| [ Index ] |
|
Code source de Typo3 4.1.3 |
[Code source] [Imprimer] [Statistiques]
Contains an extension class specifically for authentication/initialization of backend users in TYPO3 $Id: class.t3lib_userauthgroup.php 2204 2007-03-27 15:21:55Z liels_bugs $ Revised for TYPO3 3.6 July/2003 by Kasper Skaarhoj
| Author: | Kasper Skaarhoj <kasperYYYY@typo3.com> |
| Poids: | 1723 lignes (71 kb) |
| Inclus ou requis: | 0 fois |
| Référencé: | 0 fois |
| Nécessite: | 0 fichiers |
t3lib_userAuthGroup:: (45 méthodes):
isAdmin()
isMemberOfGroup()
doesUserHaveAccess()
isInWebMount()
modAccess()
getPagePermsClause()
calcPerms()
isRTE()
check()
checkAuthMode()
checkLanguageAccess()
recordEditAccessInternals()
isPSet()
mayMakeShortcut()
workspaceCannotEditRecord()
workspaceCannotEditOfflineVersion()
workspaceAllowLiveRecordsInPID()
workspaceCreateNewRecord()
workspaceAllowAutoCreation()
workspaceCheckStageForCurrent()
workspacePublishAccess()
workspaceSwapAccess()
workspaceVersioningTypeAccess()
workspaceVersioningTypeGetClosest()
getTSConfig()
getTSConfigVal()
getTSConfigProp()
inList()
returnWebmounts()
returnFilemounts()
jsConfirmation()
fetchGroupData()
fetchGroups()
setCachedList()
addFileMount()
addTScomment()
workspaceInit()
checkWorkspace()
checkWorkspaceCurrent()
setWorkspace()
setWorkspacePreview()
getDefaultWorkspace()
writelog()
simplelog()
checkLogFailures()
Classe: t3lib_userAuthGroup - X-Ref
Extension to class.t3lib_userauth.php; Authentication of users in TYPO3 Backend| isAdmin() X-Ref |
| Returns true if user is admin Basically this function evaluates if the ->user[admin] field has bit 0 set. If so, user is admin. return: boolean |
| isMemberOfGroup($groupId) X-Ref |
| Returns true if the current user is a member of group $groupId $groupId must be set. $this->groupList must contain groups Will return true also if the user is a member of a group through subgroups. param: integer Group ID to look for in $this->groupList return: boolean |
| doesUserHaveAccess($row,$perms) X-Ref |
| Checks if the permissions is granted based on a page-record ($row) and $perms (binary and'ed) Bits for permissions, see $perms variable: 1 - Show: See/Copy page and the pagecontent. 16- Edit pagecontent: Change/Add/Delete/Move pagecontent. 2- Edit page: Change/Move the page, eg. change title, startdate, hidden. 4- Delete page: Delete the page and pagecontent. 8- New pages: Create new pages under the page. param: array $row is the pagerow for which the permissions is checked param: integer $perms is the binary representation of the permission we are going to check. Every bit in this number represents a permission that must be set. See function explanation. return: boolean True or False upon evaluation |
| isInWebMount($id,$readPerms='',$exitOnError=0) X-Ref |
| Checks if the page id, $id, is found within the webmounts set up for the user. This should ALWAYS be checked for any page id a user works with, whether it's about reading, writing or whatever. The point is that this will add the security that a user can NEVER touch parts outside his mounted pages in the page tree. This is otherwise possible if the raw page permissions allows for it. So this security check just makes it easier to make safe user configurations. If the user is admin OR if this feature is disabled (fx. by setting TYPO3_CONF_VARS['BE']['lockBeUserToDBmounts']=0) then it returns "1" right away Otherwise the function will return the uid of the webmount which was first found in the rootline of the input page $id param: integer Page ID to check param: string Content of "->getPagePermsClause(1)" (read-permissions). If not set, they will be internally calculated (but if you have the correct value right away you can save that database lookup!) param: boolean If set, then the function will exit with an error message. return: integer The page UID of a page in the rootline that matched a mount point |
| modAccess($conf,$exitOnError) X-Ref |
| Checks access to a backend module with the $MCONF passed as first argument param: array $MCONF array of a backend module! param: boolean If set, an array will issue an error message and exit. return: boolean Will return true if $MCONF['access'] is not set at all, if the BE_USER is admin or if the module is enabled in the be_users/be_groups records of the user (specifically enabled). Will return false if the module name is not even found in $TBE_MODULES |
| getPagePermsClause($perms) X-Ref |
