/src/typo3_src-4.2.0alpha1/t3lib/class.t3lib_userauthgroup.php

00001 <?php
00002 /***************************************************************
00003 *  Copyright notice
00004 *
00005 *  (c) 1999-2006 Kasper Skaarhoj (kasperYYYY@typo3.com)
00006 *  All rights reserved
00007 *
00008 *  This script is part of the TYPO3 project. The TYPO3 project is
00009 *  free software; you can redistribute it and/or modify
00010 *  it under the terms of the GNU General Public License as published by
00011 *  the Free Software Foundation; either version 2 of the License, or
00012 *  (at your option) any later version.
00013 *
00014 *  The GNU General Public License can be found at
00015 *  http://www.gnu.org/copyleft/gpl.html.
00016 *  A copy is found in the textfile GPL.txt and important notices to the license
00017 *  from the author is found in LICENSE.txt distributed with these scripts.
00018 *
00019 *
00020 *  This script is distributed in the hope that it will be useful,
00021 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
00022 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00023 *  GNU General Public License for more details.
00024 *
00025 *  This copyright notice MUST APPEAR in all copies of the script!
00026 ***************************************************************/
00102         // Need this for parsing User TSconfig
00103 require_once (PATH_t3lib.'class.t3lib_tsparser.php');
00104 
00105 
00106 
00107 
00108 
00109 
00110 
00111 
00112 
00113 
00114 
00115 
00116 
00117 
00118 
00119 
00120 
00121 
00122 
00123 
00124 
00135 class t3lib_userAuthGroup extends t3lib_userAuth {
00136         var $usergroup_column = 'usergroup';            // Should be set to the usergroup-column (id-list) in the user-record
00137         var $usergroup_table = 'be_groups';                     // The name of the group-table
00138 
00139                 // internal
00140         var $groupData = Array(                         // This array holds lists of eg. tables, fields and other values related to the permission-system. See fetchGroupData
00141                 'filemounts' => Array()                 // Filemounts are loaded here
00142         );
00143         var $workspace = -99;                           // User workspace. -99 is ERROR (none available), -1 is offline, 0 is online, >0 is custom workspaces.
00144         var $workspaceRec = array();            // Custom workspace record if any
00145 
00146         var $userGroups = Array();                      // This array will hold the groups that the user is a member of
00147         var $userGroupsUID = Array();           // This array holds the uid's of the groups in the listed order
00148         var $groupList ='';                                     // This is $this->userGroupsUID imploded to a comma list... Will correspond to the 'usergroup_cached_list'
00149         var $dataLists=array(                           // Used internally to accumulate data for the user-group. DONT USE THIS EXTERNALLY! Use $this->groupData instead
00150                 'webmount_list'=>'',
00151                 'filemount_list'=>'',
00152                 'modList'=>'',
00153                 'tables_select'=>'',
00154                 'tables_modify'=>'',
00155                 'pagetypes_select'=>'',
00156                 'non_exclude_fields'=>'',
00157                 'explicit_allowdeny'=>'',
00158                 'allowed_languages' => '',
00159                 'workspace_perms' => '',
00160                 'custom_options' => '',
00161         );
00162         var $includeHierarchy=array();          // For debugging/display of order in which subgroups are included.
00163         var $includeGroupArray=array();         // List of group_id's in the order they are processed.
00164 
00165         var $OS='';                                                     // Set to 'WIN', if windows
00166         var $TSdataArray=array();                       // Used to accumulate the TSconfig data of the user
00167         var $userTS_text = '';                          // Contains the non-parsed user TSconfig
00168         var $userTS = array();                          // Contains the parsed user TSconfig
00169         var $userTSUpdated=0;                           // Set internally if the user TSconfig was parsed and needs to be cached.
00170         var $userTS_dontGetCached=0;            // Set this from outside if you want the user TSconfig to ALWAYS be parsed and not fetched from cache.
00171 
00172         var $RTE_errors = array();                      // RTE availability errors collected.
00173         var $errorMsg = '';                                     // Contains last error message
00174 
00175         var $checkWorkspaceCurrent_cache=NULL;  // Cache for checkWorkspaceCurrent()
00176 
00177 
00178 
00179 
00180 
00181 
00182 
00183 
00184 
00185 
00186 
00187         /************************************
00188          *
00189          * Permission checking functions:
00190          *
00191          ************************************/
00192 
00199         function isAdmin()      {
00200                 return (($this->user['admin']&1) ==1);
00201         }
00202 
00211         function isMemberOfGroup($groupId)      {
00212                 $groupId = intval($groupId);
00213                 if ($this->groupList && $groupId)       {
00214                         return $this->inList($this->groupList, $groupId);
00215                 }
00216         }
00217 
00233         function doesUserHaveAccess($row,$perms)        {
00234                 $userPerms = $this->calcPerms($row);
00235                 return ($userPerms & $perms)==$perms;
00236         }
00237 
00250         function isInWebMount($id,$readPerms='',$exitOnError=0) {
00251                 if (!$GLOBALS['TYPO3_CONF_VARS']['BE']['lockBeUserToDBmounts'] || $this->isAdmin())     return 1;
00252                 $id = intval($id);
00253 
00254                         // Check if input id is an offline version page in which case we will map id to the online version:
00255                 $checkRec = t3lib_beFUnc::getRecord('pages',$id,'pid,t3ver_oid');
00256                 if ($checkRec['pid']==-1)       {
00257                         $id = intval($checkRec['t3ver_oid']);
00258                 }
00259 
00260                 if (!$readPerms)        $readPerms = $this->getPagePermsClause(1);
00261                 if ($id>0)      {
00262                         $wM = $this->returnWebmounts();
00263                         $rL = t3lib_BEfunc::BEgetRootLine($id,' AND '.$readPerms);
00264 
00265                         foreach($rL as $v)      {
00266                                 if ($v['uid'] && in_array($v['uid'],$wM))       {
00267                                         return $v['uid'];
00268                                 }
00269                         }
00270                 }
00271                 if ($exitOnError)       {
00272                         t3lib_BEfunc::typo3PrintError ('Access Error','This page is not within your DB-mounts',0);
00273                         exit;
00274                 }
00275         }
00276 
00284         function modAccess($conf,$exitOnError)  {
00285                 if (!t3lib_BEfunc::isModuleSetInTBE_MODULES($conf['name']))     {
00286                         if ($exitOnError)       {
00287                                 t3lib_BEfunc::typo3PrintError ('Fatal Error','This module "'.$conf['name'].'" is not enabled in TBE_MODULES',0);
00288                                 exit;
00289                         }
00290                         return FALSE;
00291                 }
00292 
00293                         // Workspaces check:
00294                 if ($conf['workspaces'])        {
00295                         if (($this->workspace===0 && t3lib_div::inList($conf['workspaces'],'online')) ||
00296                                 ($this->workspace===-1 && t3lib_div::inList($conf['workspaces'],'offline')) ||
00297                                 ($this->workspace>0 && t3lib_div::inList($conf['workspaces'],'custom')))        {
00298                                         // ok, go on...
