00001 <?php 00002 /*************************************************************** 00003 * Copyright notice 00004 * 00005 * (c) 1999-2008 Kasper Skaarhoj (kasperYYYY@typo3.com) 00006 * All rights reserved 00007 * 00008 * This script is part of the TYPO3 project. The TYPO3 project is 00009 * free software; you can redistribute it and/or modify 00010 * it under the terms of the GNU General Public License as published by 00011 * the Free Software Foundation; either version 2 of the License, or 00012 * (at your option) any later version. 00013 * 00014 * The GNU General Public License can be found at 00015 * http://www.gnu.org/copyleft/gpl.html. 00016 * A copy is found in the textfile GPL.txt and important notices to the license 00017 * from the author is found in LICENSE.txt distributed with these scripts. 00018 * 00019 * 00020 * This script is distributed in the hope that it will be useful, 00021 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00022 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00023 * GNU General Public License for more details. 00024 * 00025 * This copyright notice MUST APPEAR in all copies of the script! 00026 ***************************************************************/ 00027 /** 00028 * Contains an extension class specifically for authentication/initialization of backend users in TYPO3 00029 * 00030 * $Id: class.t3lib_userauthgroup.php 4579 2008-12-20 17:32:31Z ohader $ 00031 * Revised for TYPO3 3.6 July/2003 by Kasper Skaarhoj 00032 * 00033 * @author Kasper Skaarhoj <kasperYYYY@typo3.com> 00034 */ 00035 /** 00036 * [CLASS/FUNCTION INDEX of SCRIPT] 00037 * 00038 * 00039 * 00040 * 135: class t3lib_userAuthGroup extends t3lib_userAuth 00041 * 00042 * SECTION: Permission checking functions: 00043 * 199: function isAdmin() 00044 * 211: function isMemberOfGroup($groupId) 00045 * 233: function doesUserHaveAccess($row,$perms) 00046 * 250: function isInWebMount($id,$readPerms='',$exitOnError=0) 00047 * 277: function modAccess($conf,$exitOnError) 00048 * 328: function getPagePermsClause($perms) 00049 * 367: function calcPerms($row) 00050 * 405: function isRTE() 00051 * 439: function check($type,$value) 00052 * 456: function checkAuthMode($table,$field,$value,$authMode) 00053 * 522: function checkLanguageAccess($langValue) 00054 * 544: function recordEditAccessInternals($table,$idOrRow,$newRecord=FALSE) 00055 * 619: function isPSet($lCP,$table,$type='') 00056 * 636: function mayMakeShortcut() 00057 * 650: function workspaceCannotEditRecord($table,$recData) 00058 * 689: function workspaceCannotEditOfflineVersion($table,$recData) 00059 * 712: function workspaceAllowLiveRecordsInPID($pid, $table) 00060 * 733: function workspaceCreateNewRecord($pid, $table) 00061 * 752: function workspaceAllowAutoCreation($table,$id,$recpid) 00062 * 772: function workspaceCheckStageForCurrent($stage) 00063 * 795: function workspacePublishAccess($wsid) 00064 * 823: function workspaceSwapAccess() 00065 * 835: function workspaceVersioningTypeAccess($type) 00066 * 866: function workspaceVersioningTypeGetClosest($type) 00067 * 00068 * SECTION: Miscellaneous functions 00069 * 909: function getTSConfig($objectString,$config='') 00070 * 935: function getTSConfigVal($objectString) 00071 * 947: function getTSConfigProp($objectString) 00072 * 959: function inList($in_list,$item) 00073 * 970: function returnWebmounts() 00074 * 980: function returnFilemounts() 00075 * 997: function jsConfirmation($bitmask) 00076 * 00077 * SECTION: Authentication methods 00078 * 1035: function fetchGroupData() 00079 * 1168: function fetchGroups($grList,$idList='') 00080 * 1266: function setCachedList($cList) 00081 * 1286: function addFileMount($title, $altTitle, $path, $webspace, $type) 00082 * 1333: function addTScomment($str) 00083 * 00084 * SECTION: Workspaces 00085 * 1369: function workspaceInit() 00086 * 1412: function checkWorkspace($wsRec,$fields='uid,title,adminusers,members,reviewers,publish_access,stagechg_notification') 00087 * 1487: function checkWorkspaceCurrent() 00088 * 1500: function setWorkspace($workspaceId) 00089 * 1528: function setWorkspacePreview($previewState) 00090 * 1538: function getDefaultWorkspace() 00091 * 00092 * SECTION: Logging 00093 * 1589: function writelog($type,$action,$error,$details_nr,$details,$data,$tablename='',$recuid='',$recpid='',$event_pid=-1,$NEWid='',$userId=0) 00094 * 1621: function simplelog($message, $extKey='', $error=0) 00095 * 1642: function checkLogFailures($email, $secondsBack=3600, $max=3) 00096 * 00097 * TOTAL FUNCTIONS: 45 00098 * (This index is automatically created/updated by the extension "extdeveval") 00099 * 00100 */ 00101 00102 // Need this for parsing User TSconfig 00103 require_once (PATH_t3lib.'class.t3lib_tsparser.php'); 00104 00105 00106 00107 00108 00109 00110 00111 00112 00113 00114 00115 00116 00117 00118 00119 00120 00121 00122 00123 00124 00125 /** 00126 * Extension to class.t3lib_userauth.php; Authentication of users in TYPO3 Backend 00127 * 00128 * Actually this class is extended again by t3lib_beuserauth which is the actual backend user class that will be instantiated. 00129 * In fact the two classes t3lib_beuserauth and this class could just as well be one, single class since t3lib_userauthgroup is not - to my knowledge - used separately elsewhere. But for historical reasons they are two separate classes. 