Fixed bug #14050: CleanUp - CGL format of t3lib files - t3lib_positionmap
[Packages/TYPO3.CMS.git] / t3lib / class.t3lib_userauthgroup.php
index b420aa8..cd89783 100644 (file)
@@ -2,7 +2,7 @@
 /***************************************************************
 *  Copyright notice
 *
-*  (c) 1999-2010 Kasper Skaarhoj (kasperYYYY@typo3.com)
+*  (c) 1999-2010 Kasper Skårhøj (kasperYYYY@typo3.com)
 *  All rights reserved
 *
 *  This script is part of the TYPO3 project. The TYPO3 project is
@@ -28,9 +28,9 @@
  * Contains an extension class specifically for authentication/initialization of backend users in TYPO3
  *
  * $Id$
- * Revised for TYPO3 3.6 July/2003 by Kasper Skaarhoj
+ * Revised for TYPO3 3.6 July/2003 by Kasper Skårhøj
  *
- * @author     Kasper Skaarhoj <kasperYYYY@typo3.com>
+ * @author     Kasper Skårhøj <kasperYYYY@typo3.com>
  */
 /**
  * [CLASS/FUNCTION INDEX of SCRIPT]
  * Actually this class is extended again by t3lib_beuserauth which is the actual backend user class that will be instantiated.
  * In fact the two classes t3lib_beuserauth and this class could just as well be one, single class since t3lib_userauthgroup is not - to my knowledge - used separately elsewhere. But for historical reasons they are two separate classes.
  *
- * @author     Kasper Skaarhoj <kasperYYYY@typo3.com>
+ * @author     Kasper Skårhøj <kasperYYYY@typo3.com>
  * @package TYPO3
  * @subpackage t3lib
  */
@@ -267,9 +267,8 @@ class t3lib_userAuthGroup extends t3lib_userAuth {
                                }
                        }
                }
-               if ($exitOnError)       {
-                       t3lib_BEfunc::typo3PrintError ('Access Error','This page is not within your DB-mounts',0);
-                       exit;
+               if ($exitOnError) {
+                       throw new RuntimeException('Access Error: This page is not within your DB-mounts');
                }
        }
 
@@ -282,9 +281,8 @@ class t3lib_userAuthGroup extends t3lib_userAuth {
         */
        function modAccess($conf,$exitOnError)  {
                if (!t3lib_BEfunc::isModuleSetInTBE_MODULES($conf['name']))     {
-                       if ($exitOnError)       {
-                               t3lib_BEfunc::typo3PrintError ('Fatal Error','This module "'.$conf['name'].'" is not enabled in TBE_MODULES',0);
-                               exit;
+                       if ($exitOnError) {
+                               throw new RuntimeException('Fatal Error: This module "'.$conf['name'].'" is not enabled in TBE_MODULES');
                        }
                        return FALSE;
                }
@@ -296,9 +294,8 @@ class t3lib_userAuthGroup extends t3lib_userAuth {
                                ($this->workspace>0 && t3lib_div::inList($conf['workspaces'],'custom')))        {
                                        // ok, go on...
                        } else {
-                               if ($exitOnError)       {
-                                       t3lib_BEfunc::typo3PrintError ('Workspace Error','This module "'.$conf['name'].'" is not available under the current workspace',0);
-                                       exit;
+                               if ($exitOnError) {
+                                       throw new RuntimeException('Workspace Error: This module "'.$conf['name'].'" is not available under the current workspace');
                                }
                                return FALSE;
                        }
@@ -312,9 +309,10 @@ class t3lib_userAuthGroup extends t3lib_userAuth {
                        $acs = $this->check('modules',$conf['name']);
                }
                if (!$acs && $exitOnError)      {
-                       t3lib_BEfunc::typo3PrintError ('Access Error','You don\'t have access to this module.',0);
-                       exit;
-               } else return $acs;
+                       throw new RuntimeException('Access Error: You don\'t have access to this module.');
+               } else {
+                       return $acs;
+               }
        }
 
