Documentation TYPO3 par Ameos

class.t3lib_userauthgroup.php

00001 <?php
00002 /***************************************************************
00003 *  Copyright notice
00004 *
00005 *  (c) 1999-2006 Kasper Skaarhoj (kasperYYYY@typo3.com)
00006 *  All rights reserved
00007 *
00008 *  This script is part of the TYPO3 project. The TYPO3 project is
00009 *  free software; you can redistribute it and/or modify
00010 *  it under the terms of the GNU General Public License as published by
00011 *  the Free Software Foundation; either version 2 of the License, or
00012 *  (at your option) any later version.
00013 *
00014 *  The GNU General Public License can be found at
00015 *  http://www.gnu.org/copyleft/gpl.html.
00016 *  A copy is found in the textfile GPL.txt and important notices to the license
00017 *  from the author is found in LICENSE.txt distributed with these scripts.
00018 *
00019 *
00020 *  This script is distributed in the hope that it will be useful,
00021 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
00022 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00023 *  GNU General Public License for more details.
00024 *
00025 *  This copyright notice MUST APPEAR in all copies of the script!
00026 ***************************************************************/
00102         // Need this for parsing User TSconfig
00103 require_once (PATH_t3lib.'class.t3lib_tsparser.php');
00104 
00105 
00106 
00107 
00108 
00109 
00110 
00111 
00112 
00113 
00114 
00115 
00116 
00117 
00118 
00119 
00120 
00121 
00122 
00123 
00124 
00135 class t3lib_userAuthGroup extends t3lib_userAuth {
00136         var $usergroup_column = 'usergroup';            // Should be set to the usergroup-column (id-list) in the user-record
00137         var $usergroup_table = 'be_groups';                     // The name of the group-table
00138 
00139                 // internal
00140         var $groupData = Array(                         // This array holds lists of eg. tables, fields and other values related to the permission-system. See fetchGroupData
00141                 'filemounts' => Array()                 // Filemounts are loaded here
00142         );
00143         var $workspace = -99;                           // User workspace. -99 is ERROR (none available), -1 is offline, 0 is online, >0 is custom workspaces.
00144         var $workspaceRec = array();            // Custom workspace record if any
00145 
00146         var $userGroups = Array();                      // This array will hold the groups that the user is a member of
00147         var $userGroupsUID = Array();           // This array holds the uid's of the groups in the listed order
00148         var $groupList ='';                                     // This is $this->userGroupsUID imploded to a comma list... Will correspond to the 'usergroup_cached_list'
00149         var $dataLists=array(                           // Used internally to accumulate data for the user-group. DONT USE THIS EXTERNALLY! Use $this->groupData instead
00150                 'webmount_list'=>'',
00151                 'filemount_list'=>'',
00152                 'modList'=>'',
00153                 'tables_select'=>'',
00154                 'tables_modify'=>'',
00155                 'pagetypes_select'=>'',
00156                 'non_exclude_fields'=>'',
00157                 'explicit_allowdeny'=>'',
00158                 'allowed_languages' => '',
00159                 'workspace_perms' => '',
00160                 'custom_options' => '',
00161         );
00162         var $includeHierarchy=array();          // For debugging/display of order in which subgroups are included.
00163         var $includeGroupArray=array();         // List of group_id's in the order they are processed.
00164 
00165         var $OS='';                                                     // Set to 'WIN', if windows
00166         var $TSdataArray=array();                       // Used to accumulate the TSconfig data of the user
00167         var $userTS_text = '';                          // Contains the non-parsed user TSconfig
00168         var $userTS = array();                          // Contains the parsed user TSconfig
00169         var $userTSUpdated=0;                           // Set internally if the user TSconfig was parsed and needs to be cached.
00170         var $userTS_dontGetCached=0;            // Set this from outside if you want the user TSconfig to ALWAYS be parsed and not fetched from cache.
00171 
00172         var $RTE_errors = array();                      // RTE availability errors collected.
00173         var $errorMsg = '';                                     // Contains last error message
00174 
00175         var $checkWorkspaceCurrent_cache=NULL;  // Cache for checkWorkspaceCurrent()
00176 
00177 
00178 
00179 
00180 
00181 
00182 
00183 
00184 
00185 
00186 
00187         /************************************
00188          *
00189          * Permission checking functions:
00190          *
00191          ************************************/
00192 
00199         function isAdmin()      {
00200                 return (($this->user['admin']&1) ==1);
00201         }
00202 
00211         function isMemberOfGroup($groupId)      {
00212                 $groupId = intval($groupId);
00213                 if ($this->groupList && $groupId)       {
00214                         return $this->inList($this->groupList, $groupId);
00215                 }
00216         }
00217 
00233         function doesUserHaveAccess($row,$perms)        {
00234                 $userPerms = $this->calcPerms($row);
00235                 return ($userPerms & $perms)==$perms;
00236         }
00237 
00250         function isInWebMount($id,$readPerms='',$exitOnError=0) {
00251                 if (!$GLOBALS['TYPO3_CONF_VARS']['BE']['lockBeUserToDBmounts'] || $this->isAdmin())     return 1;
00252                 $id = intval($id);
00253 
00254                         // Check if input id is an offline version page in which case we will map id to the online version:
00255                 $checkRec = t3lib_beFUnc::getRecord('pages',$id,'pid,t3ver_oid');
00256                 if ($checkRec['pid']==-1)       {
00257                         $id = intval($checkRec['t3ver_oid']);
00258                 }
00259 
00260                 if (!$readPerms)        $readPerms = $this->getPagePermsClause(1);
00261                 if ($id>0)      {
00262                         $wM = $this->returnWebmounts();
00263                         $rL = t3lib_BEfunc::BEgetRootLine($id,' AND '.$readPerms);
00264 
00265                         foreach($rL as $v)      {
00266                                 if ($v['uid'] && in_array($v['uid'],$wM))       {
00267                                         return $v['uid'];
00268                                 }
00269                         }
00270                 }
00271                 if ($exitOnError)       {
00272                         t3lib_BEfunc::typo3PrintError ('Access Error','This page is not within your DB-mounts',0);
00273                         exit;
00274                 }
00275         }
00276 
00284         function modAccess($conf,$exitOnError)  {
00285                 if (!t3lib_BEfunc::isModuleSetInTBE_MODULES($conf['name']))     {
00286                         if ($exitOnError)       {
00287                                 t3lib_BEfunc::typo3PrintError ('Fatal Error','This module "'.$conf['name'].'" is not enabled in TBE_MODULES',0);
00288                                 exit;
00289                         }
00290                         return FALSE;
00291                 }
00292 
00293                         // Workspaces check:
00294                 if ($conf['workspaces'])        {
00295                         if (($this->workspace===0 && t3lib_div::inList($conf['workspaces'],'online')) ||
00296                                 ($this->workspace===-1 && t3lib_div::inList($conf['workspaces'],'offline')) ||
00297                                 ($this->workspace>0 && t3lib_div::inList($conf['workspaces'],'custom')))        {
00298                                         // ok, go on...
00299                         } else {
00300                                 if ($exitOnError)       {
00301                                         t3lib_BEfunc::typo3PrintError ('Workspace Error','This module "'.$conf['name'].'" is not available under the current workspace',0);
00302                                         exit;
00303                                 }
00304                                 return FALSE;
00305                         }
00306                 }
00307 
00308                         // Returns true if conf[access] is not set at all or if the user is admin
00309                 if (!$conf['access']  ||  $this->isAdmin()) return TRUE;
00310 
00311                         // If $conf['access'] is set but not with 'admin' then we return true, if the module is found in the modList
00312                 if (!strstr($conf['access'],'admin') && $conf['name'])  {
00313                         $acs = $this->check('modules',$conf['name']);
00314                 }
00315                 if (!$acs && $exitOnError)      {
00316                         t3lib_BEfunc::typo3PrintError ('Access Error','You don\'t have access to this module.',0);
00317                         exit;
00318                 } else return $acs;
00319         }
00320 
00335         function getPagePermsClause($perms)     {
00336                 global $TYPO3_CONF_VARS;
00337                 if (is_array($this->user))      {
00338                         if ($this->isAdmin())   {
00339                                 return ' 1=1';
00340                         }
00341 
00342                         $perms = intval($perms);        // Make sure it's integer.
00343                         $str= ' ('.
00344                                 '(pages.perms_everybody & '.$perms.' = '.$perms.')'.    // Everybody
00345                                 'OR(pages.perms_userid = '.$this->user['uid'].' AND pages.perms_user & '.$perms.' = '.$perms.')';       // User
00346                         if ($this->groupList)   {
00347                                 $str.= 'OR(pages.perms_groupid in ('.$this->groupList.') AND pages.perms_group & '.$perms.' = '.$perms.')';     // Group (if any is set)
00348                         }
00349                         $str.=')';
00350 
00351                         // ****************
00352                         // getPagePermsClause-HOOK
00353                         // ****************
00354                         if (is_array($TYPO3_CONF_VARS['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['getPagePermsClause'])) {
00355 
00356                                 foreach($TYPO3_CONF_VARS['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['getPagePermsClause'] as $_funcRef) {
00357                                         $_params = array('currentClause' => $str, 'perms' => $perms);
00358                                         $str = t3lib_div::callUserFunction($_funcRef, $_params, $this);
00359                                 }
00360                         }
00361 
00362                         return $str;
00363                 } else {
00364                         return ' 1=0';
00365                 }
00366         }
00367 
00376         function calcPerms($row)        {
00377                 global $TYPO3_CONF_VARS;
00378                 if ($this->isAdmin()) {return 31;}              // Return 31 for admin users.
00379 
00380                 $out=0;
00381                 if (isset($row['perms_userid']) && isset($row['perms_user']) && isset($row['perms_groupid']) && isset($row['perms_group']) && isset($row['perms_everybody']) && isset($this->groupList))        {
00382                         if ($this->user['uid']==$row['perms_userid'])   {
00383                                 $out|=$row['perms_user'];
00384                         }
00385                         if ($this->isMemberOfGroup($row['perms_groupid']))      {
00386                                 $out|=$row['perms_group'];
00387                         }
00388                         $out|=$row['perms_everybody'];
00389                 }
00390 
00391                 // ****************
00392                 // CALCPERMS hook
00393                 // ****************
00394                 if (is_array($TYPO3_CONF_VARS['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['calcPerms'])) {
00395                         foreach($TYPO3_CONF_VARS['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['calcPerms'] as $_funcRef) {
00396                                 $_params = array(
00397                                         'row' => $row,
00398                                         'outputPermissions' => $out
00399                                 );
00400                                 $out = t3lib_div::callUserFunction($_funcRef, $_params, $this);
00401                         }
00402                 }
00403 
00404                 return $out;
00405         }
00406 
00414         function isRTE()        {
00415                 global $CLIENT;
00416 
00417                         // Start:
00418                 $this->RTE_errors = array();
00419                 if (!$this->uc['edit_RTE'])
00420                         $this->RTE_errors[] = 'RTE is not enabled for user!';
00421                 if (!$GLOBALS['TYPO3_CONF_VARS']['BE']['RTEenabled'])
00422                         $this->RTE_errors[] = 'RTE is not enabled in $TYPO3_CONF_VARS["BE"]["RTEenabled"]';
00423 
00424 
00425                         // Acquire RTE object:
00426                 $RTE = &t3lib_BEfunc::RTEgetObj();
00427                 if (!is_object($RTE))   {
00428                         $this->RTE_errors = array_merge($this->RTE_errors, $RTE);
00429                 }
00430 
00431                 if (!count($this->RTE_errors))  {
00432                         return TRUE;
00433                 } else {
00434                         return FALSE;
00435                 }
00436         }
00437 
00448         function check($type,$value)    {
00449                 if (isset($this->groupData[$type]))     {
00450                         if ($this->isAdmin() || $this->inList($this->groupData[$type],$value)) {
00451                                 return 1;
00452                         }
00453                 }
00454         }
00455 
00465         function checkAuthMode($table,$field,$value,$authMode)  {
00466                 global $TCA;
00467 
00468                         // Admin users can do anything:
00469                 if ($this->isAdmin())   return TRUE;
00470 
00471                         // Allow all blank values:
00472                 if (!strcmp($value,'')) return TRUE;
00473 
00474                         // Certain characters are not allowed in the value
00475                 if (ereg('[:|,]',$value))       {
00476                         return FALSE;
00477                 }
00478 
00479                         // Initialize:
00480                 $testValue = $table.':'.$field.':'.$value;
00481                 $out = TRUE;
00482 
00483                         // Checking value:
00484                 switch((string)$authMode)       {
00485                         case 'explicitAllow':
00486                                 if (!$this->inList($this->groupData['explicit_allowdeny'],$testValue.':ALLOW')) {
00487                                         $out = FALSE;
00488                                 }
00489                         break;
00490                         case 'explicitDeny':
00491                                 if ($this->inList($this->groupData['explicit_allowdeny'],$testValue.':DENY'))   {
00492                                         $out = FALSE;
00493                                 }
00494                         break;
00495                         case 'individual':
00496                                 t3lib_div::loadTCA($table);
00497                                 if (is_array($TCA[$table]) && is_array($TCA[$table]['columns'][$field]))        {
00498                                         $items = $TCA[$table]['columns'][$field]['config']['items'];
00499                                         if (is_array($items))   {
00500                                                 foreach($items as $iCfg)        {
00501                                                         if (!strcmp($iCfg[1],$value) && $iCfg[4])       {
00502                                                                 switch((string)$iCfg[4])        {
00503                                                                         case 'EXPL_ALLOW':
00504                                                                                 if (!$this->inList($this->groupData['explicit_allowdeny'],$testValue.':ALLOW')) {
00505                                                                                         $out = FALSE;
00506                                                                                 }
00507                                                                         break;
00508                                                                         case 'EXPL_DENY':
00509                                                                                 if ($this->inList($this->groupData['explicit_allowdeny'],$testValue.':DENY'))   {
00510                                                                                         $out = FALSE;
00511                                                                                 }
00512                                                                         break;
00513                                                                 }
00514                                                                 break;
00515                                                         }
00516                                                 }
00517                                         }
00518                                 }
00519                         break;
00520                 }
00521 
00522                 return $out;
00523         }
00524 
00531         function checkLanguageAccess($langValue)        {
00532                 if (strcmp($this->groupData['allowed_languages'],''))   {       // The users language list must be non-blank - otherwise all languages are allowed.
00533                         $langValue = intval($langValue);
00534                         if ($langValue != -1 && !$this->check('allowed_languages',$langValue))  {       // Language must either be explicitly allowed OR the lang Value be "-1" (all languages)
00535                                 return FALSE;
00536                         }
00537                 }
00538                 return TRUE;
00539         }
00540 
00553         function recordEditAccessInternals($table,$idOrRow,$newRecord=FALSE)    {
00554                 global $TCA;
00555 
00556                 if (isset($TCA[$table]))        {
00557                         t3lib_div::loadTCA($table);
00558 
00559                                 // Always return true for Admin users.
00560                         if ($this->isAdmin())   return TRUE;
00561 
00562                                 // Fetching the record if the $idOrRow variable was not an array on input:
00563                         if (!is_array($idOrRow))        {
00564                                 $idOrRow = t3lib_BEfunc::getRecord($table, $idOrRow);
00565                                 if (!is_array($idOrRow))        {
00566                                         $this->errorMsg = 'ERROR: Record could not be fetched.';
00567                                         return FALSE;
00568                                 }
00569                         }
00570 
00571                                 // Checking languages:
00572                         if ($TCA[$table]['ctrl']['languageField'])      {
00573                                 if (isset($idOrRow[$TCA[$table]['ctrl']['languageField']]))     {       // Language field must be found in input row - otherwise it does not make sense.
00574                                         if (!$this->checkLanguageAccess($idOrRow[$TCA[$table]['ctrl']['languageField']]))       {
00575                                                 $this->errorMsg = 'ERROR: Language was not allowed.';
00576                                                 return FALSE;
00577                                         }
00578                                 } else {
00579                                         $this->errorMsg = 'ERROR: The "languageField" field named "'.$TCA[$table]['ctrl']['languageField'].'" was not found in testing record!';
00580                                         return FALSE;
00581                                 }
00582                         }
00583 
00584                                 // Checking authMode fields:
00585                         if (is_array($TCA[$table]['columns']))  {
00586                                 foreach($TCA[$table]['columns'] as $fN => $fV)  {
00587                                         if (isset($idOrRow[$fN]))       {       //
00588                                                 if ($fV['config']['type']=='select' && $fV['config']['authMode'] && !strcmp($fV['config']['authMode_enforce'],'strict')) {
00589                                                         if (!$this->checkAuthMode($table,$fN,$idOrRow[$fN],$fV['config']['authMode']))  {
00590                                                                 $this->errorMsg = 'ERROR: authMode "'.$fV['config']['authMode'].'" failed for field "'.$fN.'" with value "'.$idOrRow[$fN].'" evaluated';
00591                                                                 return FALSE;
00592                                                         }
00593                                                 }
00594                                         }
00595                                 }
00596                         }
00597 
00598                                 // Checking "editlock" feature (doesn't apply to new records)
00599                         if (!$newRecord && $TCA[$table]['ctrl']['editlock'])    {
00600                                 if (isset($idOrRow[$TCA[$table]['ctrl']['editlock']]))  {
00601                                         if ($idOrRow[$TCA[$table]['ctrl']['editlock']]) {
00602                                                 $this->errorMsg = 'ERROR: Record was locked for editing. Only admin users can change this state.';
00603                                                 return FALSE;
00604                                         }
00605                                 } else {
00606                                         $this->errorMsg = 'ERROR: The "editLock" field named "'.$TCA[$table]['ctrl']['editlock'].'" was not found in testing record!';
00607                                         return FALSE;
00608                                 }
00609                         }
00610 
00611                                 // Checking record permissions
00612                         // THIS is where we can include a check for "perms_" fields for other records than pages...
00613 
00614                                 // Finally, return true if all is well.
00615                         return TRUE;
00616                 }
00617         }
00618 
00628         function isPSet($lCP,$table,$type='')   {
00629                 if ($this->isAdmin())   return true;
00630                 if ($table=='pages')    {
00631                         if ($type=='edit')      return $lCP & 2;
00632                         if ($type=='new')       return ($lCP & 8) || ($lCP & 16);       // Create new page OR pagecontent
00633                         if ($type=='delete')    return $lCP & 4;
00634                         if ($type=='editcontent')       return $lCP & 16;
00635                 } else {
00636                         return $lCP & 16;
00637                 }
00638         }
00639 
00645         function mayMakeShortcut()      {
00646                 return $this->getTSConfigVal('options.shortcutFrame') && !$this->getTSConfigVal('options.mayNotCreateEditShortcuts');
00647         }
00648 
00659         function workspaceCannotEditRecord($table,$recData)     {
00660 
00661                 if ($this->workspace!==0)       {       // Only test offline spaces:
00662 
00663                         if (!is_array($recData))        {
00664                                 $recData = t3lib_BEfunc::getRecord($table,$recData,'pid'.($GLOBALS['TCA'][$table]['ctrl']['versioningWS']?',t3ver_wsid,t3ver_stage':''));
00665                         }
00666 
00667                         if (is_array($recData)) {
00668                                 if ((int)$recData['pid']===-1)  {       // We are testing a "version" (identified by a pid of -1): it can be edited provided that workspace matches and versioning is enabled for the table.
00669                                         if (!$GLOBALS['TCA'][$table]['ctrl']['versioningWS'])   {       // No versioning, basic error, inconsistency even! Such records should not have a pid of -1!
00670                                                 return 'Versioning disabled for table';
00671                                         } elseif ((int)$recData['t3ver_wsid']!==$this->workspace)       {       // So does workspace match?
00672                                                 return 'Workspace ID of record didn\'t match current workspace';
00673                                         } else {        // So what about the stage of the version, does that allow editing for this user?
00674                                                 return $this->workspaceCheckStageForCurrent($recData['t3ver_stage']) ? FALSE : 'Record stage "'.$recData['t3ver_stage'].'" and users access level did not allow for editing';
00675                                         }
00676                                 } else {        // We are testing a "live" record:
00677                                         if ($res = $this->workspaceAllowLiveRecordsInPID($recData['pid'], $table)) {    // For "Live" records, check that PID for table allows editing
00678                                                         // Live records are OK in this branch, but what about the stage of branch point, if any:
00679                                                 return $res>0 ? FALSE : 'Stage for versioning root point and users access level did not allow for editing';     // OK
00680                                         } else {        // If not offline and not in versionized branch, output error:
00681                                                 return 'Online record was not in versionized branch!';
00682                                         }
00683                                 }
00684                         } else return 'No record';
00685                 } else {
00686                         return FALSE;   // OK because workspace is 0
00687                 }
00688         }
00689 
00698         function workspaceCannotEditOfflineVersion($table,$recData)     {
00699                 if ($GLOBALS['TCA'][$table]['ctrl']['versioningWS'])    {
00700 
00701                         if (!is_array($recData))        {
00702                                 $recData = t3lib_BEfunc::getRecord($table,$recData,'uid,pid,t3ver_wsid,t3ver_stage');
00703                         }
00704                         if (is_array($recData)) {
00705                                 if ((int)$recData['pid']===-1)  {
00706                                         return $this->workspaceCannotEditRecord($table,$recData);
00707                                 } else return 'Not an offline version';
00708                         } else return 'No record';
00709                 } else return 'Table does not support versioning.';
00710         }
00711 
00721         function workspaceAllowLiveRecordsInPID($pid, $table)   {
00722 
00723                         // Always for Live workspace AND if live-edit is enabled and tables are completely without versioning it is ok as well.
00724                 if ($this->workspace===0 || ($this->workspaceRec['live_edit'] && !$GLOBALS['TCA'][$table]['ctrl']['versioningWS']))     {
00725                         return 2;       // OK to create for this table.
00726                 } elseif (t3lib_BEfunc::isPidInVersionizedBranch($pid, $table)) {       // Check if records from $table can be created with this PID: Either if inside "branch" versioning type or a "versioning_followPages" table on a "page" versioning type.
00727                                 // Now, check what the stage of that "page" or "branch" version type is:
00728                         $stage = t3lib_BEfunc::isPidInVersionizedBranch($pid, $table, TRUE);
00729                         return $this->workspaceCheckStageForCurrent($stage) ? 1 : -1;
00730                 } else {
00731                         return FALSE;   // If the answer is FALSE it means the only valid way to create or edit records in the PID is by versioning
00732                 }
00733         }
00734 
00742         function workspaceCreateNewRecord($pid, $table) {
00743                 if ($res = $this->workspaceAllowLiveRecordsInPID($pid,$table))  {       // If LIVE records cannot be created in the current PID due to workspace restrictions, prepare creation of placeholder-record
00744                         if ($res<0)     {
00745                                 return FALSE;   // Stage for versioning root point and users access level did not allow for editing
00746                         }
00747                 } elseif (!$GLOBALS['TCA'][$table]['ctrl']['versioningWS'])     {       // So, if no live records were allowed, we have to create a new version of this record:
00748                         return FALSE;
00749                 }
00750                 return TRUE;
00751         }
00752 
00761         function workspaceAllowAutoCreation($table,$id,$recpid) {
00762                         // Auto-creation of version: In offline workspace, test if versioning is enabled and look for workspace version of input record. If there is no versionized record found we will create one and save to that.
00763                 if ($this->workspace!==0        // Only in draft workspaces
00764                         && !$this->workspaceRec['disable_autocreate']   // Auto-creation must not be disabled.
00765                         && $GLOBALS['TCA'][$table]['ctrl']['versioningWS']      // Table must be versionizable
00766                         && $recpid >= 0 // The PID of the record must NOT be -1 or less (would indicate that it already was a version!)
00767                         && !t3lib_BEfunc::getWorkspaceVersionOfRecord($this->workspace, $table, $id, 'uid')     // There must be no existing version of this record in workspace.
00768                         && !t3lib_BEfunc::isPidInVersionizedBranch($recpid, $table))    {       // PID must NOT be in a versionized branch either
00769                                 return TRUE;
00770                 }
00771         }
00772 
00782         function workspaceCheckStageForCurrent($stage)  {
00783                 if ($this->isAdmin())   return TRUE;
00784 
00785                 if ($this->workspace>0) {
00786                         $stat = $this->checkWorkspaceCurrent();
00787                         $memberStageLimit = $this->workspaceRec['review_stage_edit'] ? 1 : 0;
00788                         if (($stage<=$memberStageLimit && $stat['_ACCESS']==='member') ||
00789                                 ($stage<=1 && $stat['_ACCESS']==='reviewer') ||
00790                                 ($stat['_ACCESS']==='owner')) {
00791                                         return TRUE;    // OK for these criteria
00792                         }
00793                 } else return TRUE;     // Always OK for live and draft workspaces.
00794         }
00795 
00806         function workspacePublishAccess($wsid)  {
00807                 if ($this->isAdmin())   return TRUE;
00808 
00809                         // If no access to workspace, of course you cannot publish!
00810                 $retVal = FALSE;
00811 
00812                 $wsAccess = $this->checkWorkspace($wsid);
00813                 if ($wsAccess)  {
00814                         switch($wsAccess['uid'])        {
00815                                 case 0:         // Live workspace
00816                                         $retVal =  TRUE;        // If access to Live workspace, no problem.
00817                                 break;
00818                                 case -1:        // Default draft workspace
00819                                         $retVal =  $this->checkWorkspace(0) ? TRUE : FALSE;     // If access to Live workspace, no problem.
00820                                 break;
00821                                 default:        // Custom workspace
00822                                         $retVal =  $wsAccess['_ACCESS'] === 'owner' || ($this->checkWorkspace(0) && !($wsAccess['publish_access']&2));  // Either be an adminuser OR have access to online workspace which is OK as well as long as publishing access is not limited by workspace option.
00823                                 break;
00824                         }
00825                 }
00826                 return $retVal;
00827         }
00828 
00834         function workspaceSwapAccess()  {
00835                 if ($this->workspace>0 && (int)$this->workspaceRec['swap_modes']===2)   {
00836                         return FALSE;
00837                 } else return TRUE;
00838         }
00839 
00846         function workspaceVersioningTypeAccess($type)   {
00847                 $retVal = FALSE;
00848 
00849                 if ($this->workspace>0 && !$this->isAdmin())    {
00850                         $stat = $this->checkWorkspaceCurrent();
00851                         if ($stat['_ACCESS']!=='owner') {
00852 
00853                                 $type = t3lib_div::intInRange($type,-1);
00854                                 switch((int)$type)      {
00855                                         case -1:
00856                                                 $retVal = $this->workspaceRec['vtypes']&1 ? FALSE : TRUE;
00857                                         break;
00858                                         case 0:
00859                                                 $retVal = $this->workspaceRec['vtypes']&2 ? FALSE : TRUE;
00860                                         break;
00861                                         default:
00862                                                 $retVal = $this->workspaceRec['vtypes']&4 ? FALSE : TRUE;
00863                                         break;
00864                                 }
00865                         } else $retVal = TRUE;
00866                 } else $retVal = TRUE;
00867 
00868                 return $retVal;
00869         }
00870 
00877         function workspaceVersioningTypeGetClosest($type)       {
00878                 $type = t3lib_div::intInRange($type,-1);
00879 
00880                 if ($this->workspace>0) {
00881                         switch((int)$type)      {
00882                                 case -1:
00883                                         $type = -1;
00884                                 break;
00885                                 case 0:
00886                                         $type = $this->workspaceVersioningTypeAccess($type) ? $type : -1;
00887                                 break;
00888                                 default:
00889                                         $type = $this->workspaceVersioningTypeAccess($type) ? $type : ($this->workspaceVersioningTypeAccess(0) ? 0 : -1);
00890                                 break;
00891                         }
00892                 }
00893                 return $type;
00894         }
00895 
00896 
00897 
00898 
00899 
00900 
00901 
00902 
00903 
00904 
00905         /*************************************
00906          *
00907          * Miscellaneous functions
00908          *
00909          *************************************/
00910 
00920         function getTSConfig($objectString,$config='')  {
00921                 if (!is_array($config)) {
00922                         $config=$this->userTS;  // Getting Root-ts if not sent
00923                 }
00924                 $TSConf=array();
00925                 $parts = explode('.',$objectString,2);
00926                 $key = $parts[0];
00927                 if (trim($key)) {
00928                         if (count($parts)>1 && trim($parts[1])) {
00929                                 // Go on, get the next level
00930                                 if (is_array($config[$key.'.']))        $TSConf = $this->getTSConfig($parts[1],$config[$key.'.']);
00931                         } else {
00932                                 $TSConf['value']=$config[$key];
00933                                 $TSConf['properties']=$config[$key.'.'];
00934                         }
00935                 }
00936                 return $TSConf;
00937         }
00938 
00946         function getTSConfigVal($objectString)  {
00947                 $TSConf = $this->getTSConfig($objectString);
00948                 return $TSConf['value'];
00949         }
00950 
00958         function getTSConfigProp($objectString) {
00959                 $TSConf = $this->getTSConfig($objectString);
00960                 return $TSConf['properties'];
00961         }
00962 
00970         function inList($in_list,$item) {
00971                 return strstr(','.$in_list.',', ','.$item.',');
00972         }
00973 
00981         function returnWebmounts()      {
00982                 return (string)($this->groupData['webmounts'])!='' ? explode(',',$this->groupData['webmounts']) : Array();
00983         }
00984 
00991         function returnFilemounts()     {
00992                 return $this->groupData['filemounts'];
00993         }
00994 
01008          function jsConfirmation($bitmask)      {
01009                  $alertPopup = $GLOBALS['BE_USER']->getTSConfig('options.alertPopups');
01010                  if (empty($alertPopup['value']))       {
01011                          $alertPopup = 255;     // default: show all warnings
01012                  } else {
01013                          $alertPopup = (int)$alertPopup['value'];
01014                  }
01015                  if(($alertPopup&$bitmask) == $bitmask) { // show confirmation
01016                          return 1;
01017                  } else { // don't show confirmation
01018                          return 0;
01019                  }
01020          }
01021 
01022 
01023 
01024 
01025 
01026 
01027 
01028 
01029 
01030         /*************************************
01031          *
01032          * Authentication methods
01033          *
01034          *************************************/
01035 
01036 
01046         function fetchGroupData()       {
01047                 if ($this->user['uid']) {
01048 
01049                                 // Get lists for the be_user record and set them as default/primary values.