00130 * 00131 * @author Kasper Skaarhoj <kasperYYYY@typo3.com> 00132 * @package TYPO3 00133 * @subpackage t3lib 00134 */ 00135 class t3lib_userAuthGroup extends t3lib_userAuth { 00136 var $usergroup_column = 'usergroup'; // Should be set to the usergroup-column (id-list) in the user-record 00137 var $usergroup_table = 'be_groups'; // The name of the group-table 00138 00139 // internal 00140 var $groupData = Array( // This array holds lists of eg. tables, fields and other values related to the permission-system. See fetchGroupData 00141 'filemounts' => Array() // Filemounts are loaded here 00142 ); 00143 var $workspace = -99; // User workspace. -99 is ERROR (none available), -1 is offline, 0 is online, >0 is custom workspaces. 00144 var $workspaceRec = array(); // Custom workspace record if any 00145 00146 var $userGroups = Array(); // This array will hold the groups that the user is a member of 00147 var $userGroupsUID = Array(); // This array holds the uid's of the groups in the listed order 00148 var $groupList =''; // This is $this->userGroupsUID imploded to a comma list... Will correspond to the 'usergroup_cached_list' 00149 var $dataLists=array( // Used internally to accumulate data for the user-group. DONT USE THIS EXTERNALLY! Use $this->groupData instead 00150 'webmount_list'=>'', 00151 'filemount_list'=>'', 00152 'fileoper_perms' => 0, 00153 'modList'=>'', 00154 'tables_select'=>'', 00155 'tables_modify'=>'', 00156 'pagetypes_select'=>'', 00157 'non_exclude_fields'=>'', 00158 'explicit_allowdeny'=>'', 00159 'allowed_languages' => '', 00160 'workspace_perms' => '', 00161 'custom_options' => '', 00162 ); 00163 var $includeHierarchy=array(); // For debugging/display of order in which subgroups are included. 00164 var $includeGroupArray=array(); // List of group_id's in the order they are processed. 00165 00166 var $OS=''; // Set to 'WIN', if windows 00167 var $TSdataArray=array(); // Used to accumulate the TSconfig data of the user 00168 var $userTS_text = ''; // Contains the non-parsed user TSconfig 00169 var $userTS = array(); // Contains the parsed user TSconfig 00170 var $userTSUpdated=0; // Set internally if the user TSconfig was parsed and needs to be cached. 00171 var $userTS_dontGetCached=0; // Set this from outside if you want the user TSconfig to ALWAYS be parsed and not fetched from cache. 00172 00173 var $RTE_errors = array(); // RTE availability errors collected. 00174 var $errorMsg = ''; // Contains last error message 00175 00176 var $checkWorkspaceCurrent_cache=NULL; // Cache for checkWorkspaceCurrent() 00177 00178 00179 00180 00181 00182 00183 00184 00185 00186 00187 00188 /************************************ 00189 * 00190 * Permission checking functions: 00191 * 00192 ************************************/ 00193 00194 /** 00195 * Returns true if user is admin 00196 * Basically this function evaluates if the ->user[admin] field has bit 0 set. If so, user is admin. 00197 * 00198 * @return boolean 00199 */ 00200 function isAdmin() { 00201 return (($this->user['admin']&1) ==1); 00202 } 00203 00204 /** 00205 * Returns true if the current user is a member of group $groupId 00206 * $groupId must be set. $this->groupList must contain groups 00207 * Will return true also if the user is a member of a group through subgroups. 00208 * 00209 * @param integer Group ID to look for in $this->groupList 00210 * @return boolean 00211 */ 00212 function isMemberOfGroup($groupId) { 00213 $groupId = intval($groupId); 00214 if ($this->groupList && $groupId) { 00215 return $this->inList($this->groupList, $groupId); 00216 } 00217 } 00218 00219 /** 00220 * Checks if the permissions is granted based on a page-record ($row) and $perms (binary and'ed) 00221 * 00222 * Bits for permissions, see $perms variable: 00223 * 00224 * 1 - Show: See/Copy page and the pagecontent. 00225 * 16- Edit pagecontent: Change/Add/Delete/Move pagecontent. 00226 * 2- Edit page: Change/Move the page, eg. change title, startdate, hidden. 00227 * 4- Delete page: Delete the page and pagecontent. 00228 * 8- New pages: Create new pages under the page. 00229 * 00230 * @param array $row is the pagerow for which the permissions is checked 00231 * @param integer $perms is the binary representation of the permission we are going to check. Every bit in this number represents a permission that must be set. See function explanation. 00232 * @return boolean True or False upon evaluation 00233 */ 00234 function doesUserHaveAccess($row,$perms) { 00235 $userPerms = $this->calcPerms($row); 00236 return ($userPerms & $perms)==$perms; 00237 } 00238 00239 /** 00240 * Checks if the page id, $id, is found within the webmounts set up for the user. 00241 * This should ALWAYS be checked for any page id a user works with, whether it's about reading, writing or whatever. 00242 * The point is that this will add the security that a user can NEVER touch parts outside his mounted pages in the page tree. This is otherwise possible if the raw page permissions allows for it. So this security check just makes it easier to make safe user configurations. 00243 * If the user is admin OR if this feature is disabled (fx. by setting TYPO3_CONF_VARS['BE']['lockBeUserToDBmounts']=0) then it returns "1" right away 00244 * Otherwise the function will return the uid of the webmount which was first found in the rootline of the input page $id 00245 * 00246 * @param integer Page ID to check 00247 * @param string Content of "->getPagePermsClause(1)" (read-permissions). If not set, they will be internally calculated (but if you have the correct value right away you can save that database lookup!) 