Added feature #4203: Workspace DB / filemounts should narrow down the users' mounts...
authorBenni Mack <benni.mack@typo3.org>
Wed, 17 Nov 2010 08:38:31 +0000 (08:38 +0000)
committerBenni Mack <benni.mack@typo3.org>
Wed, 17 Nov 2010 08:38:31 +0000 (08:38 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/trunk@9427 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
t3lib/class.t3lib_userauthgroup.php
typo3/sysext/version/ws/index.php

index 6ccbeaf..1d5b91e 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2010-11-17  Benjamin Mack  <benni@typo3.org>
+
+       * Added feature #4203: Workspace DB / filemounts should narrow down the users' mounts (Thanks to Sonja Scholz)
+
 2010-11-17  Susanne Moog  <typo3@susanne-moog.de>
 
        * Added feature #16284: Optimize stdWrap usage for TypoScript content element LOAD_REGISTER (Thanks to Jo Hasenau)
index ed093e0..fe82127 100644 (file)
@@ -1525,33 +1525,59 @@ class t3lib_userAuthGroup extends t3lib_userAuth {
                        // Initializing workspace by evaluating and setting the workspace, possibly updating it in the user record!
                $this->setWorkspace($this->user['workspace_id']);
 
-                       // Setting up the db mount points of the (custom) workspace, if any:
-               if ($this->workspace>0 && trim($this->workspaceRec['db_mountpoints'])!=='')     {
-
-                               // Initialize:
-                       $newMounts = array();
+                       // Limiting the DB mountpoints if there any selected in the workspace record
+               $dbMountpoints = trim($this->workspaceRec['db_mountpoints']);
+               if ($this->workspace > 0 && $dbMountpoints != '') {
+                       $filteredDbMountpoints = array();
                        $readPerms = '1=1'; // Notice: We cannot call $this->getPagePermsClause(1); as usual because the group-list is not available at this point. But bypassing is fine because all we want here is check if the workspace mounts are inside the current webmounts rootline. The actual permission checking on page level is done elsewhere as usual anyway before the page tree is rendered.
 
                                // Traverse mount points of the
-                       $mountPoints = t3lib_div::intExplode(',',$this->workspaceRec['db_mountpoints']);
-                       foreach($mountPoints as $mpId)  {
-                               if ($this->isInWebMount($mpId,$readPerms))      {
-                                       $newMounts[] = $mpId;
+                       $dbMountpoints = t3lib_div::intExplode(',', $dbMountpoints);
+                       foreach ($dbMountpoints as $mpId) {
+                               if ($this->isInWebMount($mpId, $readPerms)) {
+                                       $filteredDbMountpoints[] = $mpId;
                                }
                        }
 
                                // Re-insert webmounts:
-                       $this->groupData['webmounts'] = implode(',',array_unique($newMounts));
+                       $filteredDbMountpoints = array_unique($filteredDbMountpoints);
+                       $this->groupData['webmounts'] = implode(',', $filteredDbMountpoints);
                }
 
-                       // Setting up the file mount points of the (custom) workspace, if any:
-               if ($this->workspace!==0)       $this->groupData['filemounts'] = array();
-               if ($this->workspace>0 && trim($this->workspaceRec['file_mountpoints'])!=='')   {
+                       // Filtering the file mountpoints
+                       // if there some selected in the workspace record
+               if ($this->workspace !== 0) {
+                       $usersFileMounts = $this->groupData['filemounts'];
+                       $this->groupData['filemounts'] = array();
+               }
+               $fileMountpoints = trim($this->workspaceRec['file_mountpoints']);
+               if ($this->workspace > 0) {
 
-                               // Processing filemounts
-                       $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('*', 'sys_filemounts', 'deleted=0 AND hidden=0 AND pid=0 AND uid IN ('.$GLOBALS['TYPO3_DB']->cleanIntList($this->workspaceRec['file_mountpoints']).')');
-                       while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res))      {
-                               $this->addFileMount($row['title'], $row['path'], $row['path'], $row['base']?1:0, '');
+                               // no custom filemounts that should serve as filter
+                               // so all user mountpoints are re-applied
+                       if ($fileMountpoints === '') {
+                               $this->groupData['filemounts'] = $usersFileMounts;
+                       } else {
+                                       // Fetching all filemounts from the workspace
+                               $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
+                                       '*',
+                                       'sys_filemounts',
+                                       'deleted = 0 AND hidden = 0 AND pid = 0 AND uid IN (' . $GLOBALS['TYPO3_DB']->cleanIntList($fileMountpoints) . ')'
+                               );
+
+                               while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
+                                               // add every filemount of this workspace record
+                                       $this->addFileMount($row['title'], $row['path'], $row['path'], ($row['base'] ? 1 : 0), '');
+
+                                               // get the added entry, and check if it was in the users' original filemounts
+                                               // if not, remove it from the new filemount list again
+                                               // see self::addFileMount
+                                       end($this->groupData['filemounts']);
+                                       $md5hash = key($this->groupData['filemounts']);
+                                       if (!array_key_exists($md5hash, $usersFileMounts)) {
+                                               unset($this->groupData['filemounts'][$md5hash]);
+                                       }
+                               }
                        }
                }
 