00299                         } else {
00300                                 if ($exitOnError)       {
00301                                         t3lib_BEfunc::typo3PrintError ('Workspace Error','This module "'.$conf['name'].'" is not available under the current workspace',0);
00302                                         exit;
00303                                 }
00304                                 return FALSE;
00305                         }
00306                 }
00307 
00308                         // Returns true if conf[access] is not set at all or if the user is admin
00309                 if (!$conf['access']  ||  $this->isAdmin()) return TRUE;
00310 
00311                         // If $conf['access'] is set but not with 'admin' then we return true, if the module is found in the modList
00312                 if (!strstr($conf['access'],'admin') && $conf['name'])  {
00313                         $acs = $this->check('modules',$conf['name']);
00314                 }
00315                 if (!$acs && $exitOnError)      {
00316                         t3lib_BEfunc::typo3PrintError ('Access Error','You don\'t have access to this module.',0);
00317                         exit;
00318                 } else return $acs;
00319         }
00320 
00335         function getPagePermsClause($perms)     {
00336                 global $TYPO3_CONF_VARS;
00337                 if (is_array($this->user))      {
00338                         if ($this->isAdmin())   {
00339                                 return ' 1=1';
00340                         }
00341 
00342                         $perms = intval($perms);        // Make sure it's integer.
00343                         $str= ' ('.
00344                                 '(pages.perms_everybody & '.$perms.' = '.$perms.')'.    // Everybody
00345                                 'OR(pages.perms_userid = '.$this->user['uid'].' AND pages.perms_user & '.$perms.' = '.$perms.')';       // User
00346                         if ($this->groupList)   {
00347                                 $str.= 'OR(pages.perms_groupid in ('.$this->groupList.') AND pages.perms_group & '.$perms.' = '.$perms.')';     // Group (if any is set)
00348                         }
00349                         $str.=')';
00350 
00351                         // ****************
00352                         // getPagePermsClause-HOOK
00353                         // ****************
00354                         if (is_array($TYPO3_CONF_VARS['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['getPagePermsClause'])) {
00355 
00356                                 foreach($TYPO3_CONF_VARS['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['getPagePermsClause'] as $_funcRef) {
00357                                         $_params = array('currentClause' => $str, 'perms' => $perms);
00358                                         $str = t3lib_div::callUserFunction($_funcRef, $_params, $this);
00359                                 }
00360                         }
00361 
00362                         return $str;
00363                 } else {
00364                         return ' 1=0';
00365                 }
00366         }
00367 
00376         function calcPerms($row)        {
00377                 global $TYPO3_CONF_VARS;
00378                 if ($this->isAdmin()) {return 31;}              // Return 31 for admin users.
00379 
00380                 $out=0;
00381                 if (isset($row['perms_userid']) && isset($row['perms_user']) && isset($row['perms_groupid']) && isset($row['perms_group']) && isset($row['perms_everybody']) && isset($this->groupList))        {
00382                         if ($this->user['uid']==$row['perms_userid'])   {
00383                                 $out|=$row['perms_user'];
00384                         }
00385                         if ($this->isMemberOfGroup($row['perms_groupid']))      {
00386                                 $out|=$row['perms_group'];
00387                         }
00388                         $out|=$row['perms_everybody'];
00389                 }
00390 
00391                 // ****************
00392                 // CALCPERMS hook
00393                 // ****************
00394                 if (is_array($TYPO3_CONF_VARS['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['calcPerms'])) {
00395                         foreach($TYPO3_CONF_VARS['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['calcPerms'] as $_funcRef) {
00396                                 $_params = array(
00397                                         'row' => $row,
00398                                         'outputPermissions' => $out
00399                                 );
00400                                 $out = t3lib_div::callUserFunction($_funcRef, $_params, $this);
00401                         }
00402                 }
00403 
00404                 return $out;
00405         }
00406 
00414         function isRTE()        {
00415                 global $CLIENT;
00416 
00417                         // Start:
00418                 $this->RTE_errors = array();
00419                 if (!$this->uc['edit_RTE'])
00420                         $this->RTE_errors[] = 'RTE is not enabled for user!';
00421                 if (!$GLOBALS['TYPO3_CONF_VARS']['BE']['RTEenabled'])
00422                         $this->RTE_errors[] = 'RTE is not enabled in $TYPO3_CONF_VARS["BE"]["RTEenabled"]';
00423 
00424 
00425                         // Acquire RTE object:
00426                 $RTE = &t3lib_BEfunc::RTEgetObj();
00427                 if (!is_object($RTE))   {
00428                         $this->RTE_errors = array_merge($this->RTE_errors, $RTE);
00429                 }
00430 
00431                 if (!count($this->RTE_errors))  {
00432                         return TRUE;
00433                 } else {
00434                         return FALSE;
00435                 }
00436         }
00437 
00448         function check($type,$value)    {
00449                 if (isset($this->groupData[$type]))     {
00450                         if ($this->isAdmin() || $this->inList($this->groupData[$type],$value)) {
00451                                 return 1;
00452                         }
00453                 }
00454         }
00455 
00465         function checkAuthMode($table,$field,$value,$authMode)  {
00466                 global $TCA;
00467 
00468                         // Admin users can do anything:
00469                 if ($this->isAdmin())   return TRUE;
00470 
00471                         // Allow all blank values:
00472                 if (!strcmp($value,'')) return TRUE;
00473 
00474                         // Certain characters are not allowed in the value
00475                 if (ereg('[:|,]',$value))       {
00476                         return FALSE;
00477                 }
00478 
00479                         // Initialize:
00480                 $testValue = $table.':'.$field.':'.$value;
00481                 $out = TRUE;
00482 
00483                         // Checking value:
00484                 switch((string)$authMode)       {
00485                         case 'explicitAllow':
00486                                 if (!$this->inList($this->groupData['explicit_allowdeny'],$testValue.':ALLOW')) {
00487                                         $out = FALSE;
00488                                 }
00489                         break;
00490                         case 'explicitDeny':
00491                                 if ($this->inList($this->groupData['explicit_allowdeny'],$testValue.':DENY'))   {
00492                                         $out = FALSE;
00493                                 }
00494                         break;
00495                         case 'individual':
00496                                 t3lib_div::loadTCA($table);
00497                                 if (is_array($TCA[$table]) && is_array($TCA[$table]['columns'][$field]))        {
00498                                         $items = $TCA[$table]['columns'][$field]['config']['items'];
00499                                         if (is_array($items))   {
00500                                                 foreach($items as $iCfg)        {
00501                                                         if (!strcmp($iCfg[1],$value) && $iCfg[4])       {
00502                                                                 switch((string)$iCfg[4])        {
00503                                                                         case 'EXPL_ALLOW':
00504                                                                                 if (!$this->inList($this->groupData['explicit_allowdeny'],$testValue.':ALLOW')) {
00505                                                                                         $out = FALSE;
00506                                                                                 }
00507                                                                         break;
00508                                                                         case 'EXPL_DENY':
00509                                                                                 if ($this->inList($this->groupData['explicit_allowdeny'],$testValue.':DENY'))   {
00510                                                                                         $out = FALSE;
00511                                                                                 }
00512                                                                         break;
00513                                                                 }
00514                                                                 break;
00515                                                         }
00516                                                 }
00517                                         }
00518                                 }
00519                         break;
00520                 }
00521 
00522                 return $out;
00523         }
00524 
00531         function checkLanguageAccess($langValue)        {
00532                 if (strcmp($this->groupData['allowed_languages'],''))   {       // The users language list must be non-blank - otherwise all languages are allowed.
