Commit 5384f3b1 authored by Fabio Stegmeyer's avatar Fabio Stegmeyer

[TASK] Remove access checks for fallbacks

parent 6798f9a4
<?php
namespace TYPO3\Languagevisibility\Hook;
/***************************************************************
* Copyright notice
*
* (c) 2009 AOE media <dev@aoemedia.de>
* All rights reserved
*
* This script is part of the TYPO3 project. The TYPO3 project is
* free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* The GNU General Public License can be found at
* http://www.gnu.org/copyleft/gpl.html.
*
* This script is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* This copyright notice MUST APPEAR in all copies of the script!
***************************************************************/#
use Exception;
use TYPO3\CMS\Backend\Controller\EditDocumentController;
use TYPO3\CMS\Backend\Form\FormDataProvider\DatabaseUserPermissionCheck;
use TYPO3\CMS\Backend\Utility\BackendUtility;
use TYPO3\Languagevisibility\Service\BackendServices;
/**
* Class/Function which manipulates the item-array for the listing (see piFlexform).
*
* @author Fabrizio Brance
* @author Timo Schmidt
*/
class AlternativeDocumentHook {
/**
* @param array $params
* @param DatabaseUserPermissionCheck $permissionCheck
* @param EditDocumentController|null $ref
* @return bool
* @throws Exception
*/
public function makeEditForm_accessCheck(
array $params, DatabaseUserPermissionCheck $permissionCheck, EditDocumentController $ref = NULL
): bool {
if ($params['hasAccess']) {
return TRUE;
}
// user wants to edit/create page record but has no access to default language
$hasAccess = FALSE;
if ($params['table'] === 'pages' && !$GLOBALS['BE_USER']->checkLanguageAccess(0)) {
$row = BackendUtility::getRecord($params['table'], $params['uid']);
if ($row !== NULL && BackendServices::hasUserAccessToPageRecord($row, $params['cmd'])) {
$hasAccess = TRUE;
}
}
return $hasAccess;
}
}
<?php
namespace TYPO3\Languagevisibility\Hook;
/***************************************************************
* Copyright notice
*
* (c) 2010 Tolleiv Nietsch <nietsch@aoemedia.de>
* All rights reserved
*
* This script is part of the TYPO3 project. The TYPO3 project is
* free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* The GNU General Public License can be found at
* http://www.gnu.org/copyleft/gpl.html.
*
* This script is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* This copyright notice MUST APPEAR in all copies of the script!
***************************************************************/
use Exception;
use TYPO3\Languagevisibility\Service\BackendServices;
/**
* Class UserAuthGroupHook
*
* @author Tolleiv
* @package TYPO3
* @version $Id:$
*/
class UserAuthGroupHook {
/**
*
* @param array $params
* @param object $ref
* @return bool
* @throws Exception
*/
public function checkFullLanguagesAccess($params, $ref): bool {
if (isset($params['recordLocalizationAccess']) && $params['recordLocalizationAccess']) {
// so far the user had access to all existing overlay-languages
return BackendServices::hasUserAccessToEditRecord($params['table'], $params['row']['uid']);
}
return $params['recordLocalizationAccess'];
}
}
......@@ -125,121 +125,6 @@ class BackendServices extends AbstractServices {
return $result;
}
/**
* checks if the current BE_USER has access to the page record:
* that is the case if:
* a) new page created -> always because then the languagevisibility is set to never for all languages where the user has no access
* b) edit page record: only if the record is only visible in languages where the user has access to
* b.1) also if the languages that are visible and falls back to allowed languages
* c) delete: same as for edit (only if user has access to all visible languages)
*
* @param array $row
* @param string $cmd
* @return bool
* @throws Exception
*/
public static function hasUserAccessToPageRecord(array $row, string $cmd = 'edit'): bool {
if ($cmd === 'new') {
return TRUE;
}
$siteFinder = GeneralUtility::makeInstance(SiteFinder::class);
try {
$site = $siteFinder->getSiteByPageId($row['uid']);
} catch (\Exception $e) {
return FALSE;
}
$availableLanguages = $site->getAllLanguages();
foreach ($availableLanguages as $language) {
if (self::isVisible($row, 'pages', $language->getLanguageId())) {
if (!$GLOBALS['BE_USER']->checkLanguageAccess($language->getLanguageId())) {
//no access to a visible language: check fallbacks
$isInFallback = FALSE;
$fallbacks = $language->getFallbackLanguageIds();
foreach ($fallbacks as $lId) {
if ($GLOBALS['BE_USER']->checkLanguageAccess($lId)) {
$isInFallback = TRUE;
continue;
}
}
if (!$isInFallback) {
return FALSE;
}
}
}
}
return TRUE;
}
/**
* checks if the current BE_USER has access to a record:
* that is the case if:
* a) new page created -> always because then the languagevisibility is set to never for all languages where the user has no access
* b) edit page record: only if the record is only visible in languages where the user has access to
*
* @param string $table
* @param array $row
* @return bool
* @throws Exception
*/
public static function hasUserAccessToEditRecord(string $table, array $row): bool {
if (!self::isSupportedTable($table)) {
return TRUE;
}
if (self::isOverlayRecord($row, $table)) {
if ($GLOBALS['BE_USER']->checkLanguageAccess($row['sys_language_uid'])) {
return TRUE;
}
return FALSE;
}
$siteFinder = GeneralUtility::makeInstance(SiteFinder::class);
if ($table === 'pages') {
$pid = $row['uid'];
} else {
$pid = $row['pid'];
}
try {
$site = $siteFinder->getSiteByPageId($pid);
} catch (\Exception $e) {
return FALSE;
}
$availableLanguages = $site->getAllLanguages();
foreach ($availableLanguages as $language) {
if (self::isVisible($row, $table, $language->getLanguageId())) {
if (!$GLOBALS['BE_USER']->checkLanguageAccess($language->getLanguageId())) {
// no access to a visible language: check fallbacks
$isInFallback = FALSE;
$fallbacks = $language->getFallbackLanguageIds();
foreach ($fallbacks as $lId) {
if ($GLOBALS['BE_USER']->checkLanguageAccess($lId)) {
// TODO - write testcase - this can't be right
$isInFallback = TRUE;
continue;
}
}
if (!$isInFallback) {
return FALSE;
}
}
}
}
return TRUE;
}
/**
* Method to check if the translatedAsDefaultEnabled is enabled or not
*
......
......@@ -21,12 +21,6 @@ call_user_func(
$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_page.php']['getRecordOverlay']['languagevisibility'] =
\TYPO3\Languagevisibility\Hook\PageHook::class;
$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['checkFullLanguagesAccess']['languagevisibility'] =
\TYPO3\Languagevisibility\Hook\UserAuthGroupHook::class . '->checkFullLanguagesAccess';
$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['typo3/alt_doc.php']['makeEditForm_accessCheck']['languagevisibility'] =
\TYPO3\Languagevisibility\Hook\AlternativeDocumentHook::class . '->makeEditForm_accessCheck';
$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['cms/tslib/class.tslib_menu.php']['filterMenuPages']['languagevisibility'] =
\TYPO3\Languagevisibility\Hook\MenuHook::class;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment