TYPO3: tslib_cObj Class Reference

00001 <?php
00002 /***************************************************************
00003 *  Copyright notice
00004 *
00005 *  (c) 1999-2006 Kasper Skaarhoj (kasperYYYY@typo3.com)
00006 *  All rights reserved
00007 *
00008 *  This script is part of the TYPO3 project. The TYPO3 project is
00009 *  free software; you can redistribute it and/or modify
00010 *  it under the terms of the GNU General Public License as published by
00011 *  the Free Software Foundation; either version 2 of the License, or
00012 *  (at your option) any later version.
00013 *
00014 *  The GNU General Public License can be found at
00015 *  http://www.gnu.org/copyleft/gpl.html.
00016 *  A copy is found in the textfile GPL.txt and important notices to the license
00017 *  from the author is found in LICENSE.txt distributed with these scripts.
00018 *
00019 *
00020 *  This script is distributed in the hope that it will be useful,
00021 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
00022 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00023 *  GNU General Public License for more details.
00024 *
00025 *  This copyright notice MUST APPEAR in all copies of the script!
00026 ***************************************************************/
00102         // Need this for parsing User TSconfig
00103 require_once (PATH_t3lib.'class.t3lib_tsparser.php');
00104 
00105 
00106 
00107 
00108 
00109 
00110 
00111 
00112 
00113 
00114 
00115 
00116 
00117 
00118 
00119 
00120 
00121 
00122 
00123 
00124 
00135 class t3lib_userAuthGroup extends t3lib_userAuth {
00136         var $usergroup_column = 'usergroup';            // Should be set to the usergroup-column (id-list) in the user-record
00137         var $usergroup_table = 'be_groups';                     // The name of the group-table
00138 
00139                 // internal
00140         var $groupData = Array(                         // This array holds lists of eg. tables, fields and other values related to the permission-system. See fetchGroupData
00141                 'filemounts' => Array()                 // Filemounts are loaded here
00142         );
00143         var $workspace = -99;                           // User workspace. -99 is ERROR (none available), -1 is offline, 0 is online, >0 is custom workspaces.
00144         var $workspaceRec = array();            // Custom workspace record if any
00145 
00146         var $userGroups = Array();                      // This array will hold the groups that the user is a member of
00147         var $userGroupsUID = Array();           // This array holds the uid's of the groups in the listed order
00148         var $groupList ='';                                     // This is $this->userGroupsUID imploded to a comma list... Will correspond to the 'usergroup_cached_list'
00149         var $dataLists=array(                           // Used internally to accumulate data for the user-group. DONT USE THIS EXTERNALLY! Use $this->groupData instead
00150                 'webmount_list'=>'',
00151                 'filemount_list'=>'',
00152                 'modList'=>'',
00153                 'tables_select'=>'',
00154                 'tables_modify'=>'',
00155                 'pagetypes_select'=>'',
00156                 'non_exclude_fields'=>'',
00157                 'explicit_allowdeny'=>'',
00158                 'allowed_languages' => '',
00159                 'workspace_perms' => '',
00160                 'custom_options' => '',
00161         );
00162         var $includeHierarchy=array();          // For debugging/display of order in which subgroups are included.
00163         var $includeGroupArray=array();         // List of group_id's in the order they are processed.
00164 
00165         var $OS='';                                                     // Set to 'WIN', if windows
00166         var $TSdataArray=array();                       // Used to accumulate the TSconfig data of the user
00167         var $userTS_text = '';                          // Contains the non-parsed user TSconfig
00168         var $userTS = array();                          // Contains the parsed user TSconfig
00169         var $userTSUpdated=0;                           // Set internally if the user TSconfig was parsed and needs to be cached.
00170         var $userTS_dontGetCached=0;            // Set this from outside if you want the user TSconfig to ALWAYS be parsed and not fetched from cache.
00171 
00172         var $RTE_errors = array();                      // RTE availability errors collected.
00173         var $errorMsg = '';                                     // Contains last error message
00174 
00175         var $checkWorkspaceCurrent_cache=NULL;  // Cache for checkWorkspaceCurrent()
00176 
00177 
00178 
00179 
00180 
00181 
00182 
00183 
00184 
00185 
00186 
00187         /************************************
00188          *
00189          * Permission checking functions:
00190          *
00191          ************************************/
00192 
00199         function isAdmin()      {
00200                 return (($this->user['admin']&1) ==1);
00201         }
00202 
00211         function isMemberOfGroup($groupId)      {
00212                 $groupId = intval($groupId);
00213                 if ($this->groupList && $groupId)       {
00214                         return $this->inList($this->groupList, $groupId);
00215                 }
00216         }
00217 
00233         function doesUserHaveAccess($row,$perms)        {
00234                 $userPerms = $this->calcPerms($row);
00235                 return ($userPerms & $perms)==$perms;
00236         }
00237 
00250         function isInWebMount($id,$readPerms='',$exitOnError=0) {
00251                 if (!$GLOBALS['TYPO3_CONF_VARS']['BE']['lockBeUserToDBmounts'] || $this->isAdmin())     return 1;
00252                 $id = intval($id);
00253 
00254                         // Check if input id is an offline version page in which case we will map id to the online version:
00255                 $checkRec = t3lib_beFUnc::getRecord('pages',$id,'pid,t3ver_oid');
00256                 if ($checkRec['pid']==-1)       {
00257                         $id = intval($checkRec['t3ver_oid']);
00258                 }
00259 
00260                 if (!$readPerms)        $readPerms = $this->getPagePermsClause(1);
00261                 if ($id>0)      {
00262                         $wM = $this->returnWebmounts();
00263                         $rL = t3lib_BEfunc::BEgetRootLine($id,' AND '.$readPerms);
00264 
00265                         foreach($rL as $v)      {
00266                                 if ($v['uid'] && in_array($v['uid'],$wM))       {
00267                                         return $v['uid'];
00268                                 }
00269                         }
00270                 }
00271                 if ($exitOnError)       {
00272                         t3lib_BEfunc::typo3PrintError ('Access Error','This page is not within your DB-mounts',0);
00273                         exit;
00274                 }
00275         }
00276 
00284         function modAccess($conf,$exitOnError)  {
00285                 if (!t3lib_BEfunc::isModuleSetInTBE_MODULES($conf['name']))     {
00286                         if ($exitOnError)       {
00287                                 t3lib_BEfunc::typo3PrintError ('Fatal Error','This module "'.$conf['name'].'" is not enabled in TBE_MODULES',0);
00288                                 exit;
00289                         }
00290                         return FALSE;
00291                 }
00292 
00293                         // Workspaces check:
00294                 if ($conf['workspaces'])        {
00295                         if (($this->workspace===0 && t3lib_div::inList($conf['workspaces'],'online')) ||
00296                                 ($this->workspace===-1 && t3lib_div::inList($conf['workspaces'],'offline')) ||
00297                                 ($this->workspace>0 && t3lib_div::inList($conf['workspaces'],'custom')))        {
00298                                         // ok, go on...