00248 * @param boolean If set, then the function will exit with an error message. 00249 * @return integer The page UID of a page in the rootline that matched a mount point 00250 */ 00251 function isInWebMount($id,$readPerms='',$exitOnError=0) { 00252 if (!$GLOBALS['TYPO3_CONF_VARS']['BE']['lockBeUserToDBmounts'] || $this->isAdmin()) return 1; 00253 $id = intval($id); 00254 00255 // Check if input id is an offline version page in which case we will map id to the online version: 00256 $checkRec = t3lib_beFUnc::getRecord('pages',$id,'pid,t3ver_oid'); 00257 if ($checkRec['pid']==-1) { 00258 $id = intval($checkRec['t3ver_oid']); 00259 } 00260 00261 if (!$readPerms) $readPerms = $this->getPagePermsClause(1); 00262 if ($id>0) { 00263 $wM = $this->returnWebmounts(); 00264 $rL = t3lib_BEfunc::BEgetRootLine($id,' AND '.$readPerms); 00265 00266 foreach($rL as $v) { 00267 if ($v['uid'] && in_array($v['uid'],$wM)) { 00268 return $v['uid']; 00269 } 00270 } 00271 } 00272 if ($exitOnError) { 00273 t3lib_BEfunc::typo3PrintError ('Access Error','This page is not within your DB-mounts',0); 00274 exit; 00275 } 00276 } 00277 00278 /** 00279 * Checks access to a backend module with the $MCONF passed as first argument 00280 * 00281 * @param array $MCONF array of a backend module! 00282 * @param boolean If set, an array will issue an error message and exit. 00283 * @return boolean Will return true if $MCONF['access'] is not set at all, if the BE_USER is admin or if the module is enabled in the be_users/be_groups records of the user (specifically enabled). Will return false if the module name is not even found in $TBE_MODULES 00284 */ 00285 function modAccess($conf,$exitOnError) { 00286 if (!t3lib_BEfunc::isModuleSetInTBE_MODULES($conf['name'])) { 00287 if ($exitOnError) { 00288 t3lib_BEfunc::typo3PrintError ('Fatal Error','This module "'.$conf['name'].'" is not enabled in TBE_MODULES',0); 00289 exit; 00290 } 00291 return FALSE; 00292 } 00293 00294 // Workspaces check: 00295 if ($conf['workspaces']) { 00296 if (($this->workspace===0 && t3lib_div::inList($conf['workspaces'],'online')) || 00297 ($this->workspace===-1 && t3lib_div::inList($conf['workspaces'],'offline')) || 00298 ($this->workspace>0 && t3lib_div::inList($conf['workspaces'],'custom'))) { 00299 // ok, go on... 00300 } else { 00301 if ($exitOnError) { 00302 t3lib_BEfunc::typo3PrintError ('Workspace Error','This module "'.$conf['name'].'" is not available under the current workspace',0); 00303 exit; 00304 } 00305 return FALSE; 00306 } 00307 } 00308 00309 // Returns true if conf[access] is not set at all or if the user is admin 00310 if (!$conf['access'] || $this->isAdmin()) return TRUE; 00311 00312 // If $conf['access'] is set but not with 'admin' then we return true, if the module is found in the modList 00313 if (!strstr($conf['access'],'admin') && $conf['name']) { 00314 $acs = $this->check('modules',$conf['name']); 00315 } 00316 if (!$acs && $exitOnError) { 00317 t3lib_BEfunc::typo3PrintError ('Access Error','You don\'t have access to this module.',0); 00318 exit; 00319 } else return $acs; 00320 } 00321 00322 /** 00323 * Returns a WHERE-clause for the pages-table where user permissions according to input argument, $perms, is validated. 00324 * $perms is the "mask" used to select. Fx. if $perms is 1 then you'll get all pages that a user can actually see! 00325 * 2^0 = show (1) 00326 * 2^1 = edit (2) 00327 * 2^2 = delete (4) 00328 * 2^3 = new (8) 00329 * If the user is 'admin' " 1=1" is returned (no effect) 00330 * If the user is not set at all (->user is not an array), then " 1=0" is returned (will cause no selection results at all) 00331 * The 95% use of this function is "->getPagePermsClause(1)" which will return WHERE clauses for *selecting* pages in backend listings - in other words this will check read permissions. 00332 * 00333 * @param integer Permission mask to use, see function description 00334 * @return string Part of where clause. Prefix " AND " to this. 00335 */ 00336 function getPagePermsClause($perms) { 00337 global $TYPO3_CONF_VARS; 00338 if (is_array($this->user)) { 00339 if ($this->isAdmin()) { 00340 return ' 1=1'; 00341 } 00342 00343 $perms = intval($perms); // Make sure it's integer. 00344 $str= ' ('. 00345 '(pages.perms_everybody & '.$perms.' = '.$perms.')'. // Everybody 00346 ' OR (pages.perms_userid = '.$this->user['uid'].' AND pages.perms_user & '.$perms.' = '.$perms.')'; // User 00347 if ($this->groupList) { 00348 $str.= ' OR (pages.perms_groupid in ('.$this->groupList.') AND pages.perms_group & '.$perms.' = '.$perms.')'; // Group (if any is set) 00349 } 00350 $str.=')'; 00351 00352 // **************** 00353 // getPagePermsClause-HOOK 00354 // **************** 00355 if (is_array($TYPO3_CONF_VARS['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['getPagePermsClause'])) { 00356 00357 foreach($TYPO3_CONF_VARS['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['getPagePermsClause'] as $_funcRef) { 00358 $_params = array('currentClause' => $str, 'perms' => $perms); 00359 $str = t3lib_div::callUserFunction($_funcRef, $_params, $this); 00360 } 00361 } 00362 00363 return $str; 00364 } else { 00365 return ' 1=0'; 00366 } 00367 } 00368 00369 /** 00370 * Returns a combined binary representation of the current users permissions for the page-record, $row. 00371 * The perms for user, group and everybody is OR'ed together (provided that the page-owner is the user and for the groups that the user is a member of the group 00372 * If the user is admin, 31 is returned (full permissions for all five flags) 00373 * 00374 * @param array Input page row with all perms_* fields available. 