00533                         $langValue = intval($langValue);
00534                         if ($langValue != -1 && !$this->check('allowed_languages',$langValue))  {       // Language must either be explicitly allowed OR the lang Value be "-1" (all languages)
00535                                 return FALSE;
00536                         }
00537                 }
00538                 return TRUE;
00539         }
00540 
00553         function recordEditAccessInternals($table,$idOrRow,$newRecord=FALSE)    {
00554                 global $TCA;
00555 
00556                 if (isset($TCA[$table]))        {
00557                         t3lib_div::loadTCA($table);
00558 
00559                                 // Always return true for Admin users.
00560                         if ($this->isAdmin())   return TRUE;
00561 
00562                                 // Fetching the record if the $idOrRow variable was not an array on input:
00563                         if (!is_array($idOrRow))        {
00564                                 $idOrRow = t3lib_BEfunc::getRecord($table, $idOrRow);
00565                                 if (!is_array($idOrRow))        {
00566                                         $this->errorMsg = 'ERROR: Record could not be fetched.';
00567                                         return FALSE;
00568                                 }
00569                         }
00570 
00571                                 // Checking languages:
00572                         if ($TCA[$table]['ctrl']['languageField'])      {
00573                                 if (isset($idOrRow[$TCA[$table]['ctrl']['languageField']]))     {       // Language field must be found in input row - otherwise it does not make sense.
00574                                         if (!$this->checkLanguageAccess($idOrRow[$TCA[$table]['ctrl']['languageField']]))       {
00575                                                 $this->errorMsg = 'ERROR: Language was not allowed.';
00576                                                 return FALSE;
00577                                         }
00578                                 } else {
00579                                         $this->errorMsg = 'ERROR: The "languageField" field named "'.$TCA[$table]['ctrl']['languageField'].'" was not found in testing record!';
00580                                         return FALSE;
00581                                 }
00582                         }
00583 
00584                                 // Checking authMode fields:
00585                         if (is_array($TCA[$table]['columns']))  {
00586                                 foreach($TCA[$table]['columns'] as $fN => $fV)  {
00587                                         if (isset($idOrRow[$fN]))       {       //
00588                                                 if ($fV['config']['type']=='select' && $fV['config']['authMode'] && !strcmp($fV['config']['authMode_enforce'],'strict')) {
00589                                                         if (!$this->checkAuthMode($table,$fN,$idOrRow[$fN],$fV['config']['authMode']))  {
00590                                                                 $this->errorMsg = 'ERROR: authMode "'.$fV['config']['authMode'].'" failed for field "'.$fN.'" with value "'.$idOrRow[$fN].'" evaluated';
00591                                                                 return FALSE;
00592                                                         }
00593                                                 }
00594                                         }
00595                                 }
00596                         }
00597 
00598                                 // Checking "editlock" feature (doesn't apply to new records)
00599                         if (!$newRecord && $TCA[$table]['ctrl']['editlock'])    {
00600                                 if (isset($idOrRow[$TCA[$table]['ctrl']['editlock']]))  {
00601                                         if ($idOrRow[$TCA[$table]['ctrl']['editlock']]) {
00602                                                 $this->errorMsg = 'ERROR: Record was locked for editing. Only admin users can change this state.';
00603                                                 return FALSE;
00604                                         }
00605                                 } else {
00606                                         $this->errorMsg = 'ERROR: The "editLock" field named "'.$TCA[$table]['ctrl']['editlock'].'" was not found in testing record!';
00607                                         return FALSE;
00608                                 }
00609                         }
00610 
00611                                 // Checking record permissions
00612                         // THIS is where we can include a check for "perms_" fields for other records than pages...
00613 
00614                                 // Process any hooks
00615                         if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['recordEditAccessInternals']))    {
00616                                 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['recordEditAccessInternals'] as $funcRef)     {
00617                                         $params = array(
00618                                                 'table' => $table,
00619                                                 'idOrRow' => $idOrRow,
00620                                                 'newRecord' => $newRecord
00621                                         );
00622                                         if (!t3lib_div::callUserFunction($funcRef, $params, $this)) {
00623                                                 return FALSE;
00624                                         }
00625                                 }
00626                         }
00627 
00628                                 // Finally, return true if all is well.
00629                         return TRUE;
00630                 }
00631         }
00632 
00642         function isPSet($lCP,$table,$type='')   {
00643                 if ($this->isAdmin())   return true;
00644                 if ($table=='pages')    {
00645                         if ($type=='edit')      return $lCP & 2;
00646                         if ($type=='new')       return ($lCP & 8) || ($lCP & 16);       // Create new page OR pagecontent
00647                         if ($type=='delete')    return $lCP & 4;
00648                         if ($type=='editcontent')       return $lCP & 16;
00649                 } else {
00650                         return $lCP & 16;
00651                 }
00652         }
00653 
00659         function mayMakeShortcut()      {
00660                 return $this->getTSConfigVal('options.shortcutFrame') && !$this->getTSConfigVal('options.mayNotCreateEditShortcuts');
00661         }
00662 
00673         function workspaceCannotEditRecord($table,$recData)     {
00674 
00675                 if ($this->workspace!==0)       {       // Only test offline spaces:
00676 
00677                         if (!is_array($recData))        {
00678                                 $recData = t3lib_BEfunc::getRecord($table,$recData,'pid'.($GLOBALS['TCA'][$table]['ctrl']['versioningWS']?',t3ver_wsid,t3ver_stage':''));
00679                         }
00680 
00681                         if (is_array($recData)) {
00682                                 if ((int)$recData['pid']===-1)  {       // We are testing a "version" (identified by a pid of -1): it can be edited provided that workspace matches and versioning is enabled for the table.
00683                                         if (!$GLOBALS['TCA'][$table]['ctrl']['versioningWS'])   {       // No versioning, basic error, inconsistency even! Such records should not have a pid of -1!
