Documentation TYPO3 par Ameos

t3lib_userAuthGroup Class Reference

Inheritance diagram for t3lib_userAuthGroup:

Inheritance graph
Collaboration diagram for t3lib_userAuthGroup:

Collaboration graph
List of all members.

Public Member Functions

 isAdmin ()
 isMemberOfGroup ($groupId)
 doesUserHaveAccess ($row, $perms)
 isInWebMount ($id, $readPerms='', $exitOnError=0)
 modAccess ($conf, $exitOnError)
 getPagePermsClause ($perms)
 calcPerms ($row)
 isRTE ()
 check ($type, $value)
 checkAuthMode ($table, $field, $value, $authMode)
 checkLanguageAccess ($langValue)
 recordEditAccessInternals ($table, $idOrRow)
 isPSet ($lCP, $table, $type='')
 mayMakeShortcut ()
 getTSConfig ($objectString, $config='')
 getTSConfigVal ($objectString)
 getTSConfigProp ($objectString)
 inList ($in_list, $item)
 returnWebmounts ()
 returnFilemounts ()
 fetchGroupData ()
 fetchGroups ($grList, $idList='')
 setCachedList ($cList)
 addFileMount ($title, $altTitle, $path, $webspace, $type)
 addTScomment ($str)
 writelog ($type, $action, $error, $details_nr, $details, $data, $tablename='', $recuid='', $recpid='', $event_pid=-1, $NEWid='')
 checkLogFailures ($email, $secondsBack=3600, $max=3)

Public Attributes

 $usergroup_column = 'usergroup'
 $usergroup_table = 'be_groups'
 $userGroups = Array()
 $userGroupsUID = Array()
 $groupList = ''
 $includeHierarchy = array()
 $includeGroupArray = array()
 $OS = ''
 $TSdataArray = array()
 $userTS_text = ''
 $userTS = array()
 $userTSUpdated = 0
 $userTS_dontGetCached = 0
 $RTE_errors = array()
 $errorMsg = ''

Detailed Description

Definition at line 115 of file class.t3lib_userauthgroup.php.

Member Function Documentation

t3lib_userAuthGroup::addFileMount title,

Adds a filemount to the users array of filemounts, $this->groupData['filemounts'][hash_key] = Array ('name'=>$name, 'path'=>$path, 'type'=>$type); Is a part of the authentication proces of the user. A final requirement for a path being mounted is that a) it MUST return true on is_dir(), b) must contain either PATH_site+'fileadminDir' OR 'lockRootPath' - if lockRootPath is set - as first part of string! Paths in the mounted information will always be absolute and have a trailing slash.

string $title will be the (root)name of the filemount in the folder tree
string $altTitle will be the (root)name of the filemount IF $title is not true (blank or zero)
string $path is the path which should be mounted. Will accept backslash in paths on windows servers (will substituted with forward slash). The path should be 1) relative to TYPO3_CONF_VARS[BE][fileadminDir] if $webspace is set, otherwise absolute.
boolean If $webspace is set, the $path is relative to 'fileadminDir' in TYPO3_CONF_VARS, otherwise $path is absolute. 'fileadminDir' must be set to allow mounting of relative paths.
string Type of filemount; Can be blank (regular) or "user" / "group" (for user and group filemounts presumably). Probably sets the icon first and foremost.
boolean Returns "1" if the requested filemount was mounted, otherwise no return value. private

Definition at line 923 of file class.t3lib_userauthgroup.php.

References t3lib_div::isFirstPartOfStr(), and t3lib_div::validPathStr().

t3lib_userAuthGroup::addTScomment str  ) 

Creates a TypoScript comment with the string text inside.

string The text to wrap in comment prefixes and delimiters.
string TypoScript comment with the string text inside.

Definition at line 970 of file class.t3lib_userauthgroup.php.