00299                         } else {
00300                                 if ($exitOnError)       {
00301                                         t3lib_BEfunc::typo3PrintError ('Workspace Error','This module "'.$conf['name'].'" is not available under the current workspace',0);
00302                                         exit;
00303                                 }
00304                                 return FALSE;
00305                         }
00306                 }
00307 
00308                         // Returns true if conf[access] is not set at all or if the user is admin
00309                 if (!$conf['access']  ||  $this->isAdmin()) return TRUE;
00310 
00311                         // If $conf['access'] is set but not with 'admin' then we return true, if the module is found in the modList
00312                 if (!strstr($conf['access'],'admin') && $conf['name'])  {
00313                         $acs = $this->check('modules',$conf['name']);
00314                 }
00315                 if (!$acs && $exitOnError)      {
00316                         t3lib_BEfunc::typo3PrintError ('Access Error','You don\'t have access to this module.',0);
00317                         exit;
00318                 } else return $acs;
00319         }
00320 
00335         function getPagePermsClause($perms)     {
00336                 global $TYPO3_CONF_VARS;
00337                 if (is_array($this->user))      {
00338                         if ($this->isAdmin())   {
00339                                 return ' 1=1';
00340                         }
00341 
00342                         $perms = intval($perms);        // Make sure it's integer.
00343                         $str= ' ('.
00344                                 '(pages.perms_everybody & '.$perms.' = '.$perms.')'.    // Everybody
00345                                 'OR(pages.perms_userid = '.$this->user['uid'].' AND pages.perms_user & '.$perms.' = '.$perms.')';       // User
00346                         if ($this->groupList)   {
00347                                 $str.= 'OR(pages.perms_groupid in ('.$this->groupList.') AND pages.perms_group & '.$perms.' = '.$perms.')';     // Group (if any is set)
00348                         }
00349                         $str.=')';
00350 
00351                         // ****************
00352                         // getPagePermsClause-HOOK
00353                         // ****************
00354                         if (is_array($TYPO3_CONF_VARS['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['getPagePermsClause'])) {
00355 
00356                                 foreach($TYPO3_CONF_VARS['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['getPagePermsClause'] as $_funcRef) {
00357                                         $_params = array('currentClause' => $str, 'perms' => $perms);
00358                                         $str = t3lib_div::callUserFunction($_funcRef, $_params, $this);
00359                                 }
00360                         }
00361 
00362                         return $str;
00363                 } else {
00364                         return ' 1=0';
00365                 }
00366         }
00367 
00376         function calcPerms($row)        {
00377                 global $TYPO3_CONF_VARS;
00378                 if ($this->isAdmin()) {return 31;}              // Return 31 for admin users.
00379 
00380                 $out=0;
00381                 if (isset($row['perms_userid']) && isset($row['perms_user']) && isset($row['perms_groupid']) && isset($row['perms_group']) && isset($row['perms_everybody']) && isset($this->groupList))        {
00382                         if ($this->user['uid']==$row['perms_userid'])   {
00383                                 $out|=$row['perms_user'];
00384                         }
00385                         if ($this->isMemberOfGroup($row['perms_groupid']))      {
00386                                 $out|=$row['perms_group'];
00387                         }
00388                         $out|=$row['perms_everybody'];
00389                 }
00390 
00391                 // ****************
00392                 // CALCPERMS hook
00393                 // ****************
00394                 if (is_array($TYPO3_CONF_VARS['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['calcPerms'])) {
00395                         foreach($TYPO3_CONF_VARS['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['calcPerms'] as $_funcRef) {
00396                                 $_params = array(
00397                                         'row' => $row,
00398                                         'outputPermissions' => $out
00399                                 );
00400                                 $out = t3lib_div::callUserFunction($_funcRef, $_params, $this);
00401                         }
00402                 }
00403 
00404                 return $out;
00405         }
00406 
00414         function isRTE()        {
00415                 global $CLIENT;
00416 
00417                         // Start:
00418                 $this->RTE_errors = array();
00419                 if (!$this->uc['edit_RTE'])
00420                         $this->RTE_errors[] = 'RTE is not enabled for user!';
00421                 if (!$GLOBALS['TYPO3_CONF_VARS']['BE']['RTEenabled'])
00422                         $this->RTE_errors[] = 'RTE is not enabled in $TYPO3_CONF_VARS["BE"]["RTEenabled"]';
00423 
00424 
00425                         // Acquire RTE object:
00426                 $RTE = &t3lib_BEfunc::RTEgetObj();
00427                 if (!is_object($RTE))   {
00428                         $this->RTE_errors = array_merge($this->RTE_errors, $RTE);
00429                 }
00430 
00431                 if (!count($this->RTE_errors))  {
00432                         return TRUE;
00433                 } else {
00434                         return FALSE;
00435                 }
00436         }
00437 
00448         function check($type,$value)    {
00449                 if (isset($this->groupData[$type]))     {
00450                         if ($this->isAdmin() || $this->inList($this->groupData[$type],$value)) {
00451                                 return 1;
00452                         }
00453                 }
00454         }
00455 
00465         function checkAuthMode($table,$field,$value,$authMode)  {
00466                 global $TCA;
00467 
00468                         // Admin users can do anything:
00469                 if ($this->isAdmin())   return TRUE;
00470 
00471                         // Allow all blank values:
00472                 if (!strcmp($value,'')) return TRUE;
00473 
00474                         // Certain characters are not allowed in the value
00475                 if (ereg('[:|,]',$value))       {
00476                         return FALSE;
00477                 }
00478 
00479                         // Initialize:
00480                 $testValue = $table.':'.$field.':'.$value;
00481                 $out = TRUE;
00482 
00483                         // Checking value:
00484                 switch((string)$authMode)       {
00485                         case 'explicitAllow':
00486                                 if (!$this->inList($this->groupData['explicit_allowdeny'],$testValue.':ALLOW')) {
00487                                         $out = FALSE;
00488                                 }
00489                         break;
00490                         case 'explicitDeny':
00491                                 if ($this->inList($this->groupData['explicit_allowdeny'],$testValue.':DENY'))   {
00492                                         $out = FALSE;
00493                                 }
00494                         break;
00495                         case 'individual':
00496                                 t3lib_div::loadTCA($table);
00497                                 if (is_array($TCA[$table]) && is_array($TCA[$table]['columns'][$field]))        {
00498                                         $items = $TCA[$table]['columns'][$field]['config']['items'];
00499                                         if (is_array($items))   {
00500                                                 foreach($items as $iCfg)        {
00501                                                         if (!strcmp($iCfg[1],$value) && $iCfg[4])       {
00502                                                                 switch((string)$iCfg[4])        {
00503                                                                         case 'EXPL_ALLOW':
00504                                                                                 if (!$this->inList($this->groupData['explicit_allowdeny'],$testValue.':ALLOW')) {
00505                                                                                         $out = FALSE;
00506                                                                                 }
00507                                                                         break;
00508                                                                         case 'EXPL_DENY':
00509                                                                                 if ($this->inList($this->groupData['explicit_allowdeny'],$testValue.':DENY'))   {
00510                                                                                         $out = FALSE;
00511                                                                                 }
00512                                                                         break;
00513                                                                 }
00514                                                                 break;
00515                                                         }
00516                                                 }
00517                                         }
00518                                 }
00519                         break;
00520                 }
00521 
00522                 return $out;
00523         }
00524 
00531         function checkLanguageAccess($langValue)        {
00532                 if (strcmp($this->groupData['allowed_languages'],''))   {       // The users language list must be non-blank - otherwise all languages are allowed.
00533                         $langValue = intval($langValue);
00534                         if ($langValue != -1 && !$this->check('allowed_languages',$langValue))  {       // Language must either be explicitly allowed OR the lang Value be "-1" (all languages)
00535                                 return FALSE;
00536                         }
00537                 }
00538                 return TRUE;
00539         }
00540 
00553         function recordEditAccessInternals($table,$idOrRow,$newRecord=FALSE)    {
00554                 global $TCA;
00555 
00556                 if (isset($TCA[$table]))        {
00557                         t3lib_div::loadTCA($table);
00558 
00559                                 // Always return true for Admin users.
00560                         if ($this->isAdmin())   return TRUE;
00561 
00562                                 // Fetching the record if the $idOrRow variable was not an array on input:
00563                         if (!is_array($idOrRow))        {
00564                                 $idOrRow = t3lib_BEfunc::getRecord($table, $idOrRow);
00565                                 if (!is_array($idOrRow))        {
00566                                         $this->errorMsg = 'ERROR: Record could not be fetched.';
00567                                         return FALSE;
00568                                 }
00569                         }
00570 
00571                                 // Checking languages:
00572                         if ($TCA[$table]['ctrl']['languageField'])      {
00573                                 if (isset($idOrRow[$TCA[$table]['ctrl']['languageField']]))     {       // Language field must be found in input row - otherwise it does not make sense.
00574                                         if (!$this->checkLanguageAccess($idOrRow[$TCA[$table]['ctrl']['languageField']]))       {
00575                                                 $this->errorMsg = 'ERROR: Language was not allowed.';
00576                                                 return FALSE;
00577                                         }
00578                                 } else {
00579                                         $this->errorMsg = 'ERROR: The "languageField" field named "'.$TCA[$table]['ctrl']['languageField'].'" was not found in testing record!';
00580                                         return FALSE;
00581                                 }
00582                         }
00583 
00584                                 // Checking authMode fields:
00585                         if (is_array($TCA[$table]['columns']))  {
00586                                 foreach($TCA[$table]['columns'] as $fN => $fV)  {
00587                                         if (isset($idOrRow[$fN]))       {       //
00588                                                 if ($fV['config']['type']=='select' && $fV['config']['authMode'] && !strcmp($fV['config']['authMode_enforce'],'strict')) {
00589                                                         if (!$this->checkAuthMode($table,$fN,$idOrRow[$fN],$fV['config']['authMode']))  {
00590                                                                 $this->errorMsg = 'ERROR: authMode "'.$fV['config']['authMode'].'" failed for field "'.$fN.'" with value "'.$idOrRow[$fN].'" evaluated';
00591                                                                 return FALSE;
00592                                                         }
00593                                                 }
00594                                         }
00595                                 }
00596                         }
00597 
00598                                 // Checking "editlock" feature (doesn't apply to new records)
00599                         if (!$newRecord && $TCA[$table]['ctrl']['editlock'])    {
00600                                 if (isset($idOrRow[$TCA[$table]['ctrl']['editlock']]))  {
00601                                         if ($idOrRow[$TCA[$table]['ctrl']['editlock']]) {
00602                                                 $this->errorMsg = 'ERROR: Record was locked for editing. Only admin users can change this state.';
00603                                                 return FALSE;
00604                                         }
00605                                 } else {
00606                                         $this->errorMsg = 'ERROR: The "editLock" field named "'.$TCA[$table]['ctrl']['editlock'].'" was not found in testing record!';
00607                                         return FALSE;
00608                                 }
00609                         }
00610 
00611                                 // Checking record permissions
00612                         // THIS is where we can include a check for "perms_" fields for other records than pages...
00613 
00614                                 // Process any hooks
00615                         if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['recordEditAccessInternals']))    {
00616                                 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['recordEditAccessInternals'] as $funcRef)     {
00617                                         $params = array(
00618                                                 'table' => $table,
00619                                                 'idOrRow' => $idOrRow,
00620                                                 'newRecord' => $newRecord
00621                                         );
00622                                         if (!t3lib_div::callUserFunction($funcRef, $params, $this)) {
00623                                                 return FALSE;
00624                                         }
00625                                 }
00626                         }
00627 
00628                                 // Finally, return true if all is well.
00629                         return TRUE;
00630                 }
00631         }
00632 
00642         function isPSet($lCP,$table,$type='')   {
00643                 if ($this->isAdmin())   return true;
00644                 if ($table=='pages')    {
00645                         if ($type=='edit')      return $lCP & 2;
00646                         if ($type=='new')       return ($lCP & 8) || ($lCP & 16);       // Create new page OR pagecontent
00647                         if ($type=='delete')    return $lCP & 4;
00648                         if ($type=='editcontent')       return $lCP & 16;
00649                 } else {
00650                         return $lCP & 16;
00651                 }
00652         }
00653 
00659         function mayMakeShortcut()      {
00660                 return $this->getTSConfigVal('options.shortcutFrame') && !$this->getTSConfigVal('options.mayNotCreateEditShortcuts');
00661         }
00662 
00673         function workspaceCannotEditRecord($table,$recData)     {
00674 
00675                 if ($this->workspace!==0)       {       // Only test offline spaces:
00676 
00677                         if (!is_array($recData))        {
00678                                 $recData = t3lib_BEfunc::getRecord($table,$recData,'pid'.($GLOBALS['TCA'][$table]['ctrl']['versioningWS']?',t3ver_wsid,t3ver_stage':''));
00679                         }
00680 
00681                         if (is_array($recData)) {
00682                                 if ((int)$recData['pid']===-1)  {       // We are testing a "version" (identified by a pid of -1): it can be edited provided that workspace matches and versioning is enabled for the table.
00683                                         if (!$GLOBALS['TCA'][$table]['ctrl']['versioningWS'])   {       // No versioning, basic error, inconsistency even! Such records should not have a pid of -1!