00684                                                 return 'Versioning disabled for table';
00685                                         } elseif ((int)$recData['t3ver_wsid']!==$this->workspace)       {       // So does workspace match?
00686                                                 return 'Workspace ID of record didn\'t match current workspace';
00687                                         } else {        // So what about the stage of the version, does that allow editing for this user?
00688                                                 return $this->workspaceCheckStageForCurrent($recData['t3ver_stage']) ? FALSE : 'Record stage "'.$recData['t3ver_stage'].'" and users access level did not allow for editing';
00689                                         }
00690                                 } else {        // We are testing a "live" record:
00691                                         if ($res = $this->workspaceAllowLiveRecordsInPID($recData['pid'], $table)) {    // For "Live" records, check that PID for table allows editing
00692                                                         // Live records are OK in this branch, but what about the stage of branch point, if any:
00693                                                 return $res>0 ? FALSE : 'Stage for versioning root point and users access level did not allow for editing';     // OK
00694                                         } else {        // If not offline and not in versionized branch, output error:
00695                                                 return 'Online record was not in versionized branch!';
00696                                         }
00697                                 }
00698                         } else return 'No record';
00699                 } else {
00700                         return FALSE;   // OK because workspace is 0
00701                 }
00702         }
00703 
00712         function workspaceCannotEditOfflineVersion($table,$recData)     {
00713                 if ($GLOBALS['TCA'][$table]['ctrl']['versioningWS'])    {
00714 
00715                         if (!is_array($recData))        {
00716                                 $recData = t3lib_BEfunc::getRecord($table,$recData,'uid,pid,t3ver_wsid,t3ver_stage');
00717                         }
00718                         if (is_array($recData)) {
00719                                 if ((int)$recData['pid']===-1)  {
00720                                         return $this->workspaceCannotEditRecord($table,$recData);
00721                                 } else return 'Not an offline version';
00722                         } else return 'No record';
00723                 } else return 'Table does not support versioning.';
00724         }
00725 
00735         function workspaceAllowLiveRecordsInPID($pid, $table)   {
00736 
00737                         // Always for Live workspace AND if live-edit is enabled and tables are completely without versioning it is ok as well.
00738                 if ($this->workspace===0 || ($this->workspaceRec['live_edit'] && !$GLOBALS['TCA'][$table]['ctrl']['versioningWS']))     {
00739                         return 2;       // OK to create for this table.
00740                 } elseif (t3lib_BEfunc::isPidInVersionizedBranch($pid, $table)) {       // Check if records from $table can be created with this PID: Either if inside "branch" versioning type or a "versioning_followPages" table on a "page" versioning type.
00741                                 // Now, check what the stage of that "page" or "branch" version type is:
00742                         $stage = t3lib_BEfunc::isPidInVersionizedBranch($pid, $table, TRUE);
00743                         return $this->workspaceCheckStageForCurrent($stage) ? 1 : -1;
00744                 } else {
00745                         return FALSE;   // If the answer is FALSE it means the only valid way to create or edit records in the PID is by versioning
00746                 }
00747         }
00748 
00756         function workspaceCreateNewRecord($pid, $table) {
00757                 if ($res = $this->workspaceAllowLiveRecordsInPID($pid,$table))  {       // If LIVE records cannot be created in the current PID due to workspace restrictions, prepare creation of placeholder-record
00758                         if ($res<0)     {
00759                                 return FALSE;   // Stage for versioning root point and users access level did not allow for editing
00760                         }
00761                 } elseif (!$GLOBALS['TCA'][$table]['ctrl']['versioningWS'])     {       // So, if no live records were allowed, we have to create a new version of this record:
00762                         return FALSE;
00763                 }
00764                 return TRUE;
00765         }
00766 
00775         function workspaceAllowAutoCreation($table,$id,$recpid) {
00776                         // Auto-creation of version: In offline workspace, test if versioning is enabled and look for workspace version of input record. If there is no versionized record found we will create one and save to that.
00777                 if ($this->workspace!==0        // Only in draft workspaces
00778                         && !$this->workspaceRec['disable_autocreate']   // Auto-creation must not be disabled.
00779                         && $GLOBALS['TCA'][$table]['ctrl']['versioningWS']      // Table must be versionizable
00780                         && $recpid >= 0 // The PID of the record must NOT be -1 or less (would indicate that it already was a version!)
00781                         && !t3lib_BEfunc::getWorkspaceVersionOfRecord($this->workspace, $table, $id, 'uid')     // There must be no existing version of this record in workspace.
00782                         && !t3lib_BEfunc::isPidInVersionizedBranch($recpid, $table))    {       // PID must NOT be in a versionized branch either
00783                                 return TRUE;
00784                 }
00785         }
00786 
00796         function workspaceCheckStageForCurrent($stage)  {
00797                 if ($this->isAdmin())   return TRUE;
00798 
00799                 if ($this->workspace>0) {
00800                         $stat = $this->checkWorkspaceCurrent();
00801                         $memberStageLimit = $this->workspaceRec['review_stage_edit'] ? 1 : 0;
00802                         if (($stage<=$memberStageLimit && $stat['_ACCESS']==='member') ||
00803                                 ($stage<=1 && $stat['_ACCESS']==='reviewer') ||
00804                                 ($stat['_ACCESS']==='owner')) {
00805                                         return TRUE;    // OK for these criteria
00806                         }
00807                 } else return TRUE;     // Always OK for live and draft workspaces.
00808         }
00809 
00820         function workspacePublishAccess($wsid)  {
00821                 if ($this->isAdmin())   return TRUE;
00822 
00823                         // If no access to workspace, of course you cannot publish!
00824                 $retVal = FALSE;
00825 
00826                 $wsAccess = $this->checkWorkspace($wsid);
00827                 if ($wsAccess)  {
00828                         switch($wsAccess['uid'])        {
00829                                 case 0:         // Live workspace
00830                                         $retVal =  TRUE;        // If access to Live workspace, no problem.
00831                                 break;
00832                                 case -1:        // Default draft workspace
00833                                         $retVal =  $this->checkWorkspace(0) ? TRUE : FALSE;     // If access to Live workspace, no problem.
00834                                 break;
00835                                 default:        // Custom workspace
00836                                         $retVal =  $wsAccess['_ACCESS'] === 'owner' || ($this->checkWorkspace(0) && !($wsAccess['publish_access']&2));  // Either be an adminuser OR have access to online workspace which is OK as well as long as publishing access is not limited by workspace option.
