[BUGFIX] Ext Direct API lacks the possibility of adding access control
authorStefan Galinski <stefan.galinski@gmail.com>
Wed, 27 Jul 2011 10:51:19 +0000 (12:51 +0200)
committerOliver Hader <oliver@typo3.org>
Wed, 27 Jul 2011 10:52:37 +0000 (12:52 +0200)
Change-Id: I15498ca3623701f3a11f1a8c41f0ea99cbb918a4
Resolves: #25307
Reviewed-on: http://review.typo3.org/3781
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
t3lib/class.t3lib_extmgm.php
t3lib/config_default.php
t3lib/extjs/class.t3lib_extjs_extdirectapi.php
t3lib/extjs/class.t3lib_extjs_extdirectrouter.php
t3lib/stddb/tables.php
typo3/sysext/em/ext_tables.php
typo3/sysext/workspaces

index ae68cc2..9076ce1 100644 (file)
@@ -750,6 +750,23 @@ final class t3lib_extMgm {
        }
 
        /**
+        * Registers an Ext.Direct component with access restrictions.
+        *
+        * @param string $endpointName
+        * @param string $callbackClass
+        * @param string $moduleName optional: must be <mainmodule> or <mainmodule>_<submodule>
+        * @param string $accessLevel optional: can be 'admin' or 'user,group'
+        * @return void
+        */
+       public static function registerExtDirectComponent($endpointName, $callbackClass, $moduleName = NULL, $accessLevel = NULL) {
+               $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ExtDirect'][$endpointName] = array(
+                       'callbackClass' => $callbackClass,
+                       'moduleName' => $moduleName,
+                       'accessLevel' => $accessLevel,
+               );
+       }
+
+       /**
         * Adds a module path to TBE_MODULES for used with the module dispatcher, mod.php
         * Used only for modules that are not placed in the main/sub menu hierarchy by the traditional mechanism of addModule()
         * Examples for this is context menu functionality (like import/export) which runs as an independent module through mod.php
index 4f3a78f..de2cfd5 100644 (file)
@@ -613,15 +613,6 @@ $TYPO3_CONF_VARS = array(
                                'default' => 't3lib/class.t3lib_frontendedit.php:t3lib_frontendedit'
                        )
                ),
-               'ExtDirect' => array(   // array of key value pairs (provider -> location:className) that holds the classes for the ExtDirect functionality
-                       'TYPO3.CSH.ExtDirect' => 't3lib/extjs/dataprovider/class.extdirect_dataprovider_contexthelp.php:extDirect_DataProvider_ContextHelp',
-                       'TYPO3.LiveSearchActions.ExtDirect' => 't3lib/extjs/dataprovider/class.extdirect_dataprovider_backendlivesearch.php:extDirect_DataProvider_BackendLiveSearch',
-                       'TYPO3.BackendUserSettings.ExtDirect' => 't3lib/extjs/dataprovider/class.extdirect_dataprovider_beusersettings.php:extDirect_DataProvider_BackendUserSettings',
-                       'TYPO3.ExtDirectStateProvider.ExtDirect' => 't3lib/extjs/dataprovider/class.extdirect_dataprovider_state.php:extDirect_DataProvider_State',
-                       'TYPO3.Components.PageTree.DataProvider' => 't3lib/tree/pagetree/extdirect/class.t3lib_tree_pagetree_extdirect_tree.php:t3lib_tree_pagetree_extdirect_Tree',
-                       'TYPO3.Components.PageTree.Commands' => 't3lib/tree/pagetree/extdirect/class.t3lib_tree_pagetree_extdirect_tree.php:t3lib_tree_pagetree_extdirect_Commands',
-                       'TYPO3.Components.PageTree.ContextMenuDataProvider' => 't3lib/contextmenu/pagetree/extdirect/class.t3lib_contextmenu_pagetree_extdirect_contextmenu.php:t3lib_contextmenu_pagetree_extdirect_ContextMenu',
-               ),
        ),
        'EXTCONF' => array(             // Here you may add manually set configuration options for your extensions. Eg. $TYPO3_CONF_VARS['EXTCONF']['my_extension_key']['my_option'] = 'my_value';
 //             '--key--' => array()
@@ -632,6 +623,52 @@ $TYPO3_CONF_VARS = array(
 //             Eg.  ...['service_type']['service_key']['my_option'] = 'my_value';
        )
 );
+
+if (TYPO3_MODE === 'BE') {
+       t3lib_extMgm::registerExtDirectComponent(
+               'TYPO3.Components.PageTree.DataProvider',
+               PATH_t3lib . 'tree/pagetree/extdirect/class.t3lib_tree_pagetree_extdirect_tree.php:t3lib_tree_pagetree_extdirect_Tree',
+               'web',
+               'user,group'
+       );
+
+       t3lib_extMgm::registerExtDirectComponent(
+               'TYPO3.Components.PageTree.Commands',
+               PATH_t3lib . 'tree/pagetree/extdirect/class.t3lib_tree_pagetree_extdirect_tree.php:t3lib_tree_pagetree_extdirect_Commands',
+               'web',
+               'user,group'
+       );
+
+       t3lib_extMgm::registerExtDirectComponent(
+               'TYPO3.Components.PageTree.ContextMenuDataProvider',
+               PATH_t3lib . 'contextmenu/pagetree/extdirect/class.t3lib_contextmenu_pagetree_extdirect_contextmenu.php:t3lib_contextmenu_pagetree_extdirect_ContextMenu',
+               'web',
+               'user,group'
+       );
+
+       t3lib_extMgm::registerExtDirectComponent(
+               'TYPO3.LiveSearchActions.ExtDirect',
+               PATH_t3lib . 'extjs/dataprovider/class.extdirect_dataprovider_backendlivesearch.php:extDirect_DataProvider_BackendLiveSearch',
+               'web_list',
+               'user,group'
+       );
+
+       t3lib_extMgm::registerExtDirectComponent(
+               'TYPO3.BackendUserSettings.ExtDirect',
+               PATH_t3lib . 'extjs/dataprovider/class.extdirect_dataprovider_beusersettings.php:extDirect_DataProvider_BackendUserSettings'
+       );
+
+       t3lib_extMgm::registerExtDirectComponent(
+               'TYPO3.CSH.ExtDirect',
+               PATH_t3lib . 'extjs/dataprovider/class.extdirect_dataprovider_contexthelp.php:extDirect_DataProvider_ContextHelp'
+       );
+
+       t3lib_extMgm::registerExtDirectComponent(
+               'TYPO3.ExtDirectStateProvider.ExtDirect',
+               PATH_t3lib . 'extjs/dataprovider/class.extdirect_dataprovider_state.php:extDirect_DataProvider_State'
+       );
+}
+
 $T3_VAR = array();     // Initialize.
 