01050                         $this->dataLists['modList'] = $this->user['userMods'];                                  // Enabled Backend Modules
01051                         $this->dataLists['allowed_languages'] = $this->user['allowed_languages'];                                       // Add Allowed Languages
01052                         $this->dataLists['workspace_perms'] = $this->user['workspace_perms'];                                   // Set user value for workspace permissions.
01053                         $this->dataLists['webmount_list'] = $this->user['db_mountpoints'];              // Database mountpoints
01054                         $this->dataLists['filemount_list'] = $this->user['file_mountpoints'];   // File mountpoints
01055 
01056                                 // Setting default User TSconfig:
01057                         $this->TSdataArray[]=$this->addTScomment('From $GLOBALS["TYPO3_CONF_VARS"]["BE"]["defaultUserTSconfig"]:').
01058                                                                         $GLOBALS['TYPO3_CONF_VARS']['BE']['defaultUserTSconfig'];
01059 
01060                                 // Default TSconfig for admin-users
01061                         if ($this->isAdmin())   {
01062                                 $this->TSdataArray[]=$this->addTScomment('"admin" user presets:').'
01063                                         admPanel.enable.all = 1
01064                                         options.shortcutFrame = 1
01065                                 ';
01066                                 if (t3lib_extMgm::isLoaded('sys_note')) {
01067                                         $this->TSdataArray[]='
01068                                                 // Setting defaults for sys_note author / email...
01069                                                 TCAdefaults.sys_note.author = '.$this->user['realName'].'
01070                                                 TCAdefaults.sys_note.email = '.$this->user['email'].'
01071                                         ';
01072                                 }
01073                         }
01074 
01075                                 // FILE MOUNTS:
01076                                 // Admin users has the base fileadmin dir mounted
01077                         if ($this->isAdmin() && $GLOBALS['TYPO3_CONF_VARS']['BE']['fileadminDir'])      {
01078                                 $this->addFileMount($GLOBALS['TYPO3_CONF_VARS']['BE']['fileadminDir'], '', PATH_site.$GLOBALS['TYPO3_CONF_VARS']['BE']['fileadminDir'], 0, '');
01079                         }
01080 
01081                                 // If userHomePath is set, we attempt to mount it
01082                         if ($GLOBALS['TYPO3_CONF_VARS']['BE']['userHomePath'])  {
01083                                         // First try and mount with [uid]_[username]
01084                                 $didMount=$this->addFileMount($this->user['username'], '',$GLOBALS['TYPO3_CONF_VARS']['BE']['userHomePath'].$this->user['uid'].'_'.$this->user['username'].$GLOBALS['TYPO3_CONF_VARS']['BE']['userUploadDir'], 0, 'user');
01085                                 if (!$didMount) {
01086                                                 // If that failed, try and mount with only [uid]
01087                                         $this->addFileMount($this->user['username'], '', $GLOBALS['TYPO3_CONF_VARS']['BE']['userHomePath'].$this->user['uid'].$GLOBALS['TYPO3_CONF_VARS']['BE']['userUploadDir'], 0, 'user');
01088                                 }
01089                         }
01090 
01091                                 // BE_GROUPS:
01092                                 // Get the groups...
01093 #                       $grList = t3lib_BEfunc::getSQLselectableList($this->user[$this->usergroup_column],$this->usergroup_table,$this->usergroup_table);
01094                         $grList = $GLOBALS['TYPO3_DB']->cleanIntList($this->user[$this->usergroup_column]);     // 240203: Since the group-field never contains any references to groups with a prepended table name we think it's safe to just intExplode and re-implode - which should be much faster than the other function call.
01095                         if ($grList)    {
01096                                         // Fetch groups will add a lot of information to the internal arrays: modules, accesslists, TSconfig etc. Refer to fetchGroups() function.
01097                                 $this->fetchGroups($grList);
01098                         }
01099 
01100                                 // Add the TSconfig for this specific user:
01101                         $this->TSdataArray[] = $this->addTScomment('USER TSconfig field').$this->user['TSconfig'];
01102                                 // Check include lines.
01103                         $this->TSdataArray = t3lib_TSparser::checkIncludeLines_array($this->TSdataArray);
01104 
01105                                 // Parsing the user TSconfig (or getting from cache)
01106                         $this->userTS_text = implode(chr(10).'[GLOBAL]'.chr(10),$this->TSdataArray);    // Imploding with "[global]" will make sure that non-ended confinements with braces are ignored.
01107                         $hash = md5('userTS:'.$this->userTS_text);
01108                         $cachedContent = t3lib_BEfunc::getHash($hash,0);
01109                         if (isset($cachedContent) && !$this->userTS_dontGetCached)      {
01110                                 $this->userTS = unserialize($cachedContent);
01111                         } else {
01112                                 $parseObj = t3lib_div::makeInstance('t3lib_TSparser');
01113                                 $parseObj->parse($this->userTS_text);
01114                                 $this->userTS = $parseObj->setup;
01115                                 t3lib_BEfunc::storeHash($hash,serialize($this->userTS),'BE_USER_TSconfig');
01116                                         // Update UC:
01117                                 $this->userTSUpdated=1;
01118                         }
01119 
01120                                 // Processing webmounts
01121                         if ($this->isAdmin() && !$this->getTSConfigVal('options.dontMountAdminMounts')) {       // Admin's always have the root mounted
01122                                 $this->dataLists['webmount_list']='0,'.$this->dataLists['webmount_list'];
01123                         }
01124 
01125                                 // Processing filemounts
01126                         $this->dataLists['filemount_list'] = t3lib_div::uniqueList($this->dataLists['filemount_list']);
01127                         if ($this->dataLists['filemount_list']) {
01128                                 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('*', 'sys_filemounts', 'deleted=0 AND hidden=0 AND pid=0 AND uid IN ('.$this->dataLists['filemount_list'].')');
01129                                 while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res))      {
01130                                         $this->addFileMount($row['title'], $row['path'], $row['path'], $row['base']?1:0, '');
01131                                 }
01132                         }
01133 
01134                                 // The lists are cleaned for duplicates
01135                         $this->groupData['webmounts'] = t3lib_div::uniqueList($this->dataLists['webmount_list']);
01136                         $this->groupData['pagetypes_select'] = t3lib_div::uniqueList($this->dataLists['pagetypes_select']);
01137                         $this->groupData['tables_select'] = t3lib_div::uniqueList($this->dataLists['tables_modify'].','.$this->dataLists['tables_select']);
01138                         $this->groupData['tables_modify'] = t3lib_div::uniqueList($this->dataLists['tables_modify']);
01139                         $this->groupData['non_exclude_fields'] = t3lib_div::uniqueList($this->dataLists['non_exclude_fields']);
01140                         $this->groupData['explicit_allowdeny'] = t3lib_div::uniqueList($this->dataLists['explicit_allowdeny']);
01141                         $this->groupData['allowed_languages'] = t3lib_div::uniqueList($this->dataLists['allowed_languages']);
01142                         $this->groupData['custom_options'] = t3lib_div::uniqueList($this->dataLists['custom_options']);
01143                         $this->groupData['modules'] = t3lib_div::uniqueList($this->dataLists['modList']);
01144                         $this->groupData['workspace_perms'] = $this->dataLists['workspace_perms'];
01145 
01146                                 // populating the $this->userGroupsUID -array with the groups in the order in which they were LAST included.!!