00375 * @return integer Bitwise representation of the users permissions in relation to input page row, $row 00376 */ 00377 function calcPerms($row) { 00378 global $TYPO3_CONF_VARS; 00379 if ($this->isAdmin()) {return 31;} // Return 31 for admin users. 00380 00381 $out=0; 00382 if (isset($row['perms_userid']) && isset($row['perms_user']) && isset($row['perms_groupid']) && isset($row['perms_group']) && isset($row['perms_everybody']) && isset($this->groupList)) { 00383 if ($this->user['uid']==$row['perms_userid']) { 00384 $out|=$row['perms_user']; 00385 } 00386 if ($this->isMemberOfGroup($row['perms_groupid'])) { 00387 $out|=$row['perms_group']; 00388 } 00389 $out|=$row['perms_everybody']; 00390 } 00391 00392 // **************** 00393 // CALCPERMS hook 00394 // **************** 00395 if (is_array($TYPO3_CONF_VARS['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['calcPerms'])) { 00396 foreach($TYPO3_CONF_VARS['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['calcPerms'] as $_funcRef) { 00397 $_params = array( 00398 'row' => $row, 00399 'outputPermissions' => $out 00400 ); 00401 $out = t3lib_div::callUserFunction($_funcRef, $_params, $this); 00402 } 00403 } 00404 00405 return $out; 00406 } 00407 00408 /** 00409 * Returns true if the RTE (Rich Text Editor) can be enabled for the user 00410 * Strictly this is not permissions being checked but rather a series of settings like a loaded extension, browser/client type and a configuration option in ->uc[edit_RTE] 00411 * The reasons for a FALSE return can be found in $this->RTE_errors 00412 * 00413 * @return boolean 00414 */ 00415 function isRTE() { 00416 global $CLIENT; 00417 00418 // Start: 00419 $this->RTE_errors = array(); 00420 if (!$this->uc['edit_RTE']) 00421 $this->RTE_errors[] = 'RTE is not enabled for user!'; 00422 if (!$GLOBALS['TYPO3_CONF_VARS']['BE']['RTEenabled']) 00423 $this->RTE_errors[] = 'RTE is not enabled in $TYPO3_CONF_VARS["BE"]["RTEenabled"]'; 00424 00425 00426 // Acquire RTE object: 00427 $RTE = &t3lib_BEfunc::RTEgetObj(); 00428 if (!is_object($RTE)) { 00429 $this->RTE_errors = array_merge($this->RTE_errors, $RTE); 00430 } 00431 00432 if (!count($this->RTE_errors)) { 00433 return TRUE; 00434 } else { 00435 return FALSE; 00436 } 00437 } 00438 00439 /** 00440 * Returns true if the $value is found in the list in a $this->groupData[] index pointed to by $type (array key). 00441 * Can thus be users to check for modules, exclude-fields, select/modify permissions for tables etc. 00442 * If user is admin true is also returned 00443 * Please see the document Inside TYPO3 for examples. 00444 * 00445 * @param string The type value; "webmounts", "filemounts", "pagetypes_select", "tables_select", "tables_modify", "non_exclude_fields", "modules" 00446 * @param string String to search for in the groupData-list 00447 * @return boolean True if permission is granted (that is, the value was found in the groupData list - or the BE_USER is "admin") 00448 */ 00449 function check($type,$value) { 00450 if (isset($this->groupData[$type])) { 00451 if ($this->isAdmin() || $this->inList($this->groupData[$type],$value)) { 00452 return 1; 00453 } 00454 } 00455 } 00456 00457 /** 00458 * Checking the authMode of a select field with authMode set 00459 * 00460 * @param string Table name 00461 * @param string Field name (must be configured in TCA and of type "select" with authMode set!) 00462 * @param string Value to evaluation (single value, must not contain any of the chars ":,|") 00463 * @param string Auth mode keyword (explicitAllow, explicitDeny, individual) 00464 * @return boolean True or false whether access is granted or not. 00465 */ 00466 function checkAuthMode($table,$field,$value,$authMode) { 00467 global $TCA; 00468 00469 // Admin users can do anything: 00470 if ($this->isAdmin()) return TRUE; 00471 00472 // Allow all blank values: 00473 if (!strcmp($value,'')) return TRUE; 00474 00475 // Certain characters are not allowed in the value 00476 if (ereg('[:|,]',$value)) { 00477 return FALSE; 00478 } 00479 00480 // Initialize: 00481 $testValue = $table.':'.$field.':'.$value; 00482 $out = TRUE; 00483 00484 // Checking value: 00485 switch((string)$authMode) { 00486 case 'explicitAllow': 00487 if (!$this->inList($this->groupData['explicit_allowdeny'],$testValue.':ALLOW')) { 00488 $out = FALSE; 00489 } 00490 break; 00491 case 'explicitDeny': 00492 if ($this->inList($this->groupData['explicit_allowdeny'],$testValue.':DENY')) { 00493 $out = FALSE; 00494 } 00495 break; 00496 case 'individual': 00497 t3lib_div::loadTCA($table); 00498 if (is_array($TCA[$table]) && is_array($TCA[$table]['columns'][$field])) { 00499 $items = $TCA[$table]['columns'][$field]['config']['items']; 00500 if (is_array($items)) { 00501 foreach($items as $iCfg) { 00502 if (!strcmp($iCfg[1],$value) && $iCfg[4]) { 00503 switch((string)$iCfg[4]) { 00504 case 'EXPL_ALLOW': 00505 if (!