00837                                 break;
00838                         }
00839                 }
00840                 return $retVal;
00841         }
00842 
00848         function workspaceSwapAccess()  {
00849                 if ($this->workspace>0 && (int)$this->workspaceRec['swap_modes']===2)   {
00850                         return FALSE;
00851                 } else return TRUE;
00852         }
00853 
00860         function workspaceVersioningTypeAccess($type)   {
00861                 $retVal = FALSE;
00862 
00863                 $type = t3lib_div::intInRange($type,-1);
00864                 
00865                         // Check if only element versioning is allowed:
00866                 if ($GLOBALS['TYPO3_CONF_VARS']['BE']['elementVersioningOnly'] && $type!=-1)    {
00867                         return FALSE;
00868                 }
00869                 
00870                 if ($this->workspace>0 && !$this->isAdmin())    {
00871                         $stat = $this->checkWorkspaceCurrent();
00872                         if ($stat['_ACCESS']!=='owner') {
00873 
00874                                 switch((int)$type)      {
00875                                         case -1:
00876                                                 $retVal = $this->workspaceRec['vtypes']&1 ? FALSE : TRUE;
00877                                         break;
00878                                         case 0:
00879                                                 $retVal = $this->workspaceRec['vtypes']&2 ? FALSE : TRUE;
00880                                         break;
00881                                         default:
00882                                                 $retVal = $this->workspaceRec['vtypes']&4 ? FALSE : TRUE;
00883                                         break;
00884                                 }
00885                         } else $retVal = TRUE;
00886                 } else $retVal = TRUE;
00887 
00888                 return $retVal;
00889         }
00890 
00897         function workspaceVersioningTypeGetClosest($type)       {
00898                 $type = t3lib_div::intInRange($type,-1);
00899 
00900                 if ($this->workspace>0) {
00901                         switch((int)$type)      {
00902                                 case -1:
00903                                         $type = -1;
00904                                 break;
00905                                 case 0:
00906                                         $type = $this->workspaceVersioningTypeAccess($type) ? $type : -1;
00907                                 break;
00908                                 default:
00909                                         $type = $this->workspaceVersioningTypeAccess($type) ? $type : ($this->workspaceVersioningTypeAccess(0) ? 0 : -1);
00910                                 break;
00911                         }
00912                 }
00913                 return $type;
00914         }
00915 
00916 
00917 
00918 
00919 
00920 
00921 
00922 
00923 
00924 
00925         /*************************************
00926          *
00927          * Miscellaneous functions
00928          *
00929          *************************************/
00930 
00940         function getTSConfig($objectString,$config='')  {
00941                 if (!is_array($config)) {
00942                         $config=$this->userTS;  // Getting Root-ts if not sent
00943                 }
00944                 $TSConf=array();
00945                 $parts = explode('.',$objectString,2);
00946                 $key = $parts[0];
00947                 if (trim($key)) {
00948                         if (count($parts)>1 && trim($parts[1])) {
00949                                 // Go on, get the next level
00950                                 if (is_array($config[$key.'.']))        $TSConf = $this->getTSConfig($parts[1],$config[$key.'.']);
00951                         } else {
00952                                 $TSConf['value']=$config[$key];
00953                                 $TSConf['properties']=$config[$key.'.'];
00954                         }
00955                 }
00956                 return $TSConf;
00957         }
00958 
00966         function getTSConfigVal($objectString)  {
00967                 $TSConf = $this->getTSConfig($objectString);
00968                 return $TSConf['value'];
00969         }
00970 
00978         function getTSConfigProp($objectString) {
00979                 $TSConf = $this->getTSConfig($objectString);
00980                 return $TSConf['properties'];
00981         }
00982 
00990         function inList($in_list,$item) {
00991                 return strstr(','.$in_list.',', ','.$item.',');
00992         }
00993 
01001         function returnWebmounts()      {
01002                 return (string)($this->groupData['webmounts'])!='' ? explode(',',$this->groupData['webmounts']) : Array();
01003         }
01004 
01011         function returnFilemounts()     {
01012                 return $this->groupData['filemounts'];
01013         }
01014 
01028          function jsConfirmation($bitmask)      {
01029                  $alertPopup = $GLOBALS['BE_USER']->getTSConfig('options.alertPopups');
01030                  if (empty($alertPopup['value']))       {
01031                          $alertPopup = 255;     // default: show all warnings
01032                  } else {
01033                          $alertPopup = (int)$alertPopup['value'];
01034                  }
01035                  if(($alertPopup&$bitmask) == $bitmask) { // show confirmation
01036                          return 1;
01037                  } else { // don't show confirmation
01038                          return 0;
01039                  }
01040          }
01041 
01042 
01043 
01044 
01045 
01046 
01047 
01048 
01049 
01050         /*************************************
01051          *
01052          * Authentication methods
01053          *
01054          *************************************/
01055 
01056 
01066         function fetchGroupData()       {
01067                 if ($this->user['uid']) {
01068 
01069                                 // Get lists for the be_user record and set them as default/primary values.
01070                         $this->dataLists['modList'] = $this->user['userMods'];                                  // Enabled Backend Modules
01071                         $this->dataLists['allowed_languages'] = $this->user['allowed_languages'];                                       // Add Allowed Languages
01072                         $this->dataLists['workspace_perms'] = $this->user['workspace_perms'];                                   // Set user value for workspace permissions.
01073                         $this->dataLists['webmount_list'] = $this->user['db_mountpoints'];              // Database mountpoints
01074                         $this->dataLists['filemount_list'] = $this->user['file_mountpoints'];   // File mountpoints
01075 
01076                                 // Setting default User TSconfig:
01077                         $this->TSdataArray[]=$this->addTScomment('From $GLOBALS["TYPO3_CONF_VARS"]["BE"]["defaultUserTSconfig"]:').
01078                                                                         $GLOBALS['TYPO3_CONF_VARS']['BE']['defaultUserTSconfig'];
01079 
01080                                 // Default TSconfig for admin-users
01081                         if ($this->isAdmin())   {
01082                                 $this->TSdataArray[]=$this->addTScomment('"admin" user presets:').'
01083                                         admPanel.enable.all = 1
01084                                         options.shortcutFrame = 1
01085                                 ';
01086                                 if (t3lib_extMgm::isLoaded('sys_note')) {
01087                                         $this->TSdataArray[]='
01088                                                 // Setting defaults for sys_note author / email...