        /**
@@ -734,8 +732,12 @@ class t3lib_userAuthGroup extends t3lib_userAuth {
         * @return      boolean
         */
        function mayMakeShortcut()      {
-               return $this->getTSConfigVal('options.enableShortcuts') &&
-                       !$this->getTSConfigVal('options.mayNotCreateEditShortcuts');
+                       // "Shortcuts" have been renamed to "Bookmarks"
+                       // @deprecated remove shortcuts code in TYPO3 4.7
+               return  ($this->getTSConfigVal('options.enableShortcuts')
+                               || $this->getTSConfigVal('options.enableBookmarks'))
+                               &&      (!$this->getTSConfigVal('options.mayNotCreateEditShortcuts')
+                               && !$this->getTSConfigVal('options.mayNotCreateEditBookmarks'));
        }
 
        /**
@@ -876,11 +878,35 @@ class t3lib_userAuthGroup extends t3lib_userAuth {
 
                if ($this->workspace>0) {
                        $stat = $this->checkWorkspaceCurrent();
-                       $memberStageLimit = $this->workspaceRec['review_stage_edit'] ? 1 : 0;
-                       if (($stage<=$memberStageLimit && $stat['_ACCESS']==='member') ||
-                               ($stage<=1 && $stat['_ACCESS']==='reviewer') ||
-                               ($stat['_ACCESS']==='owner')) {
-                                       return TRUE;    // OK for these criteria
+
+                               // Check if custom staging is activated
+                       $workspaceRec = t3lib_BEfunc::getRecord('sys_workspace', $stat['uid']);
+                       if ($workspaceRec['custom_stages'] > 0  && $stage !== '0' && $stage !== '-10') {
+
+                                       // Get custom stage record
+                               $workspaceStageRec = t3lib_BEfunc::getRecord('sys_workspace_stage', $stage);
+                                       // Check if the user is responsible for the current stage
+                               if ((t3lib_div::inList($workspaceStageRec['responsible_persons'], 'be_users_' . $this->user['uid'])
+                                               && $stat['_ACCESS'] === 'member')
+                                       || $stat['_ACCESS'] === 'owner') {
+                                       return TRUE; // OK for these criteria
+                               }
+
+                                       // Check if the user is in a group which is responsible for the current stage
+                               foreach ($this->userGroupsUID as $groupUid) {
+                                       if ((t3lib_div::inList($workspaceStageRec['responsible_persons'], 'be_groups_' . $groupUid)
+                                                       && $stat['_ACCESS'] === 'member')
+                                               || $stat['_ACCESS'] === 'owner') {
+                                               return TRUE; // OK for these criteria
+                                       }
+                               }
+                       } else {
+                               $memberStageLimit = $this->workspaceRec['review_stage_edit'] ? 1 : 0;
+                               if (($stage <= $memberStageLimit && $stat['_ACCESS'] === 'member')
+                                               || ($stage <= 1 && $stat['_ACCESS'] === 'reviewer')
+                                               || $stat['_ACCESS'] === 'owner') {
+                                               return TRUE;    // OK for these criteria
+                               }
                        }
                } else return TRUE;     // Always OK for live and draft workspaces.
        }
@@ -1523,33 +1549,59 @@ class t3lib_userAuthGroup extends t3lib_userAuth {
                        // Initializing workspace by evaluating and setting the workspace, possibly updating it in the user record!
                $this->setWorkspace($this->user['workspace_id']);
 
-                       // Setting up the db mount points of the (custom) workspace, if any:
-               if ($this->workspace>0 && trim($this->workspaceRec['db_mountpoints'])!=='')     {
-
-                               // Initialize:
-                       $newMounts = array();
+                       // Limiting the DB mountpoints if there any selected in the workspace record
+               $dbMountpoints = trim($this->workspaceRec['db_mountpoints']);
+               if ($this->workspace > 0 && $dbMountpoints != '') {
+                       $filteredDbMountpoints = array();
                        $readPerms = '1=1'; // Notice: We cannot call $this->getPagePermsClause(1); as usual because the group-list is not available at this point. But bypassing is fine because all we want here is check if the workspace mounts are inside the current webmounts rootline. The actual permission checking on page level is done elsewhere as usual anyway before the page tree is rendered.
 