        // TYPO3 version
index b840512..8cce304 100644 (file)
@@ -103,7 +103,7 @@ class t3lib_extjs_ExtDirectApi {
        protected function generateAPI(array $filterNamespaces) {
                $javascriptNamespaces = array();
                if (is_array($this->settings)) {
-                       foreach ($this->settings as $javascriptName => $className) {
+                       foreach ($this->settings as $javascriptName => $configuration) {
                                $splittedJavascriptName = explode('.', $javascriptName);
                                $javascriptObjectName = array_pop($splittedJavascriptName);
                                $javascriptNamespace = implode('.', $splittedJavascriptName);
@@ -122,6 +122,17 @@ class t3lib_extjs_ExtDirectApi {
                                        );
                                }
 
+                               if (is_array($configuration)) {
+                                       $className = $configuration['callbackClass'];
+                               } else {
+                                       t3lib_div::deprecationLog('ExtDirect (Namespace: ' . $javascriptName .
+                                               '): Registration code changed. Use the API method t3lib_extMgm::registerExtDirectComponent(). ' .
+                                               'More Information: http://wiki.typo3.org/ExtDirect ' .
+                                               'Will be removed in 4.7.'
+                                       );
+                                       $className = $configuration;
+                               }
+
                                $serverObject = t3lib_div::getUserObj($className, FALSE);
                                $javascriptNamespaces[$javascriptNamespace]['actions'][$javascriptObjectName] = array();
                                foreach (get_class_methods($serverObject) as $methodName) {
index 3247392..30664dd 100644 (file)
@@ -144,16 +144,38 @@ class t3lib_extjs_ExtDirectRouter {
        protected function processRpc($singleRequest, $namespace) {
                $endpointName = $namespace . '.' . $singleRequest->action;
 