$this->inList($this->groupData['explicit_allowdeny'],$testValue.':ALLOW')) { 00506 $out = FALSE; 00507 } 00508 break; 00509 case 'EXPL_DENY': 00510 if ($this->inList($this->groupData['explicit_allowdeny'],$testValue.':DENY')) { 00511 $out = FALSE; 00512 } 00513 break; 00514 } 00515 break; 00516 } 00517 } 00518 } 00519 } 00520 break; 00521 } 00522 00523 return $out; 00524 } 00525 00526 /** 00527 * Checking if a language value (-1, 0 and >0 for sys_language records) is allowed to be edited by the user. 00528 * 00529 * @param integer Language value to evaluate 00530 * @return boolean Returns true if the language value is allowed, otherwise false. 00531 */ 00532 function checkLanguageAccess($langValue) { 00533 if (strcmp(trim($this->groupData['allowed_languages']),'')) { // The users language list must be non-blank - otherwise all languages are allowed. 00534 $langValue = intval($langValue); 00535 if ($langValue != -1 && !$this->check('allowed_languages',$langValue)) { // Language must either be explicitly allowed OR the lang Value be "-1" (all languages) 00536 return FALSE; 00537 } 00538 } 00539 return TRUE; 00540 } 00541 00542 /** 00543 * Checking if a user has editing access to a record from a $TCA table. 00544 * The checks does not take page permissions and other "environmental" things into account. It only deal with record internals; If any values in the record fields disallows it. 00545 * For instance languages settings, authMode selector boxes are evaluated (and maybe more in the future). 00546 * It will check for workspace dependent access. 00547 * The function takes an ID (integer) or row (array) as second argument. 00548 * 00549 * @param string Table name 00550 * @param mixed If integer, then this is the ID of the record. If Array this just represents fields in the record. 00551 * @param boolean Set, if testing a new (non-existing) record array. Will disable certain checks that doesn't make much sense in that context. 00552 * @return boolean True if OK, otherwise false 00553 */ 00554 function recordEditAccessInternals($table,$idOrRow,$newRecord=FALSE) { 00555 global $TCA; 00556 00557 if (isset($TCA[$table])) { 00558 t3lib_div::loadTCA($table); 00559 00560 // Always return true for Admin users. 00561 if ($this->isAdmin()) return TRUE; 00562 00563 // Fetching the record if the $idOrRow variable was not an array on input: 00564 if (!is_array($idOrRow)) { 00565 $idOrRow = t3lib_BEfunc::getRecord($table, $idOrRow); 00566 if (!is_array($idOrRow)) { 00567 $this->errorMsg = 'ERROR: Record could not be fetched.'; 00568 return FALSE; 00569 } 00570 } 00571 00572 // Checking languages: 00573 if ($TCA[$table]['ctrl']['languageField']) { 00574 if (isset($idOrRow[$TCA[$table]['ctrl']['languageField']])) { // Language field must be found in input row - otherwise it does not make sense. 00575 if (!$this->checkLanguageAccess($idOrRow[$TCA[$table]['ctrl']['languageField']])) { 00576 $this->errorMsg = 'ERROR: Language was not allowed.'; 00577 return FALSE; 00578 } 00579 } else { 00580 $this->errorMsg = 'ERROR: The "languageField" field named "'.$TCA[$table]['ctrl']['languageField'].'" was not found in testing record!'; 00581 return FALSE; 00582 } 00583 } 00584 00585 // Checking authMode fields: 00586 if (is_array($TCA[$table]['columns'])) { 00587 foreach($TCA[$table]['columns'] as $fN => $fV) { 00588 if (isset($idOrRow[$fN])) { // 00589 if ($fV['config']['type']=='select' && $fV['config']['authMode'] && !strcmp($fV['config']['authMode_enforce'],'strict')) { 00590 if (!$this->checkAuthMode($table,$fN,$idOrRow[$fN],$fV['config']['authMode'])) { 00591 $this->errorMsg = 'ERROR: authMode "'.$fV['config']['authMode'].'" failed for field "'.$fN.'" with value "'.$idOrRow[$fN].'" evaluated'; 00592 return FALSE; 00593 } 00594 } 00595 } 00596 } 00597 } 00598 00599 // Checking "editlock" feature (doesn't apply to new records) 00600 if (!$newRecord && $TCA[$table]['ctrl']['editlock']) { 00601 if (isset($idOrRow[$TCA[$table]['ctrl']['editlock']])) { 00602 if ($idOrRow[$TCA[$table]['ctrl']['editlock']]) { 00603 $this->errorMsg = 'ERROR: Record was locked for editing. Only admin users can change this state.'; 00604 return FALSE; 00605 } 00606 } else { 00607 $this->errorMsg = 'ERROR: The "editLock" field named "'.$TCA[$table]['ctrl']['editlock'].'" was not found in testing record!'; 00608 return FALSE; 00609 } 00610 } 00611 00612 // Checking record permissions 00613 // THIS is where we can include a check for "perms_" fields for other records than pages... 00614 00615 // Process any hooks 00616 if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['recordEditAccessInternals'])) { 00617 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['recordEditAccessInternals'] as $funcRef) { 00618 $params = array( 00619 'table' => $table, 00620 'idOrRow' => $idOrRow, 00621 'newRecord' => $newRecord 00622 ); 00623 if (!t3lib_div::callUserFunction($funcRef, $params, $this)) { 00624 return FALSE; 00625 } 00626 } 00627 } 00628 00629 // Finally, return true if all is well. 00630 return TRUE; 00631 } 00632 } 00633 00634 /** 00635 * Will check a type of permission against the compiled permission integer, $lCP, and in relation to table, $table 00636 * 00637 * @param integer $lCP could typically be the "compiled permissions" integer returned by ->calcPerms 00638 * @param string $table is the tablename to check: If "pages" table then edit,new,delete and editcontent permissions can be checked. Other tables will be checked for "editcontent" only (and $type will be ignored) 00639 * @param string For $table='pages' this can be 'edit' (2), 'new' (8 or 16), 'delete' (4), 'editcontent' (16). For all other tables this is ignored. (16 is used) 00640 * @return boolean 00641 * @access private 00642 */ 00643 function isPSet($lCP,$table,$type='') { 00644 if ($this->isAdmin()) return true; 00645 if ($table=='pages') { 00646 if ($type=='edit') return $lCP & 2; 00647 if ($type=='new') return ($lCP & 8) || ($lCP & 16); // Create new page OR pagecontent 00648 if ($type=='delete') return $lCP & 4; 00649 if ($type=='editcontent') return $lCP & 16; 00650 } else { 00651 return $lCP & 16; 00652 } 00653 } 00654 00655 /** 00656 * Returns true if the BE_USER is allowed to *create* shortcuts in the backend modules 00657 * 00658 * @return boolean 00659 */ 00660 function mayMakeShortcut() { 00661 return $this->getTSConfigVal('options.shortcutFrame') && !$this->getTSConfigVal('options.mayNotCreateEditShortcuts'); 00662 } 00663 00664 /** 00665 * Checking if editing of an existing record is allowed in current workspace if that is offline. 00666 * Rules for editing in offline mode: 00667 * - record supports versioning and is an offline version from workspace and has the corrent stage 00668 * - or record (any) is in a branch where there is a page which is a version from the workspace and where the stage is not preventing records 00669 * 00670 * @param string Table of record 00671 * @param array Integer (record uid) or array where fields are at least: pid, t3ver_wsid, t3ver_stage (if versioningWS is set) 00672 * @return string String error code, telling the failure state. FALSE=All ok 00673 */ 00674 function workspaceCannotEditRecord($table,$recData) { 00675 00676 if ($this->workspace!==0) { // Only test offline spaces: 00677 00678 if (!is_array($recData)) { 00679 $recData = t3lib_BEfunc::getRecord($table,$recData,'pid'.($GLOBALS['TCA'][$table]['ctrl']['versioningWS']?',t3ver_wsid,t3ver_stage':'')); 00680 } 00681 00682 if (is_array($recData)) { 00683 if ((int)$recData['pid']===-1) { // We are testing a "version" (identified by a pid of -1): it can be edited provided that workspace matches and versioning is enabled for the table. 00684 if (!$GLOBALS['TCA'][$table]['ctrl']['versioningWS']) { // No versioning, basic error, inconsistency even! Such records should not have a pid of -1! 00685 return 'Versioning disabled for table'; 00686 } elseif ((int)$recData['t3ver_wsid']!==$this->workspace) { // So does workspace match? 00687 return 'Workspace ID of record didn\'t match current workspace'; 00688 } else { // So what about the stage of the version, does that allow editing for this user? 00689 return $this->workspaceCheckStageForCurrent($recData['t3ver_stage']) ? FALSE : 'Record stage "'.$recData['t3ver_stage'].'" and users access level did not allow for editing'; 00690 } 00691 } else { // We are testing a "live" record: 00692 if ($res = $this->workspaceAllowLiveRecordsInPID($recData['pid'], $table)) { // For "Live" records, check that PID for table allows editing 00693 // Live records are OK in this branch, but what about the stage of branch point, if any: 00694 return $res>0 ? FALSE : 'Stage for versioning root point and users access level did not allow for editing'; // OK 00695 } else { // If not offline and not in versionized branch, output error: 00696 return 'Online record was not in versionized branch!'; 00697 } 00698 } 00699 } else return 'No record'; 00700 } else { 00701 return FALSE; // OK because workspace is 0 00702 } 00703 } 00704 00705 /** 00706 * Evaluates if a user is allowed to edit the offline version 00707 * 00708 * @param string Table of record 00709 * @param array Integer (record uid) or array where fields are at least: pid, t3ver_wsid, t3ver_stage (if versioningWS is set) 00710 * @return string String error code, telling the failure state. FALSE=All ok 00711 * @see workspaceCannotEditRecord() 00712 */ 00713 function workspaceCannotEditOfflineVersion($table,$recData) { 00714 if ($GLOBALS['TCA'][$table]['ctrl']['versioningWS']) { 00715 00716 if (!is_array($recData)) { 00717 $recData = t3lib_BEfunc::getRecord($table,$recData,'uid,pid,t3ver_wsid,t3ver_stage'); 00718 } 00719 if (is_array($recData)) { 00720 if ((int)$recData['pid']===-1) { 00721 return $this->workspaceCannotEditRecord($table,$recData); 00722 } else return 'Not an offline version'; 00723 } else return 'No record'; 00724 } else return 'Table does not support versioning.'; 00725 } 00726 00727 /** 00728 * Check if "live" records from $table may be created or edited in this PID. 00729 * If the answer is FALSE it means the only valid way to create or edit records in the PID is by versioning 00730 * If the answer is 1 or 2 it means it is OK to create a record, if -1 it means that it is OK in terms of versioning because the element was within a versionized branch but NOT ok in terms of the state the root point had! 00731 * 00732 * @param integer PID value to check for. 00733 * @param string Table name 00734 * @return mixed Returns FALSE if a live record cannot be created and must be versionized in order to do so. 2 means a) Workspace is "Live" or workspace allows "live edit" of records from non-versionized tables (and the $table is not versionizable). 