                                // Traverse mount points of the
-                       $mountPoints = t3lib_div::intExplode(',',$this->workspaceRec['db_mountpoints']);
-                       foreach($mountPoints as $mpId)  {
-                               if ($this->isInWebMount($mpId,$readPerms))      {
-                                       $newMounts[] = $mpId;
+                       $dbMountpoints = t3lib_div::intExplode(',', $dbMountpoints);
+                       foreach ($dbMountpoints as $mpId) {
+                               if ($this->isInWebMount($mpId, $readPerms)) {
+                                       $filteredDbMountpoints[] = $mpId;
                                }
                        }
 
                                // Re-insert webmounts:
-                       $this->groupData['webmounts'] = implode(',',array_unique($newMounts));
+                       $filteredDbMountpoints = array_unique($filteredDbMountpoints);
+                       $this->groupData['webmounts'] = implode(',', $filteredDbMountpoints);
                }
 
-                       // Setting up the file mount points of the (custom) workspace, if any:
-               if ($this->workspace!==0)       $this->groupData['filemounts'] = array();
-               if ($this->workspace>0 && trim($this->workspaceRec['file_mountpoints'])!=='')   {
+                       // Filtering the file mountpoints
+                       // if there some selected in the workspace record
+               if ($this->workspace !== 0) {
+                       $usersFileMounts = $this->groupData['filemounts'];
+                       $this->groupData['filemounts'] = array();
+               }
+               $fileMountpoints = trim($this->workspaceRec['file_mountpoints']);
+               if ($this->workspace > 0) {
 
-                               // Processing filemounts
-                       $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('*', 'sys_filemounts', 'deleted=0 AND hidden=0 AND pid=0 AND uid IN ('.$GLOBALS['TYPO3_DB']->cleanIntList($this->workspaceRec['file_mountpoints']).')');
-                       while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res))      {
-                               $this->addFileMount($row['title'], $row['path'], $row['path'], $row['base']?1:0, '');
+                               // no custom filemounts that should serve as filter
+                               // so all user mountpoints are re-applied
+                       if ($fileMountpoints === '') {
+                               $this->groupData['filemounts'] = $usersFileMounts;
+                       } else {
+                                       // Fetching all filemounts from the workspace
+                               $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
+                                       '*',
+                                       'sys_filemounts',
+                                       'deleted = 0 AND hidden = 0 AND pid = 0 AND uid IN (' . $GLOBALS['TYPO3_DB']->cleanIntList($fileMountpoints) . ')'
+                               );
+
+                               while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
+                                               // add every filemount of this workspace record
+                                       $this->addFileMount($row['title'], $row['path'], $row['path'], ($row['base'] ? 1 : 0), '');
+
+                                               // get the added entry, and check if it was in the users' original filemounts
+                                               // if not, remove it from the new filemount list again
+                                               // see self::addFileMount
+                                       end($this->groupData['filemounts']);
+                                       $md5hash = key($this->groupData['filemounts']);
+                                       if (!array_key_exists($md5hash, $usersFileMounts)) {
+                                               unset($this->groupData['filemounts'][$md5hash]);
+                                       }
+                               }
                        }
                }
 
@@ -1620,9 +1672,15 @@ class t3lib_userAuthGroup extends t3lib_userAuth {
                                        break;
                                        default:
                                                        // Checking if the guy is admin:
-                                               if (t3lib_div::inList($wsRec['adminusers'],$this->user['uid'])) {
+                                               if (t3lib_div::inList($wsRec['adminusers'], 'be_users_' . $this->user['uid'])) {
                                                        return array_merge($wsRec, array('_ACCESS' => 'owner'));
                                                }
+                                                       // Checking if he is owner through a user group of his:
+                                               foreach ($this->userGroupsUID as $groupUid) {
+                                                       if (t3lib_div::inList($wsRec['adminusers'], 'be_groups_' . $groupUid)) {
+                                                               return array_merge($wsRec, array('_ACCESS' => 'owner'));
+                                                       }
+                                               }
                                                        // Checking if he is reviewer user:
                                                if (t3lib_div::inList($wsRec['reviewers'],'be_users_'.$this->user['uid']))      {
                                                        return array_merge($wsRec, array('_ACCESS' => 'reviewer'));
@@ -1870,4 +1928,4 @@ if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/class
        include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_userauthgroup.php']);
 }
 
-?>
\ No newline at end of file
+?>