| Returns a WHERE-clause for the pages-table where user permissions according to input argument, $perms, is validated. $perms is the "mask" used to select. Fx. if $perms is 1 then you'll get all pages that a user can actually see! 2^0 = show (1) 2^1 = edit (2) 2^2 = delete (4) 2^3 = new (8) If the user is 'admin' " 1=1" is returned (no effect) If the user is not set at all (->user is not an array), then " 1=0" is returned (will cause no selection results at all) The 95% use of this function is "->getPagePermsClause(1)" which will return WHERE clauses for *selecting* pages in backend listings - in other words this will check read permissions. param: integer Permission mask to use, see function description return: string Part of where clause. Prefix " AND " to this. |
| calcPerms($row) X-Ref |
| Returns a combined binary representation of the current users permissions for the page-record, $row. The perms for user, group and everybody is OR'ed together (provided that the page-owner is the user and for the groups that the user is a member of the group If the user is admin, 31 is returned (full permissions for all five flags) param: array Input page row with all perms_* fields available. return: integer Bitwise representation of the users permissions in relation to input page row, $row |
| isRTE() X-Ref |
| Returns true if the RTE (Rich Text Editor) can be enabled for the user Strictly this is not permissions being checked but rather a series of settings like a loaded extension, browser/client type and a configuration option in ->uc[edit_RTE] The reasons for a FALSE return can be found in $this->RTE_errors return: boolean |
| check($type,$value) X-Ref |
| Returns true if the $value is found in the list in a $this->groupData[] index pointed to by $type (array key). Can thus be users to check for modules, exclude-fields, select/modify permissions for tables etc. If user is admin true is also returned Please see the document Inside TYPO3 for examples. param: string The type value; "webmounts", "filemounts", "pagetypes_select", "tables_select", "tables_modify", "non_exclude_fields", "modules" param: string String to search for in the groupData-list return: boolean True if permission is granted (that is, the value was found in the groupData list - or the BE_USER is "admin") |
| checkAuthMode($table,$field,$value,$authMode) X-Ref |
| Checking the authMode of a select field with authMode set param: string Table name param: string Field name (must be configured in TCA and of type "select" with authMode set!) param: string Value to evaluation (single value, must not contain any of the chars ":,|") param: string Auth mode keyword (explicitAllow, explicitDeny, individual) return: boolean True or false whether access is granted or not. |
| checkLanguageAccess($langValue) X-Ref |
| Checking if a language value (-1, 0 and >0 for sys_language records) is allowed to be edited by the user. param: integer Language value to evaluate return: boolean Returns true if the language value is allowed, otherwise false. |
| recordEditAccessInternals($table,$idOrRow,$newRecord=FALSE) X-Ref |
| Checking if a user has editing access to a record from a $TCA table. The checks does not take page permissions and other "environmental" things into account. It only deal with record internals; If any values in the record fields disallows it. For instance languages settings, authMode selector boxes are evaluated (and maybe more in the future). It will check for workspace dependent access. The function takes an ID (integer) or row (array) as second argument. param: string Table name param: mixed If integer, then this is the ID of the record. If Array this just represents fields in the record. param: boolean Set, if testing a new (non-existing) record array. Will disable certain checks that doesn't make much sense in that context. return: boolean True if OK, otherwise false |
| isPSet($lCP,$table,$type='') X-Ref |
| Will check a type of permission against the compiled permission integer, $lCP, and in relation to table, $table param: integer $lCP could typically be the "compiled permissions" integer returned by ->calcPerms param: string $table is the tablename to check: If "pages" table then edit,new,delete and editcontent permissions can be checked. Other tables will be checked for "editcontent" only (and $type will be ignored) param: string For $table='pages' this can be 'edit' (2), 'new' (8 or 16), 'delete' (4), 'editcontent' (16). For all other tables this is ignored. (16 is used) return: boolean |
| mayMakeShortcut() X-Ref |