01089                                                 TCAdefaults.sys_note.author = '.$this->user['realName'].'
01090                                                 TCAdefaults.sys_note.email = '.$this->user['email'].'
01091                                         ';
01092                                 }
01093                         }
01094 
01095                                 // FILE MOUNTS:
01096                                 // Admin users has the base fileadmin dir mounted
01097                         if ($this->isAdmin() && $GLOBALS['TYPO3_CONF_VARS']['BE']['fileadminDir'])      {
01098                                 $this->addFileMount($GLOBALS['TYPO3_CONF_VARS']['BE']['fileadminDir'], '', PATH_site.$GLOBALS['TYPO3_CONF_VARS']['BE']['fileadminDir'], 0, '');
01099                         }
01100 
01101                                 // If userHomePath is set, we attempt to mount it
01102                         if ($GLOBALS['TYPO3_CONF_VARS']['BE']['userHomePath'])  {
01103                                         // First try and mount with [uid]_[username]
01104                                 $didMount=$this->addFileMount($this->user['username'], '',$GLOBALS['TYPO3_CONF_VARS']['BE']['userHomePath'].$this->user['uid'].'_'.$this->user['username'].$GLOBALS['TYPO3_CONF_VARS']['BE']['userUploadDir'], 0, 'user');
01105                                 if (!$didMount) {
01106                                                 // If that failed, try and mount with only [uid]
01107                                         $this->addFileMount($this->user['username'], '', $GLOBALS['TYPO3_CONF_VARS']['BE']['userHomePath'].$this->user['uid'].$GLOBALS['TYPO3_CONF_VARS']['BE']['userUploadDir'], 0, 'user');
01108                                 }
01109                         }
01110 
01111                                 // BE_GROUPS:
01112                                 // Get the groups...
01113 #                       $grList = t3lib_BEfunc::getSQLselectableList($this->user[$this->usergroup_column],$this->usergroup_table,$this->usergroup_table);
01114                         $grList = $GLOBALS['TYPO3_DB']->cleanIntList($this->user[$this->usergroup_column]);     // 240203: Since the group-field never contains any references to groups with a prepended table name we think it's safe to just intExplode and re-implode - which should be much faster than the other function call.
01115                         if ($grList)    {
01116                                         // Fetch groups will add a lot of information to the internal arrays: modules, accesslists, TSconfig etc. Refer to fetchGroups() function.
01117                                 $this->fetchGroups($grList);
01118                         }
01119 
01120                                 // Add the TSconfig for this specific user:
01121                         $this->TSdataArray[] = $this->addTScomment('USER TSconfig field').$this->user['TSconfig'];
01122                                 // Check include lines.
01123                         $this->TSdataArray = t3lib_TSparser::checkIncludeLines_array($this->TSdataArray);
01124 
01125                                 // Parsing the user TSconfig (or getting from cache)
01126                         $this->userTS_text = implode(chr(10).'[GLOBAL]'.chr(10),$this->TSdataArray);    // Imploding with "[global]" will make sure that non-ended confinements with braces are ignored.
01127                         $hash = md5('userTS:'.$this->userTS_text);
01128                         $cachedContent = t3lib_BEfunc::getHash($hash,0);
01129                         if (isset($cachedContent) && !$this->userTS_dontGetCached)      {
01130                                 $this->userTS = unserialize($cachedContent);
01131                         } else {
01132                                 $parseObj = t3lib_div::makeInstance('t3lib_TSparser');
01133                                 $parseObj->parse($this->userTS_text);
01134                                 $this->userTS = $parseObj->setup;
01135                                 t3lib_BEfunc::storeHash($hash,serialize($this->userTS),'BE_USER_TSconfig');
01136                                         // Update UC:
01137                                 $this->userTSUpdated=1;
01138                         }
01139 
01140                                 // Processing webmounts
01141                         if ($this->isAdmin() && !$this->getTSConfigVal('options.dontMountAdminMounts')) {       // Admin's always have the root mounted
01142                                 $this->dataLists['webmount_list']='0,'.$this->dataLists['webmount_list'];
01143                         }
01144 
01145                                 // Processing filemounts
01146                         $this->dataLists['filemount_list'] = t3lib_div::uniqueList($this->dataLists['filemount_list']);
01147                         if ($this->dataLists['filemount_list']) {
01148                                 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('*', 'sys_filemounts', 'deleted=0 AND hidden=0 AND pid=0 AND uid IN ('.$this->dataLists['filemount_list'].')');
01149                                 while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res))      {
01150                                         $this->addFileMount($row['title'], $row['path'], $row['path'], $row['base']?1:0, '');
01151                                 }
01152                         }
01153 
01154                                 // The lists are cleaned for duplicates
01155                         $this->groupData['webmounts'] = t3lib_div::uniqueList($this->dataLists['webmount_list']);
01156                         $this->groupData['pagetypes_select'] = t3lib_div::uniqueList($this->dataLists['pagetypes_select']);
01157                         $this->groupData['tables_select'] = t3lib_div::uniqueList($this->dataLists['tables_modify'].','.$this->dataLists['tables_select']);
01158                         $this->groupData['tables_modify'] = t3lib_div::uniqueList($this->dataLists['tables_modify']);
01159                         $this->groupData['non_exclude_fields'] = t3lib_div::uniqueList($this->dataLists['non_exclude_fields']);
01160                         $this->groupData['explicit_allowdeny'] = t3lib_div::uniqueList($this->dataLists['explicit_allowdeny']);
01161                         $this->groupData['allowed_languages'] = t3lib_div::uniqueList($this->dataLists['allowed_languages']);
01162                         $this->groupData['custom_options'] = t3lib_div::uniqueList($this->dataLists['custom_options']);
01163                         $this->groupData['modules'] = t3lib_div::uniqueList($this->dataLists['modList']);
01164                         $this->groupData['workspace_perms'] = $this->dataLists['workspace_perms'];
01165 
01166                                 // populating the $this->userGroupsUID -array with the groups in the order in which they were LAST included.!!
01167                         $this->userGroupsUID = array_reverse(array_unique(array_reverse($this->includeGroupArray)));
01168 
01169                                 // Finally this is the list of group_uid's in the order they are parsed (including subgroups!) and without duplicates (duplicates are presented with their last entrance in the list, which thus reflects the order of the TypoScript in TSconfig)
01170                         $this->groupList = implode(',',$this->userGroupsUID);
01171                         $this->setCachedList($this->groupList);
01172 
01173                                 // Checking read access to webmounts:
01174                         if (trim($this->groupData['webmounts'])!=='')   {
01175                                 $webmounts = explode(',',$this->groupData['webmounts']);        // Explode mounts
01176                                 $MProws = $GLOBALS['TYPO3_DB']->exec_SELECTgetRows('uid', 'pages', 'deleted=0 AND uid IN ('.$this->groupData['webmounts'].') AND '.$this->getPagePermsClause(1),'','','','uid');        // Selecting all webmounts with permission clause for reading
01177                                 foreach($webmounts as $idx => $mountPointUid)   {
01178                                         if ($mountPointUid>0 && !isset($MProws[$mountPointUid]))        {       // If the mount ID is NOT found among selected pages, unset it:
01179                                                 unset($webmounts[$idx]);
01180                                         }
01181                                 }
01182                                 $this->groupData['webmounts'] = implode(',',$webmounts);        // Implode mounts in the end.
