Fixed bug #13493: Cleanup return value in t3lib_userauthgroup check() (Thanks to...
[Packages/TYPO3.CMS.git] / t3lib / class.t3lib_userauthgroup.php
old mode 100755 (executable)
new mode 100644 (file)
index 7e1149c..82c991e
@@ -2,7 +2,7 @@
 /***************************************************************
 *  Copyright notice
 *
-*  (c) 1999-2008 Kasper Skaarhoj (kasperYYYY@typo3.com)
+*  (c) 1999-2009 Kasper Skaarhoj (kasperYYYY@typo3.com)
 *  All rights reserved
 *
 *  This script is part of the TYPO3 project. The TYPO3 project is
@@ -99,8 +99,6 @@
  *
  */
 
-       // Need this for parsing User TSconfig
-require_once (PATH_t3lib.'class.t3lib_tsparser.php');
 
 
 
@@ -424,7 +422,7 @@ class t3lib_userAuthGroup extends t3lib_userAuth {
 
 
                        // Acquire RTE object:
-               $RTE = &t3lib_BEfunc::RTEgetObj();
+               $RTE = t3lib_BEfunc::RTEgetObj();
                if (!is_object($RTE))   {
                        $this->RTE_errors = array_merge($this->RTE_errors, $RTE);
                }
@@ -446,12 +444,13 @@ class t3lib_userAuthGroup extends t3lib_userAuth {
         * @param       string          String to search for in the groupData-list
         * @return      boolean         True if permission is granted (that is, the value was found in the groupData list - or the BE_USER is "admin")
         */
-       function check($type,$value)    {
-               if (isset($this->groupData[$type]))     {
-                       if ($this->isAdmin() || $this->inList($this->groupData[$type],$value)) {
-                               return 1;
+       function check($type, $value) {
+               if (isset($this->groupData[$type])) {
+                       if ($this->isAdmin() || $this->inList($this->groupData[$type], $value)) {
+                               return TRUE;
                        }
                }
+               return FALSE;
        }
 
        /**
@@ -473,7 +472,7 @@ class t3lib_userAuthGroup extends t3lib_userAuth {
                if (!strcmp($value,'')) return TRUE;
 
                        // Certain characters are not allowed in the value
-               if (ereg('[:|,]',$value))       {
+               if (preg_match('/[:|,]/',$value))       {
                        return FALSE;
                }
 
@@ -540,6 +539,42 @@ class t3lib_userAuthGroup extends t3lib_userAuth {
        }
 
        /**
+        * Check if user has access to all existing localizations for a certain record
+        *
+        * @param string        the table
+        * @param array         the current record
+        * @return boolean
+        */
+       function checkFullLanguagesAccess($table, $record) {
+               $recordLocalizationAccess = $this->checkLanguageAccess(0);
+               if ($recordLocalizationAccess && t3lib_BEfunc::isTableLocalizable($table)) {
+
+                       $pointerField = $GLOBALS['TCA'][$table]['ctrl']['transOrigPointerField'];
+
+                       $recordLocalizations = t3lib_BEfunc::getRecordsByField(
+                               $table,
+                               $pointerField,
+                               $record[$pointerField] > 0 ? $record[$pointerField] : $record['uid'],
+                               '',
+                               '',
+                               '',
+                               '1'
+                       );
+
+                       if (is_array($recordLocalizations)) {
+                               foreach($recordLocalizations as $localization) {
+                                       $recordLocalizationAccess = $recordLocalizationAccess && $this->checkLanguageAccess($localization[$GLOBALS['TCA'][$table]['ctrl']['languageField']]);
+                                       if (!$recordLocalizationAccess) {
+                                               break;
+                                       }
+                               }
+                       }
+
+               }
+               return $recordLocalizationAccess;
+       }
+
+       /**
         * Checking if a user has editing access to a record from a $TCA table.
         * The checks does not take page permissions and other "environmental" things into account. It only deal with record internals; If any values in the record fields disallows it.
         * For instance languages settings, authMode selector boxes are evaluated (and maybe more in the future).
@@ -549,9 +584,11 @@ class t3lib_userAuthGroup extends t3lib_userAuth {
         * @param       string          Table name
         * @param       mixed           If integer, then this is the ID of the record. If Array this just represents fields in the record.
         * @param       boolean         Set, if testing a new (non-existing) record array. Will disable certain checks that doesn't make much sense in that context.
+        * @param       boolean         Set, if testing a deleted record array.
+        * @param       boolean         Set, whenever access to all translations of the record is required
         * @return      boolean         True if OK, otherwise false
         */
-       function recordEditAccessInternals($table,$idOrRow,$newRecord=FALSE)    {
+       function recordEditAccessInternals($table, $idOrRow, $newRecord = FALSE, $deletedRecord = FALSE, $checkFullLanguageAccess = FALSE) {
                global $TCA;
 
                if (isset($TCA[$table]))        {
@@ -562,7 +599,11 @@ class t3lib_userAuthGroup extends t3lib_userAuth {
 