01147                         $this->userGroupsUID = array_reverse(array_unique(array_reverse($this->includeGroupArray)));
01148 
01149                                 // Finally this is the list of group_uid's in the order they are parsed (including subgroups!) and without duplicates (duplicates are presented with their last entrance in the list, which thus reflects the order of the TypoScript in TSconfig)
01150                         $this->groupList = implode(',',$this->userGroupsUID);
01151                         $this->setCachedList($this->groupList);
01152 
01153                                 // Checking read access to webmounts:
01154                         if (trim($this->groupData['webmounts'])!=='')   {
01155                                 $webmounts = explode(',',$this->groupData['webmounts']);        // Explode mounts
01156                                 $MProws = $GLOBALS['TYPO3_DB']->exec_SELECTgetRows('uid', 'pages', 'deleted=0 AND uid IN ('.$this->groupData['webmounts'].') AND '.$this->getPagePermsClause(1),'','','','uid');        // Selecting all webmounts with permission clause for reading
01157                                 foreach($webmounts as $idx => $mountPointUid)   {
01158                                         if ($mountPointUid>0 && !isset($MProws[$mountPointUid]))        {       // If the mount ID is NOT found among selected pages, unset it:
01159                                                 unset($webmounts[$idx]);
01160                                         }
01161                                 }
01162                                 $this->groupData['webmounts'] = implode(',',$webmounts);        // Implode mounts in the end.
01163                         }
01164 
01165                                 // Setting up workspace situation (after webmounts are processed!):
01166                         $this->workspaceInit();
01167                 }
01168         }
01169 
01179         function fetchGroups($grList,$idList='')        {
01180                 global $TYPO3_CONF_VARS;
01181 
01182                         // Fetching records of the groups in $grList (which are not blocked by lockedToDomain either):
01183                 $lockToDomain_SQL = ' AND (lockToDomain=\'\' OR lockToDomain IS NULL OR lockToDomain=\''.t3lib_div::getIndpEnv('HTTP_HOST').'\')';
01184                 $whereSQL = 'deleted=0 AND hidden=0 AND pid=0 AND uid IN ('.$grList.')'.$lockToDomain_SQL;
01185 
01186                         // Hook for manipulation of the WHERE sql sentence which controls which BE-groups are included
01187                 if (is_array ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['fetchGroupQuery'])) {
01188                     foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['fetchGroupQuery'] as $classRef) {
01189                         $hookObj = &t3lib_div::getUserObj($classRef);
01190                         if(method_exists($hookObj,'fetchGroupQuery_processQuery')){
01191                             $whereSQL = $hookObj->fetchGroupQuery_processQuery($this, $grList, $idList, $whereSQL);
01192                         }
01193                     }
01194                 }
01195 
01196                 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('*', $this->usergroup_table, $whereSQL);
01197 
01198                         // The userGroups array is filled
01199                 while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res))      {
01200                         $this->userGroups[$row['uid']] = $row;
01201                 }
01202 
01203                         // Traversing records in the correct order
01204                 $include_staticArr = t3lib_div::intExplode(',',$grList);
01205                 reset($include_staticArr);
01206                 while(list(,$uid)=each($include_staticArr))     {       // traversing list
01207 
01208                                 // Get row:
01209                         $row=$this->userGroups[$uid];
01210                         if (is_array($row) && !t3lib_div::inList($idList,$uid)) {       // Must be an array and $uid should not be in the idList, because then it is somewhere previously in the grouplist
01211 
01212                                         // Include sub groups
01213                                 if (trim($row['subgroup']))     {
01214                                         $theList = implode(',',t3lib_div::intExplode(',',$row['subgroup']));    // Make integer list
01215                                         $this->fetchGroups($theList, $idList.','.$uid);         // Call recursively, pass along list of already processed groups so they are not recursed again.
01216                                 }
01217                                         // Add the group uid, current list, TSconfig to the internal arrays.
01218                                 $this->includeGroupArray[]=$uid;
01219                                 $this->includeHierarchy[]=$idList;
01220                                 $this->TSdataArray[] = $this->addTScomment('Group "'.$row['title'].'" ['.$row['uid'].'] TSconfig field:').$row['TSconfig'];
01221 
01222                                         // Mount group database-mounts
01223                                 if (($this->user['options']&1) == 1)    {       $this->dataLists['webmount_list'].= ','.$row['db_mountpoints']; }
01224 
01225                                         // Mount group file-mounts
01226                                 if (($this->user['options']&2) == 2)    {       $this->dataLists['filemount_list'].= ','.$row['file_mountpoints'];      }
01227 
01228                                         // Mount group home-dirs
01229                                 if (($this->user['options']&2) == 2)    {
01230                                                 // If groupHomePath is set, we attempt to mount it
01231                                         if ($GLOBALS['TYPO3_CONF_VARS']['BE']['groupHomePath']) {
01232                                                 $this->addFileMount($row['title'], '', $GLOBALS['TYPO3_CONF_VARS']['BE']['groupHomePath'].$row['uid'], 0, 'group');
01233                                         }
01234                                 }
01235 
01236                                         // The lists are made: groupMods, tables_select, tables_modify, pagetypes_select, non_exclude_fields, explicit_allowdeny, allowed_languages, custom_options
01237                                 if ($row['inc_access_lists']==1)        {
01238                                         $this->dataLists['modList'].= ','.$row['groupMods'];
01239                                         $this->dataLists['tables_select'].= ','.$row['tables_select'];
01240                                         $this->dataLists['tables_modify'].= ','.$row['tables_modify'];
01241                                         $this->dataLists['pagetypes_select'].= ','.$row['pagetypes_select'];
01242                                         $this->dataLists['non_exclude_fields'].= ','.$row['non_exclude_fields'];
01243                                         $this->dataLists['explicit_allowdeny'].= ','.$row['explicit_allowdeny'];
01244                                         $this->dataLists['allowed_languages'].= ','.$row['allowed_languages'];
01245                                         $this->dataLists['custom_options'].= ','.$row['custom_options'];
01246                                 }
01247 
01248                                         // Setting workspace permissions:
01249                                 $this->dataLists['workspace_perms'] |= $row['workspace_perms'];
01250 
01251                                         // If this function is processing the users OWN group-list (not subgroups) AND if the ->firstMainGroup is not set, then the ->firstMainGroup will be set.
01252                                 if (!strcmp($idList,'') && !$this->firstMainGroup)      {
01253                                         $this->firstMainGroup=$uid;
01254                                 }
01255                         }
01256                 }
01257 
01258                 // ****************
01259                 // HOOK: fetchGroups_postProcessing
01260                 // ****************
01261                 if (is_array($TYPO3_CONF_VARS['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['fetchGroups_postProcessing'])) {
01262                         foreach($TYPO3_CONF_VARS['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['fetchGroups_postProcessing'] as $_funcRef) {
01263                                 $_params = array();
01264                                 t3lib_div::callUserFunction($_funcRef, $_params, $this);
01265                         }
01266                 }
01267         }
01268 
01277         function setCachedList($cList)  {
01278                 if ((string)$cList != (string)$this->user['usergroup_cached_list'])     {
01279                         $GLOBALS['TYPO3_DB']->exec_UPDATEquery('be_users', 'uid='.intval($this->user['uid']), array('usergroup_cached_list' => $cList));
01280                 }
01281         }
01282 
01297         function addFileMount($title, $altTitle, $path, $webspace, $type)       {
01298                         // Return false if fileadminDir is not set and we try to mount a relative path
01299                 if ($webspace && !$GLOBALS['TYPO3_CONF_VARS']['BE']['fileadminDir'])    return false;
01300 
01301                         // Trimming and pre-processing
01302                 $path=trim($path);
01303                 if ($this->OS=='WIN')   {               // with WINDOWS convert backslash to slash!!
