[BUGFIX] Ignore permission checks for processed files 96/23196/3
authorHelmut Hummel <helmut.hummel@typo3.org>
Wed, 14 Aug 2013 14:49:55 +0000 (16:49 +0200)
committerStefan Neufeind <typo3.neufeind@speedpartner.de>
Wed, 21 Aug 2013 11:29:37 +0000 (13:29 +0200)
It must be possible that processed files are generated
even if the user has read only permissions on a storage.

Additionally add a method to Storage, to specifically
update a processed file with a local file.

Resolves: #51209
Releases: 6.0, 6.1, 6.2

Change-Id: I847b02f070c55647e06695c1c70b0b7e8e238177
Reviewed-on: https://review.typo3.org/23196
Reviewed-by: Frans Saris
Tested-by: Frans Saris
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
typo3/sysext/core/Classes/Resource/ProcessedFile.php
typo3/sysext/core/Classes/Resource/ResourceStorage.php

index 3020855..0176889 100644 (file)
@@ -191,8 +191,7 @@ class ProcessedFile extends AbstractFile {
                        throw new \RuntimeException('Cannot update original file!', 1350582054);
                }
                // TODO this should be more generic (in fact it only works for local file paths)
-               $addedFile = $this->storage->addFile($filePath, $this->storage->getProcessingFolder(), $this->name, 'replace');
-               $addedFile->setIndexable(FALSE);
+               $addedFile = $this->storage->updateProcessedFile($filePath, $this);
 
                // Update some related properties
                $this->identifier = $addedFile->getIdentifier();
index 7ebb154..b3ef004 100644 (file)
@@ -572,13 +572,14 @@ class ResourceStorage {
         * @return boolean
         */
        public function checkFileActionPermission($action, FileInterface $file) {
+               $isProcessedFile = $file instanceof ProcessedFile;
                // Check 1: Does the user have permission to perform the action? e.g. "readFile"
-               if ($this->checkUserActionPermission($action, 'File') === FALSE) {
+               if (!$isProcessedFile && $this->checkUserActionPermission($action, 'File') === FALSE) {
                        return FALSE;
                }
-               // Check 2: Does the user has the right to perform the action?
+               // Check 2: Does the user have the right to perform the action?
                // (= is he within the file mount borders)
-               if (is_array($this->fileMounts) && count($this->fileMounts) && !$this->isWithinFileMountBoundaries($file)) {
+               if (!$isProcessedFile && is_array($this->fileMounts) && count($this->fileMounts) && !$this->isWithinFileMountBoundaries($file)) {
                        return FALSE;
                }
                $isReadCheck = FALSE;
@@ -724,6 +725,24 @@ class ResourceStorage {
        }
 
        /**
+        * Updates a processed file with a new file from the local filesystem.
+        *
+        * @param $localFilePath
+        * @param ProcessedFile $processedFile
+        * @return FileInterface
+        * @throws \InvalidArgumentException
+        * @internal use only
+        */
+       public function updateProcessedFile($localFilePath, ProcessedFile $processedFile) {
+               if (!file_exists($localFilePath)) {
+                       throw new \InvalidArgumentException('File "' . $localFilePath . '" does not exist.', 1319552745);
+               }
+               $file = $this->driver->addFile($localFilePath, $this->getProcessingFolder(), $processedFile->getName());
+               $file->setIndexable(FALSE);
+               return $file;
+       }
+
+       /**
         * Creates a (cryptographic) hash for a file.
         *
         * @param FileInterface $fileObject