index b4ddaed..6a8f66a 100755 (executable)
@@ -735,47 +735,53 @@ class SC_mod_user_ws_index extends t3lib_SCbase {
         * @return      string          Generated HTML
         */
        function workspaceList_getWebMountPoints(&$wksp)        {
-               if ($wksp['uid'] <= 0) {
-                       // system workspaces
-                       return $GLOBALS['LANG']->getLL($wksp['uid'] == 0 ? 'workspace_list_db_mount_point_live' : 'workspace_list_db_mount_point_draft');
+               if ($wksp['uid'] == -1) {
+                               // draft workspace
+                       return $GLOBALS['LANG']->getLL('workspace_list_db_mount_point_draft');
+               } else if ($wksp['uid'] == 0) {
+                               // live workspace
+                       return $GLOBALS['LANG']->getLL('workspace_list_db_mount_point_live');
+               }
+               // -- here only if obtaining mount points for custom workspaces
+
+                       // We need to fetch user's mount point list (including MPS mounted from groups).
+                       // This list must not be affects by current user's workspace. It means we cannot use
+                       // $BE_USER->isInWebMount() to check mount points.
+               $mountpointList = $GLOBALS['BE_USER']->groupData['webmounts'];
+                       // If there are DB mountpoints in the workspace record,
+                       // then only show the ones that are allowed there (and that are in the users' webmounts) 
+               if (trim($wksp['db_mountpoints'])) {
+                       $userMountpoints = explode(',', $mountpointList);
+                               // now filter the users' to only keep the mountpoints 
+                               // that are also in the workspaces' db_mountpoints
+                       $workspaceMountpoints = explode(',', $wksp['db_mountpoints']);
+                       $filteredMountpoints = array_intersect($userMountpoints, $workspaceMountpoints);
+                       $mountpointList = implode(',', $filteredMountpoints);
                }
 
-               // here only if obtaining mount points for custom workspaces
+               $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
+                       '*',    // All fields needed for t3lib_iconWorks::getSpriteIconForRecord()
+                       'pages',
+                       'deleted = 0 AND uid IN (' . $GLOBALS['TYPO3_DB']->cleanIntList($mountpointList) . ')',
+                       '',
+                       'title'
+               );
 
-               // Warning: all fields needed for t3lib_iconWorks::getIconImage()!
-               $MPs = $GLOBALS['TYPO3_DB']->exec_SELECTgetRows('*', 'pages', 'deleted=0 AND uid IN (' . $GLOBALS['TYPO3_DB']->cleanIntList($wksp['db_mountpoints']) . ')', '', 'title');
-               $content_array = array();
-               if (count($MPs) > 0)    {
-                       $isAdmin = $GLOBALS['BE_USER']->isAdmin();
-                       if (!$isAdmin) {
-                               // We need to fetch user's mount point list (including MPS mounted from groups).
-                               // This list must not be affects by current user's workspace. It means we cannot use
-                               // $BE_USER->isInWebMount() to check mount points.
-                               $userMPs = explode(',', $GLOBALS['BE_USER']->dataLists['webmount_list']); // includes group data if necessary!
-                       }
-                       foreach ($MPs as $mp)   {
-                               if (!$isAdmin && !in_array($mp['uid'], $userMPs)) {
-                                       // Show warning icon
-                                       $title = $GLOBALS['LANG']->getLL('workspace_list_mount_point_inaccessible');
-                                       $str = t3lib_iconWorks::getSpriteIcon('status-warning');
-                                       $classAttr = 'class="ver-wl-mp-inacessible" ';
-                               }
-                               else {
-                                       // normal icon
-                                       $str = t3lib_iconWorks::getIconImage('pages', $mp, $GLOBALS['BACK_PATH'], ' align="absmiddle"');
-                                       $classAttr = '';
-                               }
-                               // Will show UID on hover. Just convinient to user.
-                               $content_array[] = $str . '<span ' . $classAttr . 'title="UID: ' . $mp['uid'] . '">' . $mp['title'] . '</span>';
-                       }
+               $content = array();
+               while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
+                               // will show UID on hover. Just convinient to user.
+                       $content[] = t3lib_iconWorks::getSpriteIconForRecord('pages', $row) . '<span title="UID: ' . $row['uid'] . '">' . $row['title'] . '</span>';
                }
-               if (count($content_array) > 0) {
-                       return implode('<br />', $content_array);
+
+               if (count($content)) {
+                       return implode('<br />', $content);
+               } else {
+                               // no mount points
+                       return $GLOBALS['LANG']->getLL('workspace_list_db_mount_point_custom');
                }
-               // no mount points
-               return $GLOBALS['LANG']->getLL('workspace_list_db_mount_point_custom');
        }
 