1 and -1 means the pid is inside a versionized branch where -1 means that the branch-point did NOT allow a new record according to its state. 00735 */ 00736 function workspaceAllowLiveRecordsInPID($pid, $table) { 00737 00738 // Always for Live workspace AND if live-edit is enabled and tables are completely without versioning it is ok as well. 00739 if ($this->workspace===0 || ($this->workspaceRec['live_edit'] && !$GLOBALS['TCA'][$table]['ctrl']['versioningWS']) || $GLOBALS['TCA'][$table]['ctrl']['versioningWS_alwaysAllowLiveEdit']) { 00740 return 2; // OK to create for this table. 00741 } elseif (t3lib_BEfunc::isPidInVersionizedBranch($pid, $table)) { // Check if records from $table can be created with this PID: Either if inside "branch" versioning type or a "versioning_followPages" table on a "page" versioning type. 00742 // Now, check what the stage of that "page" or "branch" version type is: 00743 $stage = t3lib_BEfunc::isPidInVersionizedBranch($pid, $table, TRUE); 00744 return $this->workspaceCheckStageForCurrent($stage) ? 1 : -1; 00745 } else { 00746 return FALSE; // If the answer is FALSE it means the only valid way to create or edit records in the PID is by versioning 00747 } 00748 } 00749 00750 /** 00751 * Evaluates if a record from $table can be created in $pid 00752 * 00753 * @param integer Page id. This value must be the _ORIG_uid if available: So when you have pages versionized as "page" or "element" you must supply the id of the page version in the workspace! 00754 * @param string Table name 00755 * @return boolean TRUE if OK. 00756 */ 00757 function workspaceCreateNewRecord($pid, $table) { 00758 if ($res = $this->workspaceAllowLiveRecordsInPID($pid,$table)) { // If LIVE records cannot be created in the current PID due to workspace restrictions, prepare creation of placeholder-record 00759 if ($res<0) { 00760 return FALSE; // Stage for versioning root point and users access level did not allow for editing 00761 } 00762 } elseif (!$GLOBALS['TCA'][$table]['ctrl']['versioningWS']) { // So, if no live records were allowed, we have to create a new version of this record: 00763 return FALSE; 00764 } 00765 return TRUE; 00766 } 00767 00768 /** 00769 * Evaluates if auto creation of a version of a record is allowed. 00770 * 00771 * @param string Table of the record 00772 * @param integer UID of record 00773 * @param integer PID of record 00774 * @return boolean TRUE if ok. 00775 */ 00776 function workspaceAllowAutoCreation($table,$id,$recpid) { 00777 // Auto-creation of version: In offline workspace, test if versioning is enabled and look for workspace version of input record. If there is no versionized record found we will create one and save to that. 00778 if ($this->workspace!==0 // Only in draft workspaces 00779 && !$this->workspaceRec['disable_autocreate'] // Auto-creation must not be disabled. 00780 && $GLOBALS['TCA'][$table]['ctrl']['versioningWS'] // Table must be versionizable 00781 && $recpid >= 0 // The PID of the record must NOT be -1 or less (would indicate that it already was a version!) 00782 && !t3lib_BEfunc::getWorkspaceVersionOfRecord($this->workspace, $table, $id, 'uid') // There must be no existing version of this record in workspace. 00783 && !t3lib_BEfunc::isPidInVersionizedBranch($recpid, $table)) { // PID must NOT be in a versionized branch either 00784 return TRUE; 00785 } 00786 } 00787 00788 /** 00789 * Checks if an element stage allows access for the user in the current workspace 00790 * In workspaces 0 (Live) and -1 (Default draft) access is always granted for any stage. 00791 * Admins are always allowed. 00792 * An option for custom workspaces allows members to also edit when the stage is "Review" 00793 * 00794 * @param integer Stage id from an element: -1,0 = editing, 1 = reviewer, >1 = owner 00795 * @return boolean TRUE if user is allowed access 00796 */ 00797 function workspaceCheckStageForCurrent($stage) { 00798 if ($this->isAdmin()) return TRUE; 00799 00800 if ($this->workspace>0) { 00801 $stat = $this->checkWorkspaceCurrent(); 00802 $memberStageLimit = $this->workspaceRec['review_stage_edit'] ? 1 : 0; 00803 if (($stage<=$memberStageLimit && $stat['_ACCESS']==='member') || 00804 ($stage<=1 && $stat['_ACCESS']==='reviewer') || 00805 ($stat['_ACCESS']==='owner')) { 00806 return TRUE; // OK for these criteria 00807 } 00808 } else return TRUE; // Always OK for live and draft workspaces. 00809 } 00810 00811 /** 00812 * Returns TRUE if the user has access to publish content from the workspace ID given. 00813 * Admin-users are always granted access to do this 00814 * If the workspace ID is 0 (live) all users have access also 00815 * If -1 (draft workspace) TRUE is returned if the user has access to the Live workspace 00816 * For custom workspaces it depends on whether the user is owner OR like with draft workspace if the user has access to Live workspace. 00817 * 00818 * @param integer Workspace UID; -1,0,1+ 00819 * @return boolean Returns TRUE if the user has access to publish content from the workspace ID given. 00820 */ 00821 function workspacePublishAccess($wsid) { 00822 if ($this->isAdmin()) return TRUE; 00823 00824 // If no access to workspace, of course you cannot publish! 00825 $retVal = FALSE; 00826 00827 $wsAccess = $this->checkWorkspace($wsid); 00828 if ($wsAccess) { 00829 switch($wsAccess['uid']) { 00830 case 0: // Live workspace 00831 $retVal = TRUE; // If access to Live workspace, no problem. 