-                       // theoretically this can never happen, because of an javascript error on
-                       // the client side due the missing namespace/endpoint
-               if (!isset($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ExtDirect'][$endpointName])) {
-                       throw new UnexpectedValueException('ExtDirect: Call to undefined endpoint: ' . $endpointName);
+               if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ExtDirect'][$endpointName])) {
+                       if (!isset($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ExtDirect'][$endpointName]['callbackClass'])) {
+                               throw new UnexpectedValueException('ExtDirect: Call to undefined endpoint: ' . $endpointName);
+                       }
+
+                       $callbackClass = $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ExtDirect'][$endpointName]['callbackClass'];
+                       $configuration = $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ExtDirect'][$endpointName];
+
+                       if (!is_null($configuration['moduleName']) && !is_null($configuration['accessLevel'])) {
+                               $GLOBALS['BE_USER']->modAccess(
+                                       array(
+                                               'name' => $configuration['moduleName'],
+                                               'access' => $configuration['accessLevel'],
+                                       ),
+                                       TRUE
+                               );
+                       }
+
+               } else {
+                       if (!isset($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ExtDirect'][$endpointName])) {
+                               throw new UnexpectedValueException('ExtDirect: Call to undefined endpoint: ' . $endpointName);
+                       }
+
+                       $callbackClass = $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ExtDirect'][$endpointName];
+                       debug('ExtDirect (Namespace: ' . $endpointName .
+                               '): Registration code changed. Use the API method t3lib_extMgm::registerExtDirectComponent(). ' .
+                               'More Information: http://wiki.typo3.org/ExtDirect' .
+                               'Will be removed in 4.7.'
+                       );
                }
 
-               $endpointObject = t3lib_div::getUserObj(
-                       $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ExtDirect'][$endpointName],
-                       FALSE
-               );
+               $endpointObject = t3lib_div::getUserObj($callbackClass, FALSE);
 
                return call_user_func_array(
                        array($endpointObject, $singleRequest->method),
index 0d2ef5c..03e60b2 100644 (file)
@@ -358,9 +358,7 @@ $TBE_MODULES = array(
 );
 
        // register the pagetree core navigation component
-t3lib_extMgm::addCoreNavigationComponent('web', 'typo3-pagetree', array(
-       'TYPO3.Components.PageTree'
-));
+t3lib_extMgm::addCoreNavigationComponent('web', 'typo3-pagetree');
 
 /**
  * $TBE_STYLES configures backend styles and colors; Basically this contains all the values that can be used to create new skins for TYPO3.
index 0b43783..e301064 100644 (file)
@@ -5,9 +5,21 @@ if (!defined ('TYPO3_MODE')) {
 
 if (TYPO3_MODE === 'BE') {
        t3lib_extMgm::addModule('tools', 'em', '', t3lib_extMgm::extPath($_EXTKEY) . 'classes/');
+
                // register Ext.Direct
-       $TYPO3_CONF_VARS['SC_OPTIONS']['ExtDirect']['TYPO3.EM.ExtDirect'] = t3lib_extMgm::extPath($_EXTKEY) . 'classes/connection/class.tx_em_connection_extdirectserver.php:tx_em_Connection_ExtDirectServer';
-       $TYPO3_CONF_VARS['SC_OPTIONS']['ExtDirect']['TYPO3.EMSOAP.ExtDirect'] = t3lib_extMgm::extPath($_EXTKEY) . 'classes/connection/class.tx_em_connection_extdirectsoap.php:tx_em_Connection_ExtDirectSoap';
+       t3lib_extMgm::registerExtDirectComponent(
+               'TYPO3.EM.ExtDirect',
+               t3lib_extMgm::extPath($_EXTKEY) . 'classes/connection/class.tx_em_connection_extdirectserver.php:tx_em_Connection_ExtDirectServer',
+               'tools_em',
+               'admin'
+       );
+
+       t3lib_extMgm::registerExtDirectComponent(
+               'TYPO3.EMSOAP.ExtDirect',
+               t3lib_extMgm::extPath($_EXTKEY) . 'classes/connection/class.tx_em_connection_extdirectsoap.php:tx_em_Connection_ExtDirectSoap',
+               'tools_em',
+               'admin'
+       );
 
                // register reports check
        $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['reports']['tx_reports']['status']['providers']['Extension Manager'][] = 'tx_em_reports_ExtensionStatus';
index 795d325..b387b0e 160000 (submodule)
@@ -1 +1 @@
-Subproject commit 795d3257c4a3a04346c945c11466c7c564c96a05
+Subproject commit b387b0eeb63e08aff9d46a2de96734e7a909af6a