01304                         $path=str_replace('\\','/',$path);
01305                 }
01306                         // If the path is true and validates as a valid path string:
01307                 if ($path && t3lib_div::validPathStr($path))    {
01308                                 // normalize path: remove leading '/' and './', and trailing '/' and '/.'
01309                         $path=trim($path);
01310                         $path=preg_replace('#^\.?/|/\.?$#','',$path);
01311 
01312                         if ($path)      {       // there must be some chars in the path
01313                                 $fdir=PATH_site.$GLOBALS['TYPO3_CONF_VARS']['BE']['fileadminDir'];      // fileadmin dir, absolute
01314                                 if ($webspace)  {
01315                                         $path=$fdir.$path;      // PATH_site + fileadmin dir is prepended
01316                                 } else {
01317                                         if ($this->OS!='WIN')   {               // with WINDOWS no prepending!!
01318                                                 $path='/'.$path;        // root-level is the start...
01319                                         }
01320                                 }
01321                                 $path.='/';
01322 
01323                                         // We now have a path with slash after and slash before (if unix)
01324                                 if (@is_dir($path) &&
01325                                         (($GLOBALS['TYPO3_CONF_VARS']['BE']['lockRootPath'] && t3lib_div::isFirstPartOfStr($path,$GLOBALS['TYPO3_CONF_VARS']['BE']['lockRootPath'])) || t3lib_div::isFirstPartOfStr($path,$fdir)))      {
01326                                                         // Alternative title?
01327                                                 $name = $title ? $title : $altTitle;
01328                                                         // Adds the filemount. The same filemount with same name, type and path cannot be set up twice because of the hash string used as key.
01329                                                 $this->groupData['filemounts'][md5($name.'|'.$path.'|'.$type)] = Array('name'=>$name, 'path'=>$path, 'type'=>$type);
01330                                                         // Return true - went well, success!
01331                                                 return 1;
01332                                 }
01333                         }
01334                 }
01335         }
01336 
01343         function addTScomment($str)     {
01344                 $delimiter = '# ***********************************************';
01345 
01346                 $out = $delimiter.chr(10);
01347                 $lines = t3lib_div::trimExplode(chr(10),$str);
01348                 foreach($lines as $v)   {
01349                         $out.= '# '.$v.chr(10);
01350                 }
01351                 $out.= $delimiter.chr(10);
01352                 return $out;
01353         }
01354 
01355 
01356 
01357 
01358 
01359 
01360 
01361 
01362 
01363 
01364 
01365 
01366         /************************************
01367          *
01368          * Workspaces
01369          *
01370          ************************************/
01371 
01379         function workspaceInit()        {
01380 
01381                         // Initializing workspace by evaluating and setting the workspace, possibly updating it in the user record!
01382                 $this->setWorkspace($this->user['workspace_id']);
01383 
01384                         // Setting up the db mount points of the (custom) workspace, if any:
01385                 if ($this->workspace>0 && trim($this->workspaceRec['db_mountpoints'])!=='')     {
01386 
01387                                 // Initialize:
01388                         $newMounts = array();
01389                         $readPerms = '1=1'; // Notice: We cannot call $this->getPagePermsClause(1); as usual because the group-list is not available at this point. But bypassing is fine because all we want here is check if the workspace mounts are inside the current webmounts rootline. The actual permission checking on page level is done elsewhere as usual anyway before the page tree is rendered.
01390 
01391                                 // Traverse mount points of the
01392                         $mountPoints = t3lib_div::intExplode(',',$this->workspaceRec['db_mountpoints']);
01393                         foreach($mountPoints as $mpId)  {
01394                                 if ($this->isInWebMount($mpId,$readPerms))      {
01395                                         $newMounts[] = $mpId;
01396                                 }
01397                         }
01398 
01399                                 // Re-insert webmounts:
01400                         $this->groupData['webmounts'] = implode(',',array_unique($newMounts));
01401                 }
01402 
01403                         // Setting up the file mount points of the (custom) workspace, if any:
01404                 if ($this->workspace!==0)       $this->groupData['filemounts'] = array();
01405                 if ($this->workspace>0 && trim($this->workspaceRec['file_mountpoints'])!=='')   {
01406 
01407                                 // Processing filemounts
01408                         $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('*', 'sys_filemounts', 'deleted=0 AND hidden=0 AND pid=0 AND uid IN ('.$GLOBALS['TYPO3_DB']->cleanIntList($this->workspaceRec['file_mountpoints']).')');
01409                         while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res))      {
01410                                 $this->addFileMount($row['title'], $row['path'], $row['path'], $row['base']?1:0, '');
01411                         }
01412                 }
01413         }
01414 
01422         function checkWorkspace($wsRec,$fields='uid,title,adminusers,members,reviewers,publish_access,stagechg_notification')   {
01423                 $retVal = FALSE;
01424 
01425                         // If not array, look up workspace record:
01426                 if (!is_array($wsRec))  {
01427                         switch((string)$wsRec)  {
01428                                 case '0':
01429                                 case '-1':
01430                                         $wsRec = array('uid' => $wsRec);
01431                                 break;
01432                                 default:
01433                                         list($wsRec) = $GLOBALS['TYPO3_DB']->exec_SELECTgetRows(
01434                                                 $fields,
01435                                                 'sys_workspace',
01436                                                 'pid=0 AND uid='.intval($wsRec).
01437                                                         t3lib_BEfunc::deleteClause('sys_workspace'),
01438                                                 '',
01439                                                 'title'
01440                                         );
01441                                 break;
01442                         }
01443                 }
01444 
01445                         // If wsRec is set to an array, evaluate it:
01446                 if (is_array($wsRec))   {
01447                         if ($this->isAdmin())   {
01448                                 return array_merge($wsRec,array('_ACCESS' => 'admin'));
01449                         } else {
01450 
01451                                 switch((string)$wsRec['uid'])   {
01452                                         case '0':
01453                                                 $retVal = ($this->groupData['workspace_perms']&1) ? array_merge($wsRec,array('_ACCESS' => 'online')) : FALSE;
01454                                         break;
01455                                         case '-1':
01456                                                 $retVal = ($this->groupData['workspace_perms']&2) ? array_merge($wsRec,array('_ACCESS' => 'offline')) : FALSE;
01457                                         break;
01458                                         default:
01459                                                         // Checking if the guy is admin:
01460                                                 if (t3lib_div::inList($wsRec['adminusers'],$this->user['uid'])) {
01461                                                         return array_merge($wsRec, array('_ACCESS' => 'owner'));
01462                                                 }
01463                                                         // Checking if he is reviewer user:
01464                                                 if (t3lib_div::inList($wsRec['reviewers'],'be_users_'.$this->user['uid']))      {
01465                                                         return array_merge($wsRec, array('_ACCESS' => 'reviewer'));
01466                                                 }
01467                                                         // Checking if he is reviewer through a user group of his:
01468                                                 foreach($this->userGroupsUID as $groupUid)      {
01469                                                         if (t3lib_div::inList($wsRec['reviewers'],'be_groups_'.$groupUid))      {
01470                                                                 return array_merge($wsRec, array('_ACCESS' => 'reviewer'));
01471                                                         }
01472                                                 }
01473                                                         // Checking if he is member as user:
01474                                                 if (t3lib_div::inList($wsRec['members'],'be_users_'.$this->user['uid']))        {
01475                                                         return array_merge($wsRec, array('_ACCESS' => 'member'));
01476                                                 }
01477                                                         // Checking if he is member through a user group of his:
01478                                                 foreach($this->userGroupsUID as $groupUid)      {
01479                                                         if (t3lib_div::inList($wsRec['members'],'be_groups_'.$groupUid))        {
01480                                                                 return array_merge($wsRec, array('_ACCESS' => 'member'));
01481                                                         }
01482                                                 }
01483                                         break;
01484                                 }
01485                         }
01486                 }
01487 
01488                 return $retVal;
01489         }
01490 
01497         function checkWorkspaceCurrent()        {
01498                 if (!isset($this->checkWorkspaceCurrent_cache)) {
01499                         $this->checkWorkspaceCurrent_cache = $this->checkWorkspace($this->workspace);
01500                 }
01501                 return $this->checkWorkspaceCurrent_cache;
01502         }
01503 
01510         function setWorkspace($workspaceId)     {
01511 
01512                         // Check workspace validity and if not found, revert to default workspace.