References t3lib_div::trimExplode().

t3lib_userAuthGroup::calcPerms row  ) 

Returns a combined binary representation of the current users permissions for the page-record, $row. The perms for user, group and everybody is OR'ed together (provided that the page-owner is the user and for the groups that the user is a member of the group If the user is admin, 31 is returned (full permissions for all five flags)

array Input page row with all perms_* fields available.
integer Bitwise representation of the users permissions in relation to input page row, $row

Definition at line 329 of file class.t3lib_userauthgroup.php.

References t3lib_div::callUserFunction().

Referenced by doesUserHaveAccess().

t3lib_userAuthGroup::check type,

Returns true if the $value is found in the list in a $this->groupData[] index pointed to by $type (array key). Can thus be users to check for modules, exclude-fields, select/modify permissions for tables etc. If user is admin true is also returned Please see the document Inside TYPO3 for examples.

string The type value; "webmounts", "filemounts", "pagetypes_select", "tables_select", "tables_modify", "non_exclude_fields", "modules"
string String to search for in the groupData-list
boolean True if permission is granted (that is, the value was found in the groupData list - or the BE_USER is "admin")

Definition at line 401 of file class.t3lib_userauthgroup.php.

Referenced by t3lib_tsfeBeUserAuth::ext_makeToolBar(), and modAccess().

t3lib_userAuthGroup::checkAuthMode table,

Checking the authMode of a select field with authMode set

string Table name
string Field name (must be configured in TCA and of type "select" with authMode set!)
string Value to evaluation (single value, must not contain any of the chars ":,|")
string Auth mode keyword (explicitAllow, explicitDeny, individual)
boolean True or false whether access is granted or not.

Definition at line 418 of file class.t3lib_userauthgroup.php.

References t3lib_div::loadTCA().

t3lib_userAuthGroup::checkLanguageAccess langValue  ) 

Checking if a language value (-1, 0 and >0 for sys_language records) is allowed to be edited by the user.

integer Language value to evaluate
boolean Returns true if the language value is allowed, otherwise false.

Definition at line 484 of file class.t3lib_userauthgroup.php.

t3lib_userAuthGroup::checkLogFailures email,
secondsBack = 3600,
max = 3

Sends a warning to $email if there has been a certain amount of failed logins during a period. If a login fails, this function is called. It will look up the sys_log to see if there has been more than $max failed logins the last $secondsBack seconds (default 3600). If so, an email with a warning is sent to $email.

string Email address
integer Number of sections back in time to check. This is a kind of limit for how many failures an hour for instance.
integer Max allowed failures before a warning mail is sent
void private

Definition at line 1050 of file class.t3lib_userauthgroup.php.

t3lib_userAuthGroup::doesUserHaveAccess row,

Checks if the permissions is granted based on a page-record ($row) and $perms (binary and'ed)

Bits for permissions, see $perms variable:

1 - Show: See/Copy page and the pagecontent. 16- Edit pagecontent: Change/Add/Delete/Move pagecontent. 2- Edit page: Change/Move the page, eg. change title, startdate, hidden. 4- Delete page: Delete the page and pagecontent. 8- New pages: Create new pages under the page.

array $row is the pagerow for which the permissions is checked
integer $perms is the binary representation of the permission we are going to check. Every bit in this number represents a permission that must be set. See function explanation.
boolean True or False upon evaluation

Definition at line 210 of file class.t3lib_userauthgroup.php.

References calcPerms().

Referenced by t3lib_tsfeBeUserAuth::extPageReadAccess().

t3lib_userAuthGroup::fetchGroupData  ) 

Initializes a lot of stuff like the access-lists, database-mountpoints and filemountpoints This method is called by ->backendCheckLogin() (from extending class t3lib_beuserauth) if the backend user login has verified OK.

void private
See also:

Definition at line 715 of file class.t3lib_userauthgroup.php.

References t3lib_TSparser::checkIncludeLines_array(), t3lib_BEfunc::getHash(), t3lib_extMgm::isLoaded(), t3lib_div::makeInstance(), t3lib_BEfunc::storeHash(), and t3lib_div::uniqueList().