                                // Fetching the record if the $idOrRow variable was not an array on input:
                        if (!is_array($idOrRow))        {
-                               $idOrRow = t3lib_BEfunc::getRecord($table, $idOrRow);
+                               if ($deletedRecord) {
+                                       $idOrRow = t3lib_BEfunc::getRecord($table, $idOrRow, '*', '', FALSE);
+                               } else {
+                                       $idOrRow = t3lib_BEfunc::getRecord($table, $idOrRow);
+                               }
                                if (!is_array($idOrRow))        {
                                        $this->errorMsg = 'ERROR: Record could not be fetched.';
                                        return FALSE;
@@ -575,6 +616,9 @@ class t3lib_userAuthGroup extends t3lib_userAuth {
                                        if (!$this->checkLanguageAccess($idOrRow[$TCA[$table]['ctrl']['languageField']]))       {
                                                $this->errorMsg = 'ERROR: Language was not allowed.';
                                                return FALSE;
+                                       } elseif ($checkFullLanguageAccess && $idOrRow[$TCA[$table]['ctrl']['languageField']]==0 && !$this->checkFullLanguagesAccess($table, $idOrRow)) {
+                                               $this->errorMsg = 'ERROR: Related/affected language was not allowed.';
+                                               return FALSE;
                                        }
                                } else {
                                        $this->errorMsg = 'ERROR: The "languageField" field named "'.$TCA[$table]['ctrl']['languageField'].'" was not found in testing record!';
@@ -658,7 +702,19 @@ class t3lib_userAuthGroup extends t3lib_userAuth {
         * @return      boolean
         */
        function mayMakeShortcut()      {
-               return $this->getTSConfigVal('options.shortcutFrame') && !$this->getTSConfigVal('options.mayNotCreateEditShortcuts');
+                       // If the old BE is used (maybe with some parameters),
+                       // check for options.enableShortcuts and options.shortcutFrame being set.
+               if (substr($this->getTSConfigVal('auth.BE.redirectToURL'), 0, 12) == 'alt_main.php') {
+                       return $this->getTSConfigVal('options.enableShortcuts') &&
+                               $this->getTSConfigVal('options.shortcutFrame') &&
+                               !$this->getTSConfigVal('options.mayNotCreateEditShortcuts');
+               }
+                       // If the new BE is used, don't check options.shortcutFrame,
+                       // because this is not used there anymore.
+               else {
+                       return $this->getTSConfigVal('options.enableShortcuts') &&
+                               !$this->getTSConfigVal('options.mayNotCreateEditShortcuts');
+               }
        }
 
        /**
@@ -1027,7 +1083,11 @@ class t3lib_userAuthGroup extends t3lib_userAuth {
         * @return      integer         File operation permission bitmask
         */
        public function getFileoperationPermissions() {
-               return $this->groupData['fileoper_perms'];
+               if ($this->isAdmin()) {
+                       return 31;
+               } else {
+                       return $this->groupData['fileoper_perms'];
+               }
        }
 
        /**
@@ -1141,19 +1201,30 @@ class t3lib_userAuthGroup extends t3lib_userAuth {
                                // Check include lines.
                        $this->TSdataArray = t3lib_TSparser::checkIncludeLines_array($this->TSdataArray);
 
-                               // Parsing the user TSconfig (or getting from cache)
                        $this->userTS_text = implode(chr(10).'[GLOBAL]'.chr(10),$this->TSdataArray);    // Imploding with "[global]" will make sure that non-ended confinements with braces are ignored.
-                       $hash = md5('userTS:'.$this->userTS_text);
-                       $cachedContent = t3lib_BEfunc::getHash($hash);
-                       if (isset($cachedContent) && !$this->userTS_dontGetCached)      {
-                               $this->userTS = unserialize($cachedContent);
+
+                       if ($GLOBALS['TYPO3_CONF_VARS']['BE']['TSconfigConditions'] && !$this->userTS_dontGetCached) {
+                                       // Perform TS-Config parsing with condition matching
+                               $parseObj = t3lib_div::makeInstance('t3lib_TSparser_TSconfig');
+                               $res = $parseObj->parseTSconfig($this->userTS_text, 'userTS');
+                               if ($res) {
+                                       $this->userTS = $res['TSconfig'];
+                                       $this->userTSUpdated = ($res['cached'] ? 0 : 1);
+                               }
                        } else {
-                               $parseObj = t3lib_div::makeInstance('t3lib_TSparser');
-                               $parseObj->parse($this->userTS_text);
-                               $this->userTS = $parseObj->setup;
-                               t3lib_BEfunc::storeHash($hash,serialize($this->userTS),'BE_USER_TSconfig');
-                                       // Update UC:
-                               $this->userTSUpdated=1;
+                                       // Parsing the user TSconfig (or getting from cache)
+                               $hash = md5('userTS:' . $this->userTS_text);
+                               $cachedContent = t3lib_BEfunc::getHash($hash);
+                               if (isset($cachedContent) && !$this->userTS_dontGetCached) {
+                                       $this->userTS = unserialize($cachedContent);
+                               } else {
+                                       $parseObj = t3lib_div::makeInstance('t3lib_TSparser');
+                                       $parseObj->parse($this->userTS_text);
+                                       $this->userTS = $parseObj->setup;
+                                       t3lib_BEfunc::storeHash($hash, serialize($this->userTS), 'BE_USER_TSconfig');
+                                               // Update UC:
+                                       $this->userTSUpdated=1;
+                               }
                        }
 
                                // Processing webmounts
@@ -1162,9 +1233,11 @@ class t3lib_userAuthGroup extends t3lib_userAuth {
                        }
 
                                // Processing filemounts
+                       t3lib_div::loadTCA('sys_filemounts');
+                       $orderBy = $GLOBALS['TCA']['sys_filemounts']['ctrl']['default_sortby'] ? $GLOBALS['TYPO3_DB']->stripOrderBy($GLOBALS['TCA']['sys_filemounts']['ctrl']['default_sortby']) : 'sorting';
                        $this->dataLists['filemount_list'] = t3lib_div::uniqueList($this->dataLists['filemount_list']);
                        if ($this->dataLists['filemount_list']) {
-                               $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('*', 'sys_filemounts', 'deleted=0 AND hidden=0 AND pid=0 AND uid IN ('.$this->dataLists['filemount_list'].')');
+                               $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('*', 'sys_filemounts', 'deleted=0 AND hidden=0 AND pid=0 AND uid IN ('.$this->dataLists['filemount_list'].')', '', $orderBy);
                                while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res))      {
                                        $this->addFileMount($row['title'], $row['path'], $row['path'], $row['base']?1:0, '');
                                }
@@ -1225,12 +1298,12 @@ class t3lib_userAuthGroup extends t3lib_userAuth {
 
                        // Hook for manipulation of the WHERE sql sentence which controls which BE-groups are included
                if (is_array ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['fetchGroupQuery'])) {
-                   foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['fetchGroupQuery'] as $classRef) {
-                       $hookObj = &t3lib_div::getUserObj($classRef);
+                       foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['fetchGroupQuery'] as $classRef) {
+                       $hookObj = t3lib_div::getUserObj($classRef);
                        if(method_exists($hookObj,'fetchGroupQuery_processQuery')){
-                           $whereSQL = $hookObj->fetchGroupQuery_processQuery($this, $grList, $idList, $whereSQL);
+                               $whereSQL = $hookObj->fetchGroupQuery_processQuery($this, $grList, $idList, $whereSQL);
+                       }
                        }
-                   }
                }
 
                $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('*', $this->usergroup_table, $whereSQL);
@@ -1453,6 +1526,11 @@ class t3lib_userAuthGroup extends t3lib_userAuth {
                                $this->addFileMount($row['title'], $row['path'], $row['path'], $row['base']?1:0, '');
                        }
                }
+
+               if ($allowed_languages = $this->getTSConfigVal('options.workspaces.allowed_languages.'.$this->workspace))       {
+                       $this->groupData['allowed_languages'] = $allowed_languages;
+                       $this->groupData['allowed_languages'] = t3lib_div::uniqueList($this->groupData['allowed_languages']);
+               }
        }
 
        /**
@@ -1697,7 +1775,7 @@ class t3lib_userAuthGroup extends t3lib_userAuth {
                if ($email)     {
 
                                // get last flag set in the log for sending
-                       $theTimeBack = time()-$secondsBack;
+                       $theTimeBack = $GLOBALS['EXEC_TIME'] - $secondsBack;
                        $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
                                                        'tstamp',
                                                        'sys_log',