00684                                                 return 'Versioning disabled for table';
00685                                         } elseif ((int)$recData['t3ver_wsid']!==$this->workspace)       {       // So does workspace match?
00686                                                 return 'Workspace ID of record didn\'t match current workspace';
00687                                         } else {        // So what about the stage of the version, does that allow editing for this user?
00688                                                 return $this->workspaceCheckStageForCurrent($recData['t3ver_stage']) ? FALSE : 'Record stage "'.$recData['t3ver_stage'].'" and users access level did not allow for editing';
00689                                         }
00690                                 } else {        // We are testing a "live" record:
00691                                         if ($res = $this->workspaceAllowLiveRecordsInPID($recData['pid'], $table)) {    // For "Live" records, check that PID for table allows editing
00692                                                         // Live records are OK in this branch, but what about the stage of branch point, if any:
00693                                                 return $res>0 ? FALSE : 'Stage for versioning root point and users access level did not allow for editing';     // OK
00694                                         } else {        // If not offline and not in versionized branch, output error:
00695                                                 return 'Online record was not in versionized branch!';
00696                                         }
00697                                 }
00698                         } else return 'No record';
00699                 } else {
00700                         return FALSE;   // OK because workspace is 0
00701                 }
00702         }
00703 
00712         function workspaceCannotEditOfflineVersion($table,$recData)     {
00713                 if ($GLOBALS['TCA'][$table]['ctrl']['versioningWS'])    {
00714 
00715                         if (!is_array($recData))        {
00716                                 $recData = t3lib_BEfunc::getRecord($table,$recData,'uid,pid,t3ver_wsid,t3ver_stage');
00717                         }
00718                         if (is_array($recData)) {
00719                                 if ((int)$recData['pid']===-1)  {
00720                                         return $this->workspaceCannotEditRecord($table,$recData);
00721                                 } else return 'Not an offline version';
00722                         } else return 'No record';
00723                 } else return 'Table does not support versioning.';
00724         }
00725 
00735         function workspaceAllowLiveRecordsInPID($pid, $table)   {
00736 
00737                         // Always for Live workspace AND if live-edit is enabled and tables are completely without versioning it is ok as well.
00738                 if ($this->workspace===0 || ($this->workspaceRec['live_edit'] && !$GLOBALS['TCA'][$table]['ctrl']['versioningWS']))     {
00739                         return 2;       // OK to create for this table.
00740                 } elseif (t3lib_BEfunc::isPidInVersionizedBranch($pid, $table)) {       // Check if records from $table can be created with this PID: Either if inside "branch" versioning type or a "versioning_followPages" table on a "page" versioning type.
00741                                 // Now, check what the stage of that "page" or "branch" version type is:
00742                         $stage = t3lib_BEfunc::isPidInVersionizedBranch($pid, $table, TRUE);
00743                         return $this->workspaceCheckStageForCurrent($stage) ? 1 : -1;
00744                 } else {
00745                         return FALSE;   // If the answer is FALSE it means the only valid way to create or edit records in the PID is by versioning
00746                 }
00747         }
00748 
00756         function workspaceCreateNewRecord($pid, $table) {
00757                 if ($res = $this->workspaceAllowLiveRecordsInPID($pid,$table))  {       // If LIVE records cannot be created in the current PID due to workspace restrictions, prepare creation of placeholder-record
00758                         if ($res<0)     {
00759                                 return FALSE;   // Stage for versioning root point and users access level did not allow for editing
00760                         }
00761                 } elseif (!$GLOBALS['TCA'][$table]['ctrl']['versioningWS'])     {       // So, if no live records were allowed, we have to create a new version of this record:
00762                         return FALSE;
00763                 }
00764                 return TRUE;
00765         }
00766 
00775         function workspaceAllowAutoCreation($table,$id,$recpid) {
00776                         // Auto-creation of version: In offline workspace, test if versioning is enabled and look for workspace version of input record. If there is no versionized record found we will create one and save to that.
00777                 if ($this->workspace!==0        // Only in draft workspaces
00778                         && !$this->workspaceRec['disable_autocreate']   // Auto-creation must not be disabled.
00779                         && $GLOBALS['TCA'][$table]['ctrl']['versioningWS']      // Table must be versionizable
00780                         && $recpid >= 0 // The PID of the record must NOT be -1 or less (would indicate that it already was a version!)
00781                         && !t3lib_BEfunc::getWorkspaceVersionOfRecord($this->workspace, $table, $id, 'uid')     // There must be no existing version of this record in workspace.
00782                         && !t3lib_BEfunc::isPidInVersionizedBranch($recpid, $table))    {       // PID must NOT be in a versionized branch either
00783                                 return TRUE;
00784                 }
00785         }
00786 
00796         function workspaceCheckStageForCurrent($stage)  {
00797                 if ($this->isAdmin())   return TRUE;
00798 
00799                 if ($this->workspace>0) {
00800                         $stat = $this->checkWorkspaceCurrent();
00801                         $memberStageLimit = $this->workspaceRec['review_stage_edit'] ? 1 : 0;
00802                         if (($stage<=$memberStageLimit && $stat['_ACCESS']==='member') ||
00803                                 ($stage<=1 && $stat['_ACCESS']==='reviewer') ||
00804                                 ($stat['_ACCESS']==='owner')) {
00805                                         return TRUE;    // OK for these criteria
00806                         }
00807                 } else return TRUE;     // Always OK for live and draft workspaces.
00808         }
00809 
00820         function workspacePublishAccess($wsid)  {
00821                 if ($this->isAdmin())   return TRUE;
00822 
00823                         // If no access to workspace, of course you cannot publish!
00824                 $retVal = FALSE;
00825 
00826                 $wsAccess = $this->checkWorkspace($wsid);
00827                 if ($wsAccess)  {
00828                         switch($wsAccess['uid'])        {
00829                                 case 0:         // Live workspace
00830                                         $retVal =  TRUE;        // If access to Live workspace, no problem.
00831                                 break;
00832                                 case -1:        // Default draft workspace
00833                                         $retVal =  $this->checkWorkspace(0) ? TRUE : FALSE;     // If access to Live workspace, no problem.
00834                                 break;
00835                                 default:        // Custom workspace
00836                                         $retVal =  $wsAccess['_ACCESS'] === 'owner' || ($this->checkWorkspace(0) && !($wsAccess['publish_access']&2));  // Either be an adminuser OR have access to online workspace which is OK as well as long as publishing access is not limited by workspace option.