Referenced by t3lib_beUserAuth::backendCheckLogin().

t3lib_userAuthGroup::fetchGroups grList,
idList = ''

Fetches the group records, subgroups and fills internal arrays. Function is called recursively to fetch subgroups

string Commalist of be_groups uid numbers
string List of already processed be_groups-uids so the function will not fall into a eternal recursion.
void private

Definition at line 831 of file class.t3lib_userauthgroup.php.

References t3lib_div::getIndpEnv().

t3lib_userAuthGroup::getPagePermsClause perms  ) 

Returns a WHERE-clause for the pages-table where user permissions according to input argument, $perms, is validated. $perms is the 'mask' used to select. Fx. if $perms is 1 then you'll get all pages that a user can actually see! 2^0 = show (1) 2^1 = edit (2) 2^2 = delete (4) 2^3 = new (8) If the user is 'admin' " 1=1" is returned (no effect) If the user is not set at all (->user is not an array), then " 1=0" is returned (will cause no selection results at all) The 95% use of this function is "->getPagePermsClause(1)" which will return WHERE clauses for *selecting* pages in backend listings - in other words will this check read permissions.

integer Permission mask to use, see function description
string Part of where clause. Prefix " AND " to this.

Definition at line 290 of file class.t3lib_userauthgroup.php.

References t3lib_div::callUserFunction(), and isAdmin().

Referenced by t3lib_tsfeBeUserAuth::extGetCategory_cache(), t3lib_tsfeBeUserAuth::extGetCategory_publish(), t3lib_tsfeBeUserAuth::extSaveFeAdminConfig(), isInWebMount(), and local_beUserAuth::returnWebmounts().

t3lib_userAuthGroup::getTSConfig objectString,
config = ''

Returns the value/properties of a TS-object as given by $objectString, eg. 'options.dontMountAdminMounts' Nice (general!) function for returning a part of a TypoScript array!

string Pointer to an "object" in the TypoScript array, fx. 'options.dontMountAdminMounts'
array Optional TSconfig array: If array, then this is used and not $this->userTS. If not array, $this->userTS is used.
array An array with two keys, "value" and "properties" where "value" is a string with the value of the objectsting and "properties" is an array with the properties of the objectstring. array An array with the TypoScript where the $objectString is located. If this argument is not an array, then internal ->userTS (User TSconfig for the current BE_USER) will be used instead.

Definition at line 614 of file class.t3lib_userauthgroup.php.

t3lib_userAuthGroup::getTSConfigProp objectString  ) 

Returns the "properties" of the $objectString from the BE_USERS "User TSconfig" array

string Object string, eg. "somestring.someproperty.somesubproperty"
array The properties for that object string (object path) - if any
See also:

Definition at line 652 of file class.t3lib_userauthgroup.php.

Referenced by t3lib_beUserAuth::backendSetUC(), t3lib_tsfeBeUserAuth::extInitFeAdmin(), and t3lib_beUserAuth::overrideUC().

t3lib_userAuthGroup::getTSConfigVal objectString  ) 

Returns the "value" of the $objectString from the BE_USERS "User TSconfig" array

string Object string, eg. "somestring.someproperty.somesubproperty"
string The value for that object string (object path)
See also:

Definition at line 640 of file class.t3lib_userauthgroup.php.

Referenced by t3lib_beUserAuth::checkLockToIP(), and t3lib_tsfeBeUserAuth::extGetCategory_edit().

t3lib_userAuthGroup::inList in_list,

Returns true if $item is in $in_list

string Comma list with items, no spaces between items!
string The string to find in the list of items
string Boolean

Definition at line 664 of file class.t3lib_userauthgroup.php.

Referenced by isMemberOfGroup().

t3lib_userAuthGroup::isAdmin  ) 

Returns true if user is admin Basically this function evaluates if the ->user[admin] field has bit 0 set. If so, user is admin.


Definition at line 176 of file class.t3lib_userauthgroup.php.

