys = array_keys($beGroups);
209 $beGroupsO = ($beGroups = BackendUtility
::getGroupNames());
210 if (!$GLOBALS['BE_USER']->isAdmin()) {
211 $beGroups = BackendUtility
::blindGroupNames($beGroupsO, $beGroupKeys, 1);
215 // flag: is set if the page-groupid equals one from the group-list
217 // Loop through the groups
218 foreach ($beGroups as $uid => $row) {
219 if ($uid == $groupUid) {
221 $selected = ' selected="selected"';
225 $options .= '<option value="' . $uid . '"' . $selected . '>' . htmlspecialchars($row['title']) . '</option>';
227 // If the group was not set AND there is a group for the page
228 if (!$userset && $groupUid) {
229 $options = '<option value="' . $groupUid . '" selected="selected">' . htmlspecialchars($beGroupsO[$groupUid]['title']) . '</option>' . $options;
231 $elementId = 'g_' . $page;
232 $options = '<option value="0"></option>' . $options;
233 $selector = '<select name="new_page_group" id="new_page_group">' . $options . '</select>';
234 $saveButton = '<a onclick="WebPermissions.changeGroup(' . $page . ', ' . $groupUid . ', \'' . $elementId . '\');" title="Change group">' . \TYPO3\CMS\Backend\Utility\IconUtility
::getSpriteIcon('actions-document-save') . '</a>';
235 $cancelButton = '<a onclick="WebPermissions.restoreGroup(' . $page . ', ' . $groupUid . ', \'' . ($groupname == '' ?
'<span class=not_set>[not set]</span>' : htmlspecialchars($groupname)) . '\', \'' . $elementId . '\');" title="Cancel">' . \TYPO3\CMS\Backend\Utility\IconUtility
::getSpriteIcon('actions-document-close') . '</a>';
236 $ret = $selector . $saveButton . $cancelButton;
241 * Print the string with the new owner of a page record
243 * @param integer $page The TYPO3 page id
244 * @param integer $ownerUid The new page user uid
245 * @param string $username The TYPO3 BE username (used to display in the element)
246 * @param boolean $validUser Must be set to FALSE, if the user has no name or is deleted
247 * @return string The new group wrapped in HTML
249 static public function renderOwnername($page, $ownerUid, $username, $validUser = TRUE) {
250 $elementId = 'o_' . $page;
251 $ret = '<span id="' . $elementId . '"><a class="ug_selector" onclick="WebPermissions.showChangeOwnerSelector(' . $page . ', ' . $ownerUid . ', \'' . $elementId . '\', \'' . htmlspecialchars($username) . '\');">' . ($validUser ?
($username == '' ?
'<span class=not_set>[' . $GLOBALS['LANG']->getLL('notSet') . ']</span>' : htmlspecialchars(\TYPO3\CMS\Core\Utility\GeneralUtility
::fixed_lgd_cs($username, 20))) : '<span class=not_set title="' . htmlspecialchars(\TYPO3\CMS\Core\Utility\GeneralUtility
::fixed_lgd_cs($username, 20)) . '">[' . $GLOBALS['LANG']->getLL('deleted') . ']</span>') . '</a></span>';
256 * Print the string with the new group of a page record
258 * @param integer $page The TYPO3 page id
259 * @param integer $groupUid The new page group uid
260 * @param string $groupname The TYPO3 BE groupname (used to display in the element)
261 * @param boolean $validGroup Must be set to FALSE, if the group has no name or is deleted
262 * @return string The new group wrapped in HTML
264 static public function renderGroupname($page, $groupUid, $groupname, $validGroup = TRUE) {
265 $elementId = 'g_' . $page;
266 $ret = '<span id="' . $elementId . '"><a class="ug_selector" onclick="WebPermissions.showChangeGroupSelector(' . $page . ', ' . $groupUid . ', \'' . $elementId . '\', \'' . htmlspecialchars($groupname) . '\');">' . ($validGroup ?
($groupname == '' ?
'<span class=not_set>[' . $GLOBALS['LANG']->getLL('notSet') . ']</span>' : htmlspecialchars(\TYPO3\CMS\Core\Utility\GeneralUtility
::fixed_lgd_cs($groupname, 20))) : '<span class=not_set title="' . htmlspecialchars(\TYPO3\CMS\Core\Utility\GeneralUtility
::fixed_lgd_cs($groupname, 20)) . '">[' . $GLOBALS['LANG']->getLL('deleted') . ']</span>') . '</a></span>';
271 * Print the string with the new edit lock state of a page record
273 * @param integer $page The TYPO3 page id
274 * @param string $editlockstate The state of the TYPO3 page (locked, unlocked)
275 * @return string The new edit lock string wrapped in HTML
277 protected function renderToggleEditLock($page, $editLockState) {
278 if ($editLockState === 1) {
279 $ret = '<a class="editlock" onclick="WebPermissions.toggleEditLock(' . $page . ', 1);" title="The page and all content is locked for editing by all non-Admin users.">' . \TYPO3\CMS\Backend\Utility\IconUtility
::getSpriteIcon('status-warning-lock') . '</a>';
281 $ret = '<a class="editlock" onclick="WebPermissions.toggleEditLock(' . $page . ', 0);" title="Enable the »Admin-only« edit lock for this page">[+]</a>';
287 * Print a set of permissions. Also used in index.php
289 * @param integer $int Permission integer (bits)
290 * @param integer $page The TYPO3 page id
291 * @param string $who The scope (user, group or everybody)
292 * @return string HTML marked up x/* indications.
294 static public function renderPermissions($int, $pageId = 0, $who = 'user') {
296 $permissions = array(1, 16, 2, 4, 8);
297 foreach ($permissions as $permission) {
298 if ($int & $permission) {
299 $str .= \TYPO3\CMS\Backend\Utility\IconUtility
::getSpriteIcon('status-status-permission-granted', array(
301 'title' => $GLOBALS['LANG']->getLL($permission, TRUE),
302 'onclick' => 'WebPermissions.setPermissions(' . $pageId . ', ' . $permission . ', \'delete\', \'' . $who . '\', ' . $int . ');',
303 'style' => 'cursor:pointer'
306 $str .= \TYPO3\CMS\Backend\Utility\IconUtility
::getSpriteIcon('status-status-permission-denied', array(
308 'title' => $GLOBALS['LANG']->getLL($permission, TRUE),
309 'onclick' => 'WebPermissions.setPermissions(' . $pageId . ', ' . $permission . ', \'add\', \'' . $who . '\', ' . $int . ');',
310 'style' => 'cursor:pointer'
314 return '<span id="' . $pageId . '_' . $who . '">' . $str . '</span>';