00837                                 break;
00838                         }
00839                 }
00840                 return $retVal;
00841         }
00842 
00848         function workspaceSwapAccess()  {
00849                 if ($this->workspace>0 && (int)$this->workspaceRec['swap_modes']===2)   {
00850                         return FALSE;
00851                 } else return TRUE;
00852         }
00853 
00860         function workspaceVersioningTypeAccess($type)   {
00861                 $retVal = FALSE;
00862 
00863                 if ($this->workspace>0 && !$this->isAdmin())    {
00864                         $stat = $this->checkWorkspaceCurrent();
00865                         if ($stat['_ACCESS']!=='owner') {
00866 
00867                                 $type = t3lib_div::intInRange($type,-1);
00868                                 switch((int)$type)      {
00869                                         case -1:
00870                                                 $retVal = $this->workspaceRec['vtypes']&1 ? FALSE : TRUE;
00871                                         break;
00872                                         case 0:
00873                                                 $retVal = $this->workspaceRec['vtypes']&2 ? FALSE : TRUE;
00874                                         break;
00875                                         default:
00876                                                 $retVal = $this->workspaceRec['vtypes']&4 ? FALSE : TRUE;
00877                                         break;
00878                                 }
00879                         } else $retVal = TRUE;
00880                 } else $retVal = TRUE;
00881 
00882                 return $retVal;
00883         }
00884 
00891         function workspaceVersioningTypeGetClosest($type)       {
00892                 $type = t3lib_div::intInRange($type,-1);
00893 
00894                 if ($this->workspace>0) {
00895                         switch((int)$type)      {
00896                                 case -1:
00897                                         $type = -1;
00898                                 break;
00899                                 case 0:
00900                                         $type = $this->workspaceVersioningTypeAccess($type) ? $type : -1;
00901                                 break;
00902                                 default:
00903                                         $type = $this->workspaceVersioningTypeAccess($type) ? $type : ($this->workspaceVersioningTypeAccess(0) ? 0 : -1);
00904                                 break;
00905                         }
00906                 }
00907                 return $type;
00908         }
00909 
00910 
00911 
00912 
00913 
00914 
00915 
00916 
00917 
00918 
00919         /*************************************
00920          *
00921          * Miscellaneous functions
00922          *
00923          *************************************/
00924 
00934         function getTSConfig($objectString,$config='')  {
00935                 if (!is_array($config)) {
00936                         $config=$this->userTS;  // Getting Root-ts if not sent
00937                 }
00938                 $TSConf=array();
00939                 $parts = explode('.',$objectString,2);
00940                 $key = $parts[0];
00941                 if (trim($key)) {
00942                         if (count($parts)>1 && trim($parts[1])) {
00943                                 // Go on, get the next level
00944                                 if (is_array($config[$key.'.']))        $TSConf = $this->getTSConfig($parts[1],$config[$key.'.']);
00945                         } else {
00946                                 $TSConf['value']=$config[$key];
00947                                 $TSConf['properties']=$config[$key.'.'];
00948                         }
00949                 }
00950                 return $TSConf;
00951         }
00952 
00960         function getTSConfigVal($objectString)  {
00961                 $TSConf = $this->getTSConfig($objectString);
00962                 return $TSConf['value'];
00963         }
00964 
00972         function getTSConfigProp($objectString) {
00973                 $TSConf = $this->getTSConfig($objectString);
00974                 return $TSConf['properties'];
00975         }
00976 
00984         function inList($in_list,$item) {
00985                 return strstr(','.$in_list.',', ','.$item.',');
00986         }
00987 
00995         function returnWebmounts()      {
00996                 return (string)($this->groupData['webmounts'])!='' ? explode(',',$this->groupData['webmounts']) : Array();
00997         }
00998 
01005         function returnFilemounts()     {
01006                 return $this->groupData['filemounts'];
01007         }
01008 
01022          function jsConfirmation($bitmask)      {
01023                  $alertPopup = $GLOBALS['BE_USER']->getTSConfig('options.alertPopups');
01024                  if (empty($alertPopup['value']))       {
01025                          $alertPopup = 255;     // default: show all warnings
01026                  } else {
01027                          $alertPopup = (int)$alertPopup['value'];
01028                  }
01029                  if(($alertPopup&$bitmask) == $bitmask) { // show confirmation
01030                          return 1;
01031                  } else { // don't show confirmation
01032                          return 0;
01033                  }
01034          }
01035 
01036 
01037 
01038 
01039 
01040 
01041 
01042 
01043 
01044         /*************************************
01045          *
01046          * Authentication methods
01047          *
01048          *************************************/
01049 
01050 
01060         function fetchGroupData()       {
01061                 if ($this->user['uid']) {
01062 
01063                                 // Get lists for the be_user record and set them as default/primary values.
01064                         $this->dataLists['modList'] = $this->user['userMods'];                                  // Enabled Backend Modules
01065                         $this->dataLists['allowed_languages'] = $this->user['allowed_languages'];                                       // Add Allowed Languages
01066                         $this->dataLists['workspace_perms'] = $this->user['workspace_perms'];                                   // Set user value for workspace permissions.
01067                         $this->dataLists['webmount_list'] = $this->user['db_mountpoints'];              // Database mountpoints
01068                         $this->dataLists['filemount_list'] = $this->user['file_mountpoints'];   // File mountpoints
01069 
01070                                 // Setting default User TSconfig:
01071                         $this->TSdataArray[]=$this->addTScomment('From $GLOBALS["TYPO3_CONF_VARS"]["BE"]["defaultUserTSconfig"]:').
01072                                                                         $GLOBALS['TYPO3_CONF_VARS']['BE']['defaultUserTSconfig'];
01073 
01074                                 // Default TSconfig for admin-users
01075                         if ($this->isAdmin())   {
01076                                 $this->TSdataArray[]=$this->addTScomment('"admin" user presets:').'
01077                                         admPanel.enable.all = 1
01078                                         options.shortcutFrame = 1
01079                                 ';
01080                                 if (t3lib_extMgm::isLoaded('sys_note')) {
01081                                         $this->TSdataArray[]='
01082                                                 // Setting defaults for sys_note author / email...
01083                                                 TCAdefaults.sys_note.author = '.$this->user['realName'].'
01084                                                 TCAdefaults.sys_note.email = '.$this->user['email'].'
01085                                         ';
01086                                 }
01087                         }
01088 
01089                                 // FILE MOUNTS:
01090                                 // Admin users has the base fileadmin dir mounted
01091                         if ($this->isAdmin() && $GLOBALS['TYPO3_CONF_VARS']['BE']['fileadminDir'])      {
01092                                 $this->addFileMount($GLOBALS['TYPO3_CONF_VARS']['BE']['fileadminDir'], '', PATH_site.$GLOBALS['TYPO3_CONF_VARS']['BE']['fileadminDir'], 0, '');
01093                         }
01094 
01095                                 // If userHomePath is set, we attempt to mount it
01096                         if ($GLOBALS['TYPO3_CONF_VARS']['BE']['userHomePath'])  {
01097                                         // First try and mount with [uid]_[username]
01098                                 $didMount=$this->addFileMount($this->user['username'], '',$GLOBALS['TYPO3_CONF_VARS']['BE']['userHomePath'].$this->user['uid'].'_'.$this->user['username'].$GLOBALS['TYPO3_CONF_VARS']['BE']['userUploadDir'], 0, 'user');
01099                                 if (!$didMount) {
01100                                                 // If that failed, try and mount with only [uid]
01101                                         $this->addFileMount($this->user['username'], '', $GLOBALS['TYPO3_CONF_VARS']['BE']['userHomePath'].$this->user['uid'].$GLOBALS['TYPO3_CONF_VARS']['BE']['userUploadDir'], 0, 'user');
01102                                 }
01103                         }
01104 
01105                                 // BE_GROUPS:
01106                                 // Get the groups...