01513                 if ($this->workspaceRec = $this->checkWorkspace($workspaceId,'*'))      {
01514                                 // Set workspace ID internally
01515                         $this->workspace = (int)$workspaceId;
01516                 } else {
01517                         $this->workspace = (int)$this->getDefaultWorkspace();
01518                         $this->workspaceRec = $this->checkWorkspace($this->workspace,'*');
01519                 }
01520 
01521                         // Unset access cache:
01522                 unset($this->checkWorkspaceCurrent_cache);
01523 
01524                         // If ID is different from the stored one, change it:
01525                 if (strcmp($this->workspace, $this->user['workspace_id']))      {
01526                         $this->user['workspace_id'] = $this->workspace;
01527                         $GLOBALS['TYPO3_DB']->exec_UPDATEquery('be_users','uid='.intval($this->user['uid']),array('workspace_id' => $this->user['workspace_id']));
01528                         $this->simplelog('User changed workspace to "'.$this->workspace.'"');
01529                 }
01530         }
01531 
01538         function setWorkspacePreview($previewState)     {
01539                 $this->user['workspace_preview'] = $previewState;
01540                 $GLOBALS['TYPO3_DB']->exec_UPDATEquery('be_users','uid='.intval($this->user['uid']),array('workspace_preview' => $this->user['workspace_preview']));
01541         }
01542 
01548         function getDefaultWorkspace()  {
01549 
01550                 if ($this->checkWorkspace(0))   {       // Check online
01551                         return 0;
01552                 } elseif ($this->checkWorkspace(-1))    {       // Check offline
01553                         return -1;
01554                 } else {        // Traverse custom workspaces:
01555                         $workspaces = $GLOBALS['TYPO3_DB']->exec_SELECTgetRows('uid,title,adminusers,members,reviewers','sys_workspace','pid=0'.t3lib_BEfunc::deleteClause('sys_workspace'),'','title');
01556                         foreach($workspaces as $rec)    {
01557                                 if ($this->checkWorkspace($rec))        {
01558                                         return $rec['uid'];
01559                                 }
01560                         }
01561                 }
01562                 return -99;
01563         }
01564 
01565 
01566 
01567 
01568 
01569 
01570 
01571 
01572 
01573 
01574 
01575         /************************************
01576          *
01577          * Logging
01578          *
01579          ************************************/
01580 
01599         function writelog($type,$action,$error,$details_nr,$details,$data,$tablename='',$recuid='',$recpid='',$event_pid=-1,$NEWid='',$userId=0) {
01600 
01601                 $fields_values = Array (
01602                         'userid' => $userId ? $userId : intval($this->user['uid']),
01603                         'type' => intval($type),
01604                         'action' => intval($action),
01605                         'error' => intval($error),
01606                         'details_nr' => intval($details_nr),
01607                         'details' => $details,
01608                         'log_data' => serialize($data),
01609                         'tablename' => $tablename,
01610                         'recuid' => intval($recuid),
01611 #                       'recpid' => intval($recpid),
01612                         'IP' => t3lib_div::getIndpEnv('REMOTE_ADDR'),
01613                         'tstamp' => $GLOBALS['EXEC_TIME'],
01614                         'event_pid' => intval($event_pid),
01615                         'NEWid' => $NEWid,
01616                         'workspace' => $this->workspace
01617                 );
01618 
01619                 $GLOBALS['TYPO3_DB']->exec_INSERTquery('sys_log', $fields_values);
01620                 return $GLOBALS['TYPO3_DB']->sql_insert_id();
01621         }
01622 
01631         function simplelog($message, $extKey='', $error=0)      {
01632                 return $this->writelog(
01633                         4,
01634                         0,
01635                         $error,
01636                         0,
01637                         ($extKey?'['.$extKey.'] ':'').$message,
01638                         array()
01639                 );
01640         }
01641 
01652         function checkLogFailures($email, $secondsBack=3600, $max=3)    {
01653 
01654                 if ($email)     {
01655 
01656                                 // get last flag set in the log for sending
01657                         $theTimeBack = time()-$secondsBack;
01658                         $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
01659                                                         'tstamp',
01660                                                         'sys_log',
01661                                                         'type=255 AND action=4 AND tstamp>'.intval($theTimeBack),
01662                                                         '',
01663                                                         'tstamp DESC',
01664                                                         '1'
01665                                                 );
01666                         if ($testRow = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res))     {
01667                                 $theTimeBack = $testRow['tstamp'];
01668                         }
01669 
01670                                 // Check for more than $max number of error failures with the last period.
01671                         $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
01672                                                         '*',
01673                                                         'sys_log',
01674                                                         'type=255 AND action=3 AND error!=0 AND tstamp>'.intval($theTimeBack),
01675                                                         '',
01676                                                         'tstamp'
01677                                                 );
01678                         if ($GLOBALS['TYPO3_DB']->sql_num_rows($res) > $max)    {
01679                                         // OK, so there were more than the max allowed number of login failures - so we will send an email then.
01680                                 $subject = 'TYPO3 Login Failure Warning (at '.$GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'].')';
01681                                 $email_body = '
01682 There has been numerous attempts ('.$GLOBALS['TYPO3_DB']->sql_num_rows($res).') to login at the TYPO3
01683 site "'.$GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'].'" ('.t3lib_div::getIndpEnv('HTTP_HOST').').
01684 
01685 This is a dump of the failures:
01686 
01687 ';
01688                                 while($testRows = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res))  {
01689                                         $theData = unserialize($testRows['log_data']);
01690                                         $email_body.= date($GLOBALS['TYPO3_CONF_VARS']['SYS']['ddmmyy'].' '.$GLOBALS['TYPO3_CONF_VARS']['SYS']['hhmm'],$testRows['tstamp']).':  '.@sprintf($testRows['details'],''.$theData[0],''.$theData[1],''.$theData[2]);
01691                                         $email_body.= chr(10);
01692                                 }
01693                                 mail(   $email,
01694                                         $subject,
01695                                         $email_body,
01696                                         'From: TYPO3 Login WARNING<>'
01697                                 );
01698                                 $this->writelog(255,4,0,3,'Failure warning (%s failures within %s seconds) sent by email to %s',Array($GLOBALS['TYPO3_DB']->sql_num_rows($res),$secondsBack,$email));   // Logout written to log
01699                         }
01700                 }
01701         }
01702 }
01703 
01704 
01705 
01706 if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_userauthgroup.php'])     {
01707         include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_userauthgroup.php']);
01708 }
01709 ?>


Généré par Les experts TYPO3 avec  doxygen 1.4.6