Referenced by t3lib_beUserAuth::backendCheckLogin(), t3lib_tsfeBeUserAuth::checkBackendAccessSettingsFromInitPhp(), t3lib_beUserAuth::checkCLIuser(), t3lib_beUserAuth::emailAtLogin(), local_beUserAuth::ext_printOverview(), getPagePermsClause(), isInWebMount(), and modAccess().

t3lib_userAuthGroup::isInWebMount id,
readPerms = '',
exitOnError = 0

Checks if the page id, $id, is found within the webmounts set up for the user. This should ALWAYS be checked for any page id a user works with, whether it's about reading, writing or whatever. The point is that this will add the security that a user can NEVER touch parts outside his mounted pages in the page tree. This is otherwise possible if the raw page permissions allows for it. So this security check just makes it easier to make safe user configurations. If the user is admin OR if this feature is disabled (fx. by setting TYPO3_CONF_VARS['BE']['lockBeUserToDBmounts']=0) then it returns "1" right away Otherwise the function will return the uid of the webmount which was first found in the rootline of the input page $id

integer Page ID to check
string Content of "->getPagePermsClause(1)" (read-permissions). If not set, they will be internally calculated (but if you have the correct value right away you can save that database lookup!)
boolean If set, then the function will exit with an error message.
integer The page UID of a page in the rootline that matched a mount point

Definition at line 227 of file class.t3lib_userauthgroup.php.

References t3lib_userAuth::$id, t3lib_BEfunc::BEgetRootLine(), getPagePermsClause(), isAdmin(), returnWebmounts(), and t3lib_BEfunc::typo3PrintError().

Referenced by t3lib_tsfeBeUserAuth::extPageReadAccess().

t3lib_userAuthGroup::isMemberOfGroup groupId  ) 

Returns true if the current user is a member of group $groupId $groupId must be set. $this->groupList must contain groups Will return true also if the user is a member of a group through subgroups.

integer Group ID to look for in $this->groupList

Definition at line 188 of file class.t3lib_userauthgroup.php.

References inList().

t3lib_userAuthGroup::isPSet lCP,
type = ''

Will check a type of permission against the compiled permission integer, $lCP, and in relation to table, $table

integer $lCP could typically be the "compiled permissions" integer returned by ->calcPerms
string $table is the tablename to check: If "pages" table then edit,new,delete and editcontent permissions can be checked. Other tables will be checked for "editcontent" only (and $type will be ignored)
string For $table='pages' this can be 'edit' (2), 'new' (8 or 16), 'delete' (4), 'editcontent' (16). For all other tables this is ignored. (16 is used)
boolean private

Definition at line 569 of file class.t3lib_userauthgroup.php.

t3lib_userAuthGroup::isRTE  ) 

Returns true if the RTE (Rich Text Editor) can be enabled for the user Strictly this is not permissions being checked but rather a series of settings like a loaded extension, browser/client type and a configuration option in ->uc[edit_RTE] The reasons for a FALSE return can be found in $this->RTE_errors


Definition at line 367 of file class.t3lib_userauthgroup.php.

References t3lib_BEfunc::RTEgetObj().

t3lib_userAuthGroup::mayMakeShortcut  ) 

Returns true if the BE_USER is allowed to *create* shortcuts in the backend modules


Definition at line 586 of file class.t3lib_userauthgroup.php.

t3lib_userAuthGroup::modAccess conf,

Checks access to a backend module with the $MCONF passed as first argument

array $MCONF array of a backend module!
boolean If set, an array will issue an error message and exit.
boolean Will return true if $MCONF['access'] is not set at all, if the BE_USER is admin or if the module is enabled in the be_users/be_groups records of the user (specifically enabled). Will return false if the module name is not even found in $TBE_MODULES

Definition at line 254 of file class.t3lib_userauthgroup.php.

References check(), isAdmin(), t3lib_BEfunc::isModuleSetInTBE_MODULES(), and t3lib_BEfunc::typo3PrintError().

t3lib_userAuthGroup::recordEditAccessInternals table,

Checking if a user has editing access to a record from a $TCA table. The checks does not take page permissions and other "environmental" things into account. It only deal with record internals; If any values in the record fields disallows it. For instance languages settings, authMode selector boxes are evaluated (and maybe more in the future). The function takes an ID (integer) or row (array) as second argument.

string Table name
mixed If integer, then this is the ID of the record. If Array this just represents fields in the record.
boolean True if OK, otherwise false

Definition at line 504 of file class.t3lib_userauthgroup.php.