01107 #                       $grList = t3lib_BEfunc::getSQLselectableList($this->user[$this->usergroup_column],$this->usergroup_table,$this->usergroup_table);
01108                         $grList = $GLOBALS['TYPO3_DB']->cleanIntList($this->user[$this->usergroup_column]);     // 240203: Since the group-field never contains any references to groups with a prepended table name we think it's safe to just intExplode and re-implode - which should be much faster than the other function call.
01109                         if ($grList)    {
01110                                         // Fetch groups will add a lot of information to the internal arrays: modules, accesslists, TSconfig etc. Refer to fetchGroups() function.
01111                                 $this->fetchGroups($grList);
01112                         }
01113 
01114                                 // Add the TSconfig for this specific user:
01115                         $this->TSdataArray[] = $this->addTScomment('USER TSconfig field').$this->user['TSconfig'];
01116                                 // Check include lines.
01117                         $this->TSdataArray = t3lib_TSparser::checkIncludeLines_array($this->TSdataArray);
01118 
01119                                 // Parsing the user TSconfig (or getting from cache)
01120                         $this->userTS_text = implode(chr(10).'[GLOBAL]'.chr(10),$this->TSdataArray);    // Imploding with "[global]" will make sure that non-ended confinements with braces are ignored.
01121                         $hash = md5('userTS:'.$this->userTS_text);
01122                         $cachedContent = t3lib_BEfunc::getHash($hash,0);
01123                         if (isset($cachedContent) && !$this->userTS_dontGetCached)      {
01124                                 $this->userTS = unserialize($cachedContent);
01125                         } else {
01126                                 $parseObj = t3lib_div::makeInstance('t3lib_TSparser');
01127                                 $parseObj->parse($this->userTS_text);
01128                                 $this->userTS = $parseObj->setup;
01129                                 t3lib_BEfunc::storeHash($hash,serialize($this->userTS),'BE_USER_TSconfig');
01130                                         // Update UC:
01131                                 $this->userTSUpdated=1;
01132                         }
01133 
01134                                 // Processing webmounts
01135                         if ($this->isAdmin() && !$this->getTSConfigVal('options.dontMountAdminMounts')) {       // Admin's always have the root mounted
01136                                 $this->dataLists['webmount_list']='0,'.$this->dataLists['webmount_list'];
01137                         }
01138 
01139                                 // Processing filemounts
01140                         $this->dataLists['filemount_list'] = t3lib_div::uniqueList($this->dataLists['filemount_list']);
01141                         if ($this->dataLists['filemount_list']) {
01142                                 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('*', 'sys_filemounts', 'deleted=0 AND hidden=0 AND pid=0 AND uid IN ('.$this->dataLists['filemount_list'].')');
01143                                 while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res))      {
01144                                         $this->addFileMount($row['title'], $row['path'], $row['path'], $row['base']?1:0, '');
01145                                 }
01146                         }
01147 
01148                                 // The lists are cleaned for duplicates
01149                         $this->groupData['webmounts'] = t3lib_div::uniqueList($this->dataLists['webmount_list']);
01150                         $this->groupData['pagetypes_select'] = t3lib_div::uniqueList($this->dataLists['pagetypes_select']);
01151                         $this->groupData['tables_select'] = t3lib_div::uniqueList($this->dataLists['tables_modify'].','.$this->dataLists['tables_select']);
01152                         $this->groupData['tables_modify'] = t3lib_div::uniqueList($this->dataLists['tables_modify']);
01153                         $this->groupData['non_exclude_fields'] = t3lib_div::uniqueList($this->dataLists['non_exclude_fields']);
01154                         $this->groupData['explicit_allowdeny'] = t3lib_div::uniqueList($this->dataLists['explicit_allowdeny']);
01155                         $this->groupData['allowed_languages'] = t3lib_div::uniqueList($this->dataLists['allowed_languages']);
01156                         $this->groupData['custom_options'] = t3lib_div::uniqueList($this->dataLists['custom_options']);
01157                         $this->groupData['modules'] = t3lib_div::uniqueList($this->dataLists['modList']);
01158                         $this->groupData['workspace_perms'] = $this->dataLists['workspace_perms'];
01159 
01160                                 // populating the $this->userGroupsUID -array with the groups in the order in which they were LAST included.!!
01161                         $this->userGroupsUID = array_reverse(array_unique(array_reverse($this->includeGroupArray)));
01162 
01163                                 // Finally this is the list of group_uid's in the order they are parsed (including subgroups!) and without duplicates (duplicates are presented with their last entrance in the list, which thus reflects the order of the TypoScript in TSconfig)
01164                         $this->groupList = implode(',',$this->userGroupsUID);
01165                         $this->setCachedList($this->groupList);
01166 
01167                                 // Checking read access to webmounts:
01168                         if (trim($this->groupData['webmounts'])!=='')   {
01169                                 $webmounts = explode(',',$this->groupData['webmounts']);        // Explode mounts
01170                                 $MProws = $GLOBALS['TYPO3_DB']->exec_SELECTgetRows('uid', 'pages', 'deleted=0 AND uid IN ('.$this->groupData['webmounts'].') AND '.$this->getPagePermsClause(1),'','','','uid');        // Selecting all webmounts with permission clause for reading
01171                                 foreach($webmounts as $idx => $mountPointUid)   {
01172                                         if ($mountPointUid>0 && !isset($MProws[$mountPointUid]))        {       // If the mount ID is NOT found among selected pages, unset it:
01173                                                 unset($webmounts[$idx]);
01174                                         }
01175                                 }
01176                                 $this->groupData['webmounts'] = implode(',',$webmounts);        // Implode mounts in the end.