01183                         }
01184 
01185                                 // Setting up workspace situation (after webmounts are processed!):
01186                         $this->workspaceInit();
01187                 }
01188         }
01189 
01199         function fetchGroups($grList,$idList='')        {
01200                 global $TYPO3_CONF_VARS;
01201 
01202                         // Fetching records of the groups in $grList (which are not blocked by lockedToDomain either):
01203                 $lockToDomain_SQL = ' AND (lockToDomain=\'\' OR lockToDomain IS NULL OR lockToDomain=\''.t3lib_div::getIndpEnv('HTTP_HOST').'\')';
01204                 $whereSQL = 'deleted=0 AND hidden=0 AND pid=0 AND uid IN ('.$grList.')'.$lockToDomain_SQL;
01205 
01206                         // Hook for manipulation of the WHERE sql sentence which controls which BE-groups are included
01207                 if (is_array ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['fetchGroupQuery'])) {
01208                     foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['fetchGroupQuery'] as $classRef) {
01209                         $hookObj = &t3lib_div::getUserObj($classRef);
01210                         if(method_exists($hookObj,'fetchGroupQuery_processQuery')){
01211                             $whereSQL = $hookObj->fetchGroupQuery_processQuery($this, $grList, $idList, $whereSQL);
01212                         }
01213                     }
01214                 }
01215 
01216                 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('*', $this->usergroup_table, $whereSQL);
01217 
01218                         // The userGroups array is filled
01219                 while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res))      {
01220                         $this->userGroups[$row['uid']] = $row;
01221                 }
01222 
01223                         // Traversing records in the correct order
01224                 $include_staticArr = t3lib_div::intExplode(',',$grList);
01225                 reset($include_staticArr);
01226                 while(list(,$uid)=each($include_staticArr))     {       // traversing list
01227 
01228                                 // Get row:
01229                         $row=$this->userGroups[$uid];
01230                         if (is_array($row) && !t3lib_div::inList($idList,$uid)) {       // Must be an array and $uid should not be in the idList, because then it is somewhere previously in the grouplist
01231 
01232                                         // Include sub groups
01233                                 if (trim($row['subgroup']))     {
01234                                         $theList = implode(',',t3lib_div::intExplode(',',$row['subgroup']));    // Make integer list
01235                                         $this->fetchGroups($theList, $idList.','.$uid);         // Call recursively, pass along list of already processed groups so they are not recursed again.
01236                                 }
01237                                         // Add the group uid, current list, TSconfig to the internal arrays.
01238                                 $this->includeGroupArray[]=$uid;
01239                                 $this->includeHierarchy[]=$idList;
01240                                 $this->TSdataArray[] = $this->addTScomment('Group "'.$row['title'].'" ['.$row['uid'].'] TSconfig field:').$row['TSconfig'];
01241 
01242                                         // Mount group database-mounts
01243                                 if (($this->user['options']&1) == 1)    {       $this->dataLists['webmount_list'].= ','.$row['db_mountpoints']; }
01244 
01245                                         // Mount group file-mounts
01246                                 if (($this->user['options']&2) == 2)    {       $this->dataLists['filemount_list'].= ','.$row['file_mountpoints'];      }
01247 
01248                                         // Mount group home-dirs
01249                                 if (($this->user['options']&2) == 2)    {
01250                                                 // If groupHomePath is set, we attempt to mount it
01251                                         if ($GLOBALS['TYPO3_CONF_VARS']['BE']['groupHomePath']) {
01252                                                 $this->addFileMount($row['title'], '', $GLOBALS['TYPO3_CONF_VARS']['BE']['groupHomePath'].$row['uid'], 0, 'group');
01253                                         }
01254                                 }
01255 
01256                                         // The lists are made: groupMods, tables_select, tables_modify, pagetypes_select, non_exclude_fields, explicit_allowdeny, allowed_languages, custom_options
01257                                 if ($row['inc_access_lists']==1)        {
01258                                         $this->dataLists['modList'].= ','.$row['groupMods'];
01259                                         $this->dataLists['tables_select'].= ','.$row['tables_select'];
01260                                         $this->dataLists['tables_modify'].= ','.$row['tables_modify'];
01261                                         $this->dataLists['pagetypes_select'].= ','.$row['pagetypes_select'];
01262                                         $this->dataLists['non_exclude_fields'].= ','.$row['non_exclude_fields'];
01263                                         $this->dataLists['explicit_allowdeny'].= ','.$row['explicit_allowdeny'];
01264                                         $this->dataLists['allowed_languages'].= ','.$row['allowed_languages'];
01265                                         $this->dataLists['custom_options'].= ','.$row['custom_options'];
01266                                 }
01267 
01268                                         // Setting workspace permissions:
01269                                 $this->dataLists['workspace_perms'] |= $row['workspace_perms'];
01270 
01271                                         // If this function is processing the users OWN group-list (not subgroups) AND if the ->firstMainGroup is not set, then the ->firstMainGroup will be set.
01272                                 if (!strcmp($idList,'') && !$this->firstMainGroup)      {
01273                                         $this->firstMainGroup=$uid;
01274                                 }
01275                         }
01276                 }
01277 
01278                 // ****************
01279                 // HOOK: fetchGroups_postProcessing
01280                 // ****************
01281                 if (is_array($TYPO3_CONF_VARS['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['fetchGroups_postProcessing'])) {
01282                         foreach($TYPO3_CONF_VARS['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['fetchGroups_postProcessing'] as $_funcRef) {
01283                                 $_params = array();
01284                                 t3lib_div::callUserFunction($_funcRef, $_params, $this);
01285                         }
01286                 }
01287         }
01288 
01297         function setCachedList($cList)  {
01298                 if ((string)$cList != (string)$this->user['usergroup_cached_list'])     {
01299                         $GLOBALS['TYPO3_DB']->exec_UPDATEquery('be_users', 'uid='.intval($this->user['uid']), array('usergroup_cached_list' => $cList));
01300                 }
01301         }
01302 
01317         function addFileMount($title, $altTitle, $path, $webspace, $type)       {
01318                         // Return false if fileadminDir is not set and we try to mount a relative path
01319                 if ($webspace && !$GLOBALS['TYPO3_CONF_VARS']['BE']['fileadminDir'])    return false;
01320 
01321                         // Trimming and pre-processing
01322                 $path=trim($path);
01323                 if ($this->OS=='WIN')   {               // with WINDOWS convert backslash to slash!!
01324                         $path=str_replace('\\','/',$path);
01325                 }
01326                         // If the path is true and validates as a valid path string:
01327                 if ($path && t3lib_div::validPathStr($path))    {
01328                                 // normalize path: remove leading '/' and './', and trailing '/' and '/.'