References t3lib_BEfunc::getRecord(), and t3lib_div::loadTCA().

t3lib_userAuthGroup::returnFilemounts  ) 

Returns an array with the filemounts for the user. Each filemount is represented with an array of a "name", "path" and "type". If no filemounts an empty array is returned.


Definition at line 685 of file class.t3lib_userauthgroup.php.

Referenced by local_beUserAuth::ext_printOverview().

t3lib_userAuthGroup::returnWebmounts  ) 

Returns an array with the webmounts. If no webmounts, and empty array is returned. NOTICE: Deleted pages WILL NOT be filtered out! So if a mounted page has been deleted it is STILL coming out as a webmount. This is not checked due to performance.


Definition at line 675 of file class.t3lib_userauthgroup.php.

Referenced by local_beUserAuth::ext_printOverview(), and isInWebMount().

t3lib_userAuthGroup::setCachedList cList  ) 

Updates the field be_users.usergroup_cached_list if the groupList of the user has changed/is different from the current list. The field "usergroup_cached_list" contains the list of groups which the user is a member of. After authentication (where these functions are called...) one can depend on this list being a representation of the exact groups/subgroups which the BE_USER has membership with.

string The newly compiled group-list which must be compared with the current list in the user record and possibly stored if a difference is detected.
void private

Definition at line 903 of file class.t3lib_userauthgroup.php.

t3lib_userAuthGroup::writelog type,
tablename = '',
recuid = '',
recpid = '',
event_pid = -1,
NEWid = ''

Writes an entry in the logfile ... Still missing documentation for syntax etc...

integer $type: denotes which module that has submitted the entry. This is the current list: 1=tce_db; 2=tce_file; 3=system (eg. sys_history save); 4=modules; 254=Personal settings changed; 255=login / out action: 1=login, 2=logout, 3=failed login (+ errorcode 3), 4=failure_warning_email sent
denotes which specific operation that wrote the entry (eg. 'delete', 'upload', 'update' and so on...). Specific for each
type. Also used to trigger update of the interface. (see the log-module for the meaning of each number !!)
integer $error: flag. 0 = message, 1 = error (user problem), 2 = System Error (which should not happen), 3 = security notice (admin)
The message number. Specific for each
type and $action. in the future this will make it possible to translate errormessages to other languages
string $details: Default text that follows the message
array $data: Data that follows the log. Might be used to carry special information. If an array the first 5 entries (0-4) will be sprintf'ed the details-text...
Special field used by tce_main.php. These (
tablename, $recuid, $recpid) holds the reference to the record which the log-entry is about. (Was used in attic status.php to update the interface.)
Special field used by tce_main.php. These (
tablename, $recuid, $recpid) holds the reference to the record which the log-entry is about. (Was used in attic status.php to update the interface.)
Special field used by tce_main.php. These (
tablename, $recuid, $recpid) holds the reference to the record which the log-entry is about. (Was used in attic status.php to update the interface.)
integer $event_pid: The page_uid (pid) where the event occurred. Used to select log-content for specific pages.
string $NEWid: NEWid string

Definition at line 1017 of file class.t3lib_userauthgroup.php.

References t3lib_div::getIndpEnv().

Member Data Documentation


Initial value:

array(                          // Used internally to accumulate data for the user-group. DONT USE THIS EXTERNALLY! Use $this->groupData instead
                'allowed_languages' => '',
                'custom_options' => '',

Definition at line 127 of file class.t3lib_userauthgroup.php.


Initial value:

 Array(                         // This array holds lists of eg. tables, fields and other values related to the permission-system. See fetchGroupData
                'filemounts' => Array()                 // Filemounts are loaded here

Definition at line 120 of file class.t3lib_userauthgroup.php.

The documentation for this class was generated from the following file:

Généré par Les spécialistes TYPO3 avec  doxygen 1.4.6