01177                         }
01178 
01179                                 // Setting up workspace situation (after webmounts are processed!):
01180                         $this->workspaceInit();
01181                 }
01182         }
01183 
01193         function fetchGroups($grList,$idList='')        {
01194                 global $TYPO3_CONF_VARS;
01195 
01196                         // Fetching records of the groups in $grList (which are not blocked by lockedToDomain either):
01197                 $lockToDomain_SQL = ' AND (lockToDomain=\'\' OR lockToDomain IS NULL OR lockToDomain=\''.t3lib_div::getIndpEnv('HTTP_HOST').'\')';
01198                 $whereSQL = 'deleted=0 AND hidden=0 AND pid=0 AND uid IN ('.$grList.')'.$lockToDomain_SQL;
01199 
01200                         // Hook for manipulation of the WHERE sql sentence which controls which BE-groups are included
01201                 if (is_array ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['fetchGroupQuery'])) {
01202                     foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['fetchGroupQuery'] as $classRef) {
01203                         $hookObj = &t3lib_div::getUserObj($classRef);
01204                         if(method_exists($hookObj,'fetchGroupQuery_processQuery')){
01205                             $whereSQL = $hookObj->fetchGroupQuery_processQuery($this, $grList, $idList, $whereSQL);
01206                         }
01207                     }
01208                 }
01209 
01210                 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('*', $this->usergroup_table, $whereSQL);
01211 
01212                         // The userGroups array is filled
01213                 while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res))      {
01214                         $this->userGroups[$row['uid']] = $row;
01215                 }
01216 
01217                         // Traversing records in the correct order
01218                 $include_staticArr = t3lib_div::intExplode(',',$grList);
01219                 reset($include_staticArr);
01220                 while(list(,$uid)=each($include_staticArr))     {       // traversing list
01221 
01222                                 // Get row:
01223                         $row=$this->userGroups[$uid];
01224                         if (is_array($row) && !t3lib_div::inList($idList,$uid)) {       // Must be an array and $uid should not be in the idList, because then it is somewhere previously in the grouplist
01225 
01226                                         // Include sub groups
01227                                 if (trim($row['subgroup']))     {
01228                                         $theList = implode(',',t3lib_div::intExplode(',',$row['subgroup']));    // Make integer list
01229                                         $this->fetchGroups($theList, $idList.','.$uid);         // Call recursively, pass along list of already processed groups so they are not recursed again.
01230                                 }
01231                                         // Add the group uid, current list, TSconfig to the internal arrays.
01232                                 $this->includeGroupArray[]=$uid;
01233                                 $this->includeHierarchy[]=$idList;
01234                                 $this->TSdataArray[] = $this->addTScomment('Group "'.$row['title'].'" ['.$row['uid'].'] TSconfig field:').$row['TSconfig'];
01235 
01236                                         // Mount group database-mounts
01237                                 if (($this->user['options']&1) == 1)    {       $this->dataLists['webmount_list'].= ','.$row['db_mountpoints']; }
01238 
01239                                         // Mount group file-mounts
01240                                 if (($this->user['options']&2) == 2)    {       $this->dataLists['filemount_list'].= ','.$row['file_mountpoints'];      }
01241 
01242                                         // Mount group home-dirs
01243                                 if (($this->user['options']&2) == 2)    {
01244                                                 // If groupHomePath is set, we attempt to mount it
01245                                         if ($GLOBALS['TYPO3_CONF_VARS']['BE']['groupHomePath']) {
01246                                                 $this->addFileMount($row['title'], '', $GLOBALS['TYPO3_CONF_VARS']['BE']['groupHomePath'].$row['uid'], 0, 'group');
01247                                         }
01248                                 }
01249 
01250                                         // The lists are made: groupMods, tables_select, tables_modify, pagetypes_select, non_exclude_fields, explicit_allowdeny, allowed_languages, custom_options
01251                                 if ($row['inc_access_lists']==1)        {
01252                                         $this->dataLists['modList'].= ','.$row['groupMods'];
01253                                         $this->dataLists['tables_select'].= ','.$row['tables_select'];
01254                                         $this->dataLists['tables_modify'].= ','.$row['tables_modify'];
01255                                         $this->dataLists['pagetypes_select'].= ','.$row['pagetypes_select'];
01256                                         $this->dataLists['non_exclude_fields'].= ','.$row['non_exclude_fields'];
01257                                         $this->dataLists['explicit_allowdeny'].= ','.$row['explicit_allowdeny'];
01258                                         $this->dataLists['allowed_languages'].= ','.$row['allowed_languages'];
01259                                         $this->dataLists['custom_options'].= ','.$row['custom_options'];
01260                                 }
01261 
01262                                         // Setting workspace permissions:
01263                                 $this->dataLists['workspace_perms'] |= $row['workspace_perms'];
01264 
01265                                         // If this function is processing the users OWN group-list (not subgroups) AND if the ->firstMainGroup is not set, then the ->firstMainGroup will be set.
01266                                 if (!strcmp($idList,'') && !$this->firstMainGroup)      {
01267                                         $this->firstMainGroup=$uid;
01268                                 }
01269                         }
01270                 }
01271 
01272                 // ****************
01273                 // HOOK: fetchGroups_postProcessing
01274                 // ****************
01275                 if (is_array($TYPO3_CONF_VARS['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['fetchGroups_postProcessing'])) {
01276                         foreach($TYPO3_CONF_VARS['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['fetchGroups_postProcessing'] as $_funcRef) {
01277                                 $_params = array();
01278                                 t3lib_div::callUserFunction($_funcRef, $_params, $this);
01279                         }
01280                 }
01281         }
01282 
01291         function setCachedList($cList)  {
01292                 if ((string)$cList != (string)$this->user['usergroup_cached_list'])     {
01293                         $GLOBALS['TYPO3_DB']->exec_UPDATEquery('be_users', 'uid='.intval($this->user['uid']), array('usergroup_cached_list' => $cList));
01294                 }
01295         }
01296 
01311         function addFileMount($title, $altTitle, $path, $webspace, $type)       {
01312                         // Return false if fileadminDir is not set and we try to mount a relative path
01313                 if ($webspace && !$GLOBALS['TYPO3_CONF_VARS']['BE']['fileadminDir'])    return false;
01314 
01315                         // Trimming and pre-processing
01316                 $path=trim($path);
01317                 if ($this->OS=='WIN')   {               // with WINDOWS convert backslash to slash!!
01318                         $path=str_replace('\\','/',$path);
01319                 }
01320                         // If the path is true and validates as a valid path string:
01321                 if ($path && t3lib_div::validPathStr($path))    {
01322                                 // normalize path: remove leading '/' and './', and trailing '/' and '/.'
01323                         $path=trim($path);
01324                         $path=preg_replace('#^\.?/|/\.?$#','',$path);
01325 
01326                         if ($path)      {       // there must be some chars in the path
01327                                 $fdir=PATH_site.$GLOBALS['TYPO3_CONF_VARS']['BE']['fileadminDir'];      // fileadmin dir, absolute
01328                                 if ($webspace)  {
01329                                         $path=$fdir.$path;      // PATH_site + fileadmin dir is prepended
01330                                 } else {
01331                                         if ($this->OS!='WIN')   {               // with WINDOWS no prepending!!