01329                         $path=trim($path);
01330                         $path=preg_replace('#^\.?/|/\.?$#','',$path);
01331 
01332                         if ($path)      {       // there must be some chars in the path
01333                                 $fdir=PATH_site.$GLOBALS['TYPO3_CONF_VARS']['BE']['fileadminDir'];      // fileadmin dir, absolute
01334                                 if ($webspace)  {
01335                                         $path=$fdir.$path;      // PATH_site + fileadmin dir is prepended
01336                                 } else {
01337                                         if ($this->OS!='WIN')   {               // with WINDOWS no prepending!!
01338                                                 $path='/'.$path;        // root-level is the start...
01339                                         }
01340                                 }
01341                                 $path.='/';
01342 
01343                                         // We now have a path with slash after and slash before (if unix)
01344                                 if (@is_dir($path) &&
01345                                         (($GLOBALS['TYPO3_CONF_VARS']['BE']['lockRootPath'] && t3lib_div::isFirstPartOfStr($path,$GLOBALS['TYPO3_CONF_VARS']['BE']['lockRootPath'])) || t3lib_div::isFirstPartOfStr($path,$fdir)))      {
01346                                                         // Alternative title?
01347                                                 $name = $title ? $title : $altTitle;
01348                                                         // Adds the filemount. The same filemount with same name, type and path cannot be set up twice because of the hash string used as key.
01349                                                 $this->groupData['filemounts'][md5($name.'|'.$path.'|'.$type)] = Array('name'=>$name, 'path'=>$path, 'type'=>$type);
01350                                                         // Return true - went well, success!
01351                                                 return 1;
01352                                 }
01353                         }
01354                 }
01355         }
01356 
01363         function addTScomment($str)     {
01364                 $delimiter = '# ***********************************************';
01365 
01366                 $out = $delimiter.chr(10);
01367                 $lines = t3lib_div::trimExplode(chr(10),$str);
01368                 foreach($lines as $v)   {
01369                         $out.= '# '.$v.chr(10);
01370                 }
01371                 $out.= $delimiter.chr(10);
01372                 return $out;
01373         }
01374 
01375 
01376 
01377 
01378 
01379 
01380 
01381 
01382 
01383 
01384 
01385 
01386         /************************************
01387          *
01388          * Workspaces
01389          *
01390          ************************************/
01391 
01399         function workspaceInit()        {
01400 
01401                         // Initializing workspace by evaluating and setting the workspace, possibly updating it in the user record!
01402                 $this->setWorkspace($this->user['workspace_id']);
01403 
01404                         // Setting up the db mount points of the (custom) workspace, if any:
01405                 if ($this->workspace>0 && trim($this->workspaceRec['db_mountpoints'])!=='')     {
01406 
01407                                 // Initialize:
01408                         $newMounts = array();
01409                         $readPerms = '1=1'; // Notice: We cannot call $this->getPagePermsClause(1); as usual because the group-list is not available at this point. But bypassing is fine because all we want here is check if the workspace mounts are inside the current webmounts rootline. The actual permission checking on page level is done elsewhere as usual anyway before the page tree is rendered.
01410 
01411                                 // Traverse mount points of the
01412                         $mountPoints = t3lib_div::intExplode(',',$this->workspaceRec['db_mountpoints']);
01413                         foreach($mountPoints as $mpId)  {
01414                                 if ($this->isInWebMount($mpId,$readPerms))      {
01415                                         $newMounts[] = $mpId;
01416                                 }
01417                         }
01418 
01419                                 // Re-insert webmounts:
01420                         $this->groupData['webmounts'] = implode(',',array_unique($newMounts));
01421                 }
01422 
01423                         // Setting up the file mount points of the (custom) workspace, if any:
01424                 if ($this->workspace!==0)       $this->groupData['filemounts'] = array();
01425                 if ($this->workspace>0 && trim($this->workspaceRec['file_mountpoints'])!=='')   {
01426 
01427                                 // Processing filemounts
01428                         $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('*', 'sys_filemounts', 'deleted=0 AND hidden=0 AND pid=0 AND uid IN ('.$GLOBALS['TYPO3_DB']->cleanIntList($this->workspaceRec['file_mountpoints']).')');
01429                         while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res))      {
01430                                 $this->addFileMount($row['title'], $row['path'], $row['path'], $row['base']?1:0, '');
01431                         }
01432                 }
01433         }
01434 
01442         function checkWorkspace($wsRec,$fields='uid,title,adminusers,members,reviewers,publish_access,stagechg_notification')   {
01443                 $retVal = FALSE;
01444 
01445                         // If not array, look up workspace record:
01446                 if (!is_array($wsRec))  {
01447                         switch((string)$wsRec)  {
01448                                 case '0':
01449                                 case '-1':
01450                                         $wsRec = array('uid' => $wsRec);
01451                                 break;
01452                                 default:
01453                                         list($wsRec) = $GLOBALS['TYPO3_DB']->exec_SELECTgetRows(
01454                                                 $fields,
01455                                                 'sys_workspace',
01456                                                 'pid=0 AND uid='.intval($wsRec).
01457                                                         t3lib_BEfunc::deleteClause('sys_workspace'),
01458                                                 '',
01459                                                 'title'
01460                                         );
01461                                 break;
01462                         }
01463                 }
01464 
01465                         // If wsRec is set to an array, evaluate it:
01466                 if (is_array($wsRec))   {
01467                         if ($this->isAdmin())   {
01468                                 return array_merge($wsRec,array('_ACCESS' => 'admin'));
01469                         } else {
01470 
01471                                 switch((string)$wsRec['uid'])   {
01472                                         case '0':
01473                                                 $retVal = ($this->groupData['workspace_perms']&1) ? array_merge($wsRec,array('_ACCESS' => 'online')) : FALSE;
01474                                         break;
01475                                         case '-1':
01476                                                 $retVal = ($this->groupData['workspace_perms']&2) ? array_merge($wsRec,array('_ACCESS' => 'offline')) : FALSE;
01477                                         break;
01478                                         default:
01479                                                         // Checking if the guy is admin:
01480                                                 if (t3lib_div::inList($wsRec['adminusers'],$this->user['uid'])) {
01481                                                         return array_merge($wsRec, array('_ACCESS' => 'owner'));
01482                                                 }
01483                                                         // Checking if he is reviewer user:
01484                                                 if (t3lib_div::inList($wsRec['reviewers'],'be_users_'.$this->user['uid']))      {
01485                                                         return array_merge($wsRec, array('_ACCESS' => 'reviewer'));
01486                                                 }
01487                                                         // Checking if he is reviewer through a user group of his:
01488                                                 foreach($this->userGroupsUID as $groupUid)      {
01489                                                         if (t3lib_div::inList($wsRec['reviewers'],'be_groups_'.$groupUid))      {
01490                                                                 return array_merge($wsRec, array('_ACCESS' => 'reviewer'));
01491                                                         }
01492                                                 }
01493                                                         // Checking if he is member as user:
01494                                                 if (t3lib_div::inList($wsRec['members'],'be_users_'.$this->user['uid']))        {
01495