| Returns true if the BE_USER is allowed to *create* shortcuts in the backend modules return: boolean |
| workspaceCannotEditRecord($table,$recData) X-Ref |
| Checking if editing of an existing record is allowed in current workspace if that is offline. Rules for editing in offline mode: - record supports versioning and is an offline version from workspace and has the corrent stage - or record (any) is in a branch where there is a page which is a version from the workspace and where the stage is not preventing records param: string Table of record param: array Integer (record uid) or array where fields are at least: pid, t3ver_wsid, t3ver_stage (if versioningWS is set) return: string String error code, telling the failure state. FALSE=All ok |
| workspaceCannotEditOfflineVersion($table,$recData) X-Ref |
| Evaluates if a user is allowed to edit the offline version param: string Table of record param: array Integer (record uid) or array where fields are at least: pid, t3ver_wsid, t3ver_stage (if versioningWS is set) return: string String error code, telling the failure state. FALSE=All ok |
| workspaceAllowLiveRecordsInPID($pid, $table) X-Ref |
| Check if "live" records from $table may be created or edited in this PID. If the answer is FALSE it means the only valid way to create or edit records in the PID is by versioning If the answer is 1 or 2 it means it is OK to create a record, if -1 it means that it is OK in terms of versioning because the element was within a versionized branch but NOT ok in terms of the state the root point had! param: integer PID value to check for. param: string Table name return: mixed Returns FALSE if a live record cannot be created and must be versionized in order to do so. 2 means a) Workspace is "Live" or workspace allows "live edit" of records from non-versionized tables (and the $table is not versionizable). 1 and -1 means the pid is inside a versionized branch where -1 means that the branch-point did NOT allow a new record according to its state. |
| workspaceCreateNewRecord($pid, $table) X-Ref |
| Evaluates if a record from $table can be created in $pid param: integer Page id. This value must be the _ORIG_uid if available: So when you have pages versionized as "page" or "element" you must supply the id of the page version in the workspace! param: string Table name return: boolean TRUE if OK. |
| workspaceAllowAutoCreation($table,$id,$recpid) X-Ref |
| Evaluates if auto creation of a version of a record is allowed. param: string Table of the record param: integer UID of record param: integer PID of record return: boolean TRUE if ok. |
| workspaceCheckStageForCurrent($stage) X-Ref |
| Checks if an element stage allows access for the user in the current workspace In workspaces 0 (Live) and -1 (Default draft) access is always granted for any stage. Admins are always allowed. An option for custom workspaces allows members to also edit when the stage is "Review" param: integer Stage id from an element: -1,0 = editing, 1 = reviewer, >1 = owner return: boolean TRUE if user is allowed access |
| workspacePublishAccess($wsid) X-Ref |
| Returns TRUE if the user has access to publish content from the workspace ID given. Admin-users are always granted access to do this If the workspace ID is 0 (live) all users have access also If -1 (draft workspace) TRUE is returned if the user has access to the Live workspace For custom workspaces it depends on whether the user is owner OR like with draft workspace if the user has access to Live workspace. param: integer Workspace UID; -1,0,1+ return: boolean Returns TRUE if the user has access to publish content from the workspace ID given. |
| workspaceSwapAccess() X-Ref |
| Workspace swap-mode access? return: boolean Returns TRUE if records can be swapped in the current workspace, otherwise false |
| workspaceVersioningTypeAccess($type) X-Ref |
| Workspace Versioning type access? param: integer Versioning type to evaluation: -1, 0, >1 return: boolean TRUE if OK |
| workspaceVersioningTypeGetClosest($type) X-Ref |
| Finding "closest" versioning type, used for creation of new records. param: integer Versioning type to evaluation: -1, 0, >1 return: integer Returning versioning type |
| getTSConfig($objectString,$config='') X-Ref |