01332                                                 $path='/'.$path;        // root-level is the start...
01333                                         }
01334                                 }
01335                                 $path.='/';
01336 
01337                                         // We now have a path with slash after and slash before (if unix)
01338                                 if (@is_dir($path) &&
01339                                         (($GLOBALS['TYPO3_CONF_VARS']['BE']['lockRootPath'] && t3lib_div::isFirstPartOfStr($path,$GLOBALS['TYPO3_CONF_VARS']['BE']['lockRootPath'])) || t3lib_div::isFirstPartOfStr($path,$fdir)))      {
01340                                                         // Alternative title?
01341                                                 $name = $title ? $title : $altTitle;
01342                                                         // Adds the filemount. The same filemount with same name, type and path cannot be set up twice because of the hash string used as key.
01343                                                 $this->groupData['filemounts'][md5($name.'|'.$path.'|'.$type)] = Array('name'=>$name, 'path'=>$path, 'type'=>$type);
01344                                                         // Return true - went well, success!
01345                                                 return 1;
01346                                 }
01347                         }
01348                 }
01349         }
01350 
01357         function addTScomment($str)     {
01358                 $delimiter = '# ***********************************************';
01359 
01360                 $out = $delimiter.chr(10);
01361                 $lines = t3lib_div::trimExplode(chr(10),$str);
01362                 foreach($lines as $v)   {
01363                         $out.= '# '.$v.chr(10);
01364                 }
01365                 $out.= $delimiter.chr(10);
01366                 return $out;
01367         }
01368 
01369 
01370 
01371 
01372 
01373 
01374 
01375 
01376 
01377 
01378 
01379 
01380         /************************************
01381          *
01382          * Workspaces
01383          *
01384          ************************************/
01385 
01393         function workspaceInit()        {
01394 
01395                         // Initializing workspace by evaluating and setting the workspace, possibly updating it in the user record!
01396                 $this->setWorkspace($this->user['workspace_id']);
01397 
01398                         // Setting up the db mount points of the (custom) workspace, if any:
01399                 if ($this->workspace>0 && trim($this->workspaceRec['db_mountpoints'])!=='')     {
01400 
01401                                 // Initialize:
01402                         $newMounts = array();
01403                         $readPerms = '1=1'; // Notice: We cannot call $this->getPagePermsClause(1); as usual because the group-list is not available at this point. But bypassing is fine because all we want here is check if the workspace mounts are inside the current webmounts rootline. The actual permission checking on page level is done elsewhere as usual anyway before the page tree is rendered.
01404 
01405                                 // Traverse mount points of the
01406                         $mountPoints = t3lib_div::intExplode(',',$this->workspaceRec['db_mountpoints']);
01407                         foreach($mountPoints as $mpId)  {
01408                                 if ($this->isInWebMount($mpId,$readPerms))      {
01409                                         $newMounts[] = $mpId;
01410                                 }
01411                         }
01412 
01413                                 // Re-insert webmounts:
01414                         $this->groupData['webmounts'] = implode(',',array_unique($newMounts));
01415                 }
01416 
01417                         // Setting up the file mount points of the (custom) workspace, if any:
01418                 if ($this->workspace!==0)       $this->groupData['filemounts'] = array();
01419                 if ($this->workspace>0 && trim($this->workspaceRec['file_mountpoints'])!=='')   {
01420 
01421                                 // Processing filemounts
01422                         $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('*', 'sys_filemounts', 'deleted=0 AND hidden=0 AND pid=0 AND uid IN ('.$GLOBALS['TYPO3_DB']->cleanIntList($this->workspaceRec['file_mountpoints']).')');
01423                         while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res))      {
01424                                 $this->addFileMount($row['title'], $row['path'], $row['path'], $row['base']?1:0, '');
01425                         }
01426                 }
01427         }
01428 
01436         function checkWorkspace($wsRec,$fields='uid,title,adminusers,members,reviewers,publish_access,stagechg_notification')   {
01437                 $retVal = FALSE;
01438 
01439                         // If not array, look up workspace record:
01440                 if (!is_array($wsRec))  {
01441                         switch((string)$wsRec)  {
01442                                 case '0':
01443                                 case '-1':
01444                                         $wsRec = array('uid' => $wsRec);
01445                                 break;
01446                                 default:
01447                                         list($wsRec) = $GLOBALS['TYPO3_DB']->exec_SELECTgetRows(
01448                                                 $fields,
01449                                                 'sys_workspace',
01450                                                 'pid=0 AND uid='.intval($wsRec).
01451                                                         t3lib_BEfunc::deleteClause('sys_workspace'),
01452                                                 '',
01453                                                 'title'
01454                                         );
01455                                 break;
01456                         }
01457                 }
01458 
01459                         // If wsRec is set to an array, evaluate it:
01460                 if (is_array($wsRec))   {
01461                         if ($this->isAdmin())   {
01462                                 return array_merge($wsRec,array('_ACCESS' => 'admin'));
01463                         } else {
01464 
01465                                 switch((string)$wsRec['uid'])   {
01466                                         case '0':
01467                                                 $retVal = ($this->groupData['workspace_perms']&1) ? array_merge($wsRec,array('_ACCESS' => 'online')) : FALSE;
01468                                         break;
01469                                         case '-1':
01470                                                 $retVal = ($this->groupData['workspace_perms']&2) ? array_merge($wsRec,array('_ACCESS' => 'offline')) : FALSE;
01471                                         break;
01472                                         default:
01473                                                         // Checking if the guy is admin:
01474                                                 if (t3lib_div::inList($wsRec['adminusers'],$this->user['uid'])) {
01475                                                         return array_merge($wsRec, array('_ACCESS' => 'owner'));
01476                                                 }
01477                                                         // Checking if he is reviewer user:
01478                                                 if (t3lib_div::inList($wsRec['reviewers'],'be_users_'.$this->user['uid']))      {
01479                                                         return array_merge($wsRec, array('_ACCESS' => 'reviewer'));
01480                                                 }
01481                                                         // Checking if he is reviewer through a user group of his:
01482                                                 foreach($this->userGroupsUID as $groupUid)      {
01483                                                         if (t3lib_div::inList($wsRec['reviewers'],'be_groups_'.$groupUid))      {
01484                                                                 return array_merge($wsRec, array('_ACCESS' => 'reviewer'));
01485                                                         }
01486                                                 }
01487                                                         // Checking if he is member as user:
01488                                                 if (t3lib_div::inList($wsRec['members'],'be_users_'.$this->user['uid']))        {
01489                                                         return array_merge($wsRec, array('_ACCESS' => 'member'));
01490                                                 }
01491                                                         // Checking if he is member through a user group of his:
01492                                                 foreach($this->userGroupsUID as $groupUid)      {
</
/src/typo3_src-4.1.2/t3lib/class.t3lib_userauthgroup.php