+
        /**
         * Retrieves and formats file mount points lists.
         *
@@ -784,48 +790,49 @@ class SC_mod_user_ws_index extends t3lib_SCbase {
         */
        function workspaceList_getFileMountPoints(&$wksp)       {
                if ($wksp['uid'] == -1) {
-                       // draft workspace - none!
+                               // draft workspace - none!
                        return $GLOBALS['LANG']->getLL('workspace_list_file_mount_point_draft');
-               }
-               else if ($wksp['uid'] == 0) {
-                       // live workspace
+               } else if ($wksp['uid'] == 0) {
+                               // live workspace
                        return $GLOBALS['LANG']->getLL('workspace_list_file_mount_point_live');
                }
+               // -- here only if displaying information for custom workspace
+
+                       // We need to fetch user's mount point list (including MPS mounted from groups).
+                       // This list must not be affects by current user's workspace. It means we cannot use
+                       // $BE_USER->isInWebMount() to check mount points.
+               $mountpointList = implode(',', $GLOBALS['BE_USER']->groupData['filemounts']);
+                       // If there are file mountpoints in the workspace record,
+                       // then only show the ones that are allowed there (and that are in the users' file mounts) 
+               if (trim($wksp['file_mountpoints'])) {
+                       $userMountpoints = explode(',', $mountpointList);
+                               // now filter the users' to only keep the mountpoints 
+                               // that are also in the workspaces' file_mountpoints
+                       $workspaceMountpoints = explode(',', $wksp['file_mountpoints']);
+                       $filteredMountpoints = array_intersect($userMountpoints, $workspaceMountpoints);
+                       $mountpointList = implode(',', $filteredMountpoints);
+               }
 
-               // Here if displaying information for custom workspace
-
-               // Warning: all fields needed for t3lib_iconWorks::getIconImage()!
-               $MPs = $GLOBALS['TYPO3_DB']->exec_SELECTgetRows('*', 'sys_filemounts', 'deleted=0 AND hidden=0 AND uid IN (' . $GLOBALS['TYPO3_DB']->cleanIntList($wksp['file_mountpoints']) . ')', '', 'title');
-               if (count($MPs) != 0)   {
-                       // Has mount points
-                       $isAdmin = $GLOBALS['BE_USER']->isAdmin();
-                       if (!$isAdmin) {
-                               // We need to fetch user's mount point list (including MPS mounted from groups).
-                               // This list must not be affects by current user's workspace. It means we cannot use
-                               // $BE_USER->isInWebMount() to check mount points.
-                               $userMPs = explode(',', $GLOBALS['BE_USER']->dataLists['filemount_list']); // includes group data if necessary!
-                       }
-                       foreach ($MPs as $mp)   {
-                               if (!$isAdmin && !in_array($mp['uid'], $userMPs)) {
-                                       // Show warning icon
-                                       $title = $GLOBALS['LANG']->getLL('workspace_list_mount_point_inaccessible');
-                                       $str = t3lib_iconWorks::getSpriteIcon('status-warning');
-                                       $classAttr = 'class="ver-wl-mp-inacessible" ';
-                               }
-                               else {
-                                       // normal icon
-                                       $str = t3lib_iconWorks::getIconImage('sys_filemounts', $mp, $GLOBALS['BACK_PATH'], ' align="absmiddle"');
-                                       $classAttr = '';
-                               }
-                               // Will show UID on hover. Just convinient to user.
-                               $content_array[] = $str . '<span ' . $classAttr . 'title="UID: ' . $mp['uid'] . '">' . $mp['title'] . '</span>';
-                       }
+               $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
+                       '*',    // All fields needed for t3lib_iconWorks::getSpriteIconForRecord()
+                       'sys_filemounts',
+                       'deleted = 0 AND hidden=0 AND uid IN (' . $GLOBALS['TYPO3_DB']->cleanIntList($mountpointList) . ')',
+                       '',
+                       'title'
+               );
+
+               $content = array();
+               while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
+                               // will show UID on hover. Just convinient to user.
+                       $content[] = t3lib_iconWorks::getSpriteIconForRecord('sys_filemounts', $row) . '<span title="UID: ' . $row['uid'] . '">' . $row['title'] . '</span>';
                }
-               if (count($content_array) > 0) {
-                       return implode('<br />', $content_array);
+
+               if (count($content)) {
+                       return implode('<br />', $content);
+               } else {
+                               // no mount points
+                       return $GLOBALS['LANG']->getLL('workspace_list_file_mount_point_custom');
                }
-               // No file mount points
-               return $GLOBALS['LANG']->getLL('workspace_list_file_mount_point_custom');
        }
 
        /**