| Returns the value/properties of a TS-object as given by $objectString, eg. 'options.dontMountAdminMounts' Nice (general!) function for returning a part of a TypoScript array! param: string Pointer to an "object" in the TypoScript array, fx. 'options.dontMountAdminMounts' param: array Optional TSconfig array: If array, then this is used and not $this->userTS. If not array, $this->userTS is used. return: array An array with two keys, "value" and "properties" where "value" is a string with the value of the objectsting and "properties" is an array with the properties of the objectstring. |
| getTSConfigVal($objectString) X-Ref |
| Returns the "value" of the $objectString from the BE_USERS "User TSconfig" array param: string Object string, eg. "somestring.someproperty.somesubproperty" return: string The value for that object string (object path) |
| getTSConfigProp($objectString) X-Ref |
| Returns the "properties" of the $objectString from the BE_USERS "User TSconfig" array param: string Object string, eg. "somestring.someproperty.somesubproperty" return: array The properties for that object string (object path) - if any |
| inList($in_list,$item) X-Ref |
| Returns true if $item is in $in_list param: string Comma list with items, no spaces between items! param: string The string to find in the list of items return: string Boolean |
| returnWebmounts() X-Ref |
| Returns an array with the webmounts. If no webmounts, and empty array is returned. NOTICE: Deleted pages WILL NOT be filtered out! So if a mounted page has been deleted it is STILL coming out as a webmount. This is not checked due to performance. return: array |
| returnFilemounts() X-Ref |
| Returns an array with the filemounts for the user. Each filemount is represented with an array of a "name", "path" and "type". If no filemounts an empty array is returned. return: array |
| jsConfirmation($bitmask) X-Ref |
| Returns true or false, depending if an alert popup (a javascript confirmation) should be shown call like $GLOBALS['BE_USER']->jsConfirmation($BITMASK) 1 - typeChange 2 - copy/move/paste 4 - delete 8 - frontend editing 128 - other (not used yet) param: integer Bitmask return: boolean true if the confirmation should be shown |
| fetchGroupData() X-Ref |
| Initializes a lot of stuff like the access-lists, database-mountpoints and filemountpoints This method is called by ->backendCheckLogin() (from extending class t3lib_beuserauth) if the backend user login has verified OK. Generally this is required initialization of a backend user. return: void |
| fetchGroups($grList,$idList='') X-Ref |
| Fetches the group records, subgroups and fills internal arrays. Function is called recursively to fetch subgroups param: string Commalist of be_groups uid numbers param: string List of already processed be_groups-uids so the function will not fall into a eternal recursion. return: void |
| setCachedList($cList) X-Ref |
| Updates the field be_users.usergroup_cached_list if the groupList of the user has changed/is different from the current list. The field "usergroup_cached_list" contains the list of groups which the user is a member of. After authentication (where these functions are called...) one can depend on this list being a representation of the exact groups/subgroups which the BE_USER has membership with. param: string The newly compiled group-list which must be compared with the current list in the user record and possibly stored if a difference is detected. return: void |
| addFileMount($title, $altTitle, $path, $webspace, $type) X-Ref |
| Adds a filemount to the users array of filemounts, $this->groupData['filemounts'][hash_key] = Array ('name'=>$name, 'path'=>$path, 'type'=>$type); Is a part of the authentication proces of the user. A final requirement for a path being mounted is that a) it MUST return true on is_dir(), b) must contain either PATH_site+'fileadminDir' OR 'lockRootPath' - if lockRootPath is set - as first part of string! Paths in the mounted information will always be absolute and have a trailing slash. param: string $title will be the (root)name of the filemount in the folder tree param: string $altTitle will be the (root)name of the filemount IF $title is not true (blank or zero) param: string $path is the path which should be mounted. Will accept backslash in paths on windows servers (will substituted with forward slash). The path should be 1) relative to TYPO3_CONF_VARS[BE][fileadminDir] if $webspace is set, otherwise absolute. param: boolean If $webspace is set, the $path is relative to 'fileadminDir' in TYPO3_CONF_VARS, otherwise $path is absolute. 'fileadminDir' must be set to allow mounting of relative paths. param: string Type of filemount; Can be blank (regular) or "user" / "group" (for user and group filemounts presumably). Probably sets the icon first and foremost. return: boolean Returns "1" if the requested filemount was mounted, otherwise no return value. |
| addTScomment($str) X-Ref |
| Creates a TypoScript comment with the string text inside. param: string The text to wrap in comment prefixes and delimiters. return: string TypoScript comment with the string text inside. |
| workspaceInit() X-Ref |
| Initializing workspace. Called from within this function, see fetchGroupData() return: void |
| checkWorkspace($wsRec,$fields='uid,title,adminusers,members,reviewers,publish_access,stagechg_notification') X-Ref |
| Checking if a workspace is allowed for backend user param: mixed If integer, workspace record is looked up, if array it is seen as a Workspace record with at least uid, title, members and adminusers columns. Can be faked for workspaces uid 0 and -1 (online and offline) param: string List of fields to select. Default fields are: uid,title,adminusers,members,reviewers,publish_access,stagechg_notification return: array TRUE if access. Output will also show how access was granted. Admin users will have a true output regardless of input. |
| checkWorkspaceCurrent() X-Ref |
| Uses checkWorkspace() to check if current workspace is available for user. This function caches the result and so can be called many times with no performance loss. return: array See checkWorkspace() |
| setWorkspace($workspaceId) X-Ref |
| Setting workspace ID param: integer ID of workspace to set for backend user. If not valid the default workspace for BE user is found and set. return: void |
| setWorkspacePreview($previewState) X-Ref |
| Setting workspace preview state for user: param: boolean State of user preview. return: void |
| getDefaultWorkspace() X-Ref |
| Return default workspace ID for user return: integer Default workspace id. If no workspace is available it will be "-99" |
| writelog($type,$action,$error,$details_nr,$details,$data,$tablename='',$recuid='',$recpid='',$event_pid=-1,$NEWid='',$userId=0) X-Ref |
| Writes an entry in the logfile/table Documentation in "TYPO3 Core API" param: integer Denotes which module that has submitted the entry. See "TYPO3 Core API". Use "4" for extensions. param: integer Denotes which specific operation that wrote the entry. Use "0" when no sub-categorizing applies param: integer Flag. 0 = message, 1 = error (user problem), 2 = System Error (which should not happen), 3 = security notice (admin) param: integer The message number. Specific for each $type and $action. This will make it possible to translate errormessages to other languages param: string Default text that follows the message (in english!). Possibly translated by identification through type/action/details_nr param: array Data that follows the log. Might be used to carry special information. If an array the first 5 entries (0-4) will be sprintf'ed with the details-text param: string Table name. Special field used by tce_main.php. param: integer Record UID. Special field used by tce_main.php. param: integer Record PID. Special field used by tce_main.php. OBSOLETE param: integer The page_uid (pid) where the event occurred. Used to select log-content for specific pages. param: string Special field used by tce_main.php. NEWid string of newly created records. param: integer Alternative Backend User ID (used for logging login actions where this is not yet known). return: integer Log entry ID. |
| simplelog($message, $extKey='', $error=0) X-Ref |
| Simple logging function param: string Log message param: string Option extension key / module name param: integer Error level. 0 = message, 1 = error (user problem), 2 = System Error (which should not happen), 3 = security notice (admin) return: integer Log entry UID |
| checkLogFailures($email, $secondsBack=3600, $max=3) X-Ref |
| Sends a warning to $email if there has been a certain amount of failed logins during a period. If a login fails, this function is called. It will look up the sys_log to see if there has been more than $max failed logins the last $secondsBack seconds (default 3600). If so, an email with a warning is sent to $email. param: string Email address param: integer Number of sections back in time to check. This is a kind of limit for how many failures an hour for instance. param: integer Max allowed failures before a warning mail is sent return: void |
| Généré le : Sun Nov 25 17:13:16 2007 | par Balluche grâce à PHPXref 0.7 |
|
|