00832 break; 00833 case -1: // Default draft workspace 00834 $retVal = $this->checkWorkspace(0) ? TRUE : FALSE; // If access to Live workspace, no problem. 00835 break; 00836 default: // Custom workspace 00837 $retVal = $wsAccess['_ACCESS'] === 'owner' || ($this->checkWorkspace(0) && !($wsAccess['publish_access']&2)); // Either be an adminuser OR have access to online workspace which is OK as well as long as publishing access is not limited by workspace option. 00838 break; 00839 } 00840 } 00841 return $retVal; 00842 } 00843 00844 /** 00845 * Workspace swap-mode access? 00846 * 00847 * @return boolean Returns TRUE if records can be swapped in the current workspace, otherwise false 00848 */ 00849 function workspaceSwapAccess() { 00850 if ($this->workspace>0 && (int)$this->workspaceRec['swap_modes']===2) { 00851 return FALSE; 00852 } else return TRUE; 00853 } 00854 00855 /** 00856 * Workspace Versioning type access? 00857 * 00858 * @param integer Versioning type to evaluation: -1, 0, >1 00859 * @return boolean TRUE if OK 00860 */ 00861 function workspaceVersioningTypeAccess($type) { 00862 $retVal = FALSE; 00863 00864 $type = t3lib_div::intInRange($type,-1); 00865 00866 // Check if only element versioning is allowed: 00867 if ($GLOBALS['TYPO3_CONF_VARS']['BE']['elementVersioningOnly'] && $type!=-1) { 00868 return FALSE; 00869 } 00870 00871 if ($this->workspace>0 && !$this->isAdmin()) { 00872 $stat = $this->checkWorkspaceCurrent(); 00873 if ($stat['_ACCESS']!=='owner') { 00874 00875 switch((int)$type) { 00876 case -1: 00877 $retVal = $this->workspaceRec['vtypes']&1 ? FALSE : TRUE; 00878 break; 00879 case 0: 00880 $retVal = $this->workspaceRec['vtypes']&2 ? FALSE : TRUE; 00881 break; 00882 default: 00883 $retVal = $this->workspaceRec['vtypes']&4 ? FALSE : TRUE; 00884 break; 00885 } 00886 } else $retVal = TRUE; 00887 } else $retVal = TRUE; 00888 00889 return $retVal; 00890 } 00891 00892 /** 00893 * Finding "closest" versioning type, used for creation of new records. 00894 * 00895 * @param integer Versioning type to evaluation: -1, 0, >1 00896 * @return integer Returning versioning type 00897 */ 00898 function workspaceVersioningTypeGetClosest($type) { 00899 $type = t3lib_div::intInRange($type,-1); 00900 00901 if ($this->workspace>0) { 00902 switch((int)$type) { 00903 case -1: 00904 $type = -1; 00905 break; 00906 case 0: 00907 $type = $this->workspaceVersioningTypeAccess($type) ? $type : -1; 00908 break; 00909 default: 00910 $type = $this->workspaceVersioningTypeAccess($type) ? $type : ($this->workspaceVersioningTypeAccess(0) ? 0 : -1); 00911 break; 00912 } 00913 } 00914 return $type; 00915 } 00916 00917 00918 00919 00920 00921 00922 00923 00924 00925 00926 /************************************* 00927 * 00928 * Miscellaneous functions 00929 * 00930 *************************************/ 00931 00932 /** 00933 * Returns the value/properties of a TS-object as given by $objectString, eg. 'options.dontMountAdminMounts' 00934 * Nice (general!) function for returning a part of a TypoScript array! 00935 * 00936 * @param string Pointer to an "object" in the TypoScript array, fx. 'options.dontMountAdminMounts' 00937 * @param array Optional TSconfig array: If array, then this is used and not $this->userTS. If not array, $this->userTS is used. 00938 * @return array An array with two keys, "value" and "properties" where "value" is a string with the value of the objectsting and "properties" is an array with the properties of the objectstring. 00939 * @params array An array with the TypoScript where the $objectString is located. If this argument is not an array, then internal ->userTS (User TSconfig for the current BE_USER) will be used instead. 00940 */ 00941 function getTSConfig($objectString,$config='') { 00942 if (!is_array($config)) { 00943 $config=$this->userTS; // Getting Root-ts if not sent 00944 } 00945 $TSConf=array(); 00946 $parts = explode('.',$objectString,2); 00947 $key = $parts[0]; 00948 if (trim($key)) { 00949 if (count($parts)>1 && trim($parts[1])) { 00950 // Go on, get the next level 00951 if (is_array($config[$key.'.'])) $TSConf = $this->getTSConfig($parts[1],$config[$key.'.']); 00952 } else { 00953 $TSConf['value']=$config[$key]; 00954 $TSConf['properties']=$config[$key.'.']; 00955 } 00956 } 00957 return $TSConf; 00958 } 00959 00960 /** 00961 * Returns the "value" of the $objectString from the BE_USERS "User TSconfig" array 00962 * 00963 * @param string Object string, eg. "somestring.someproperty.somesubproperty" 00964 * @return string The value for that object string (object path) 00965 * @see getTSConfig() 00966 */ 00967 function getTSConfigVal($objectString) { 00968 $TSConf = $this->getTSConfig($objectString); 00969 return $TSConf['value']; 00970 } 00971 00972 /** 00973 * Returns the "properties" of the $objectString from the BE_USERS "User TSconfig" array 00974 * 00975 * @param string Object string, eg. "somestring.someproperty.somesubproperty" 00976 * @return array The properties for that object string (object path) - if any 00977 * @see getTSConfig() 00978 */ 00979 function getTSConfigProp($objectString) { 00980 $TSConf = $this->getTSConfig($objectString); 00981 return $TSConf['properties']; 00982 } 00983 00984 /** 00985 * Returns true if $item is in $in_list 00986 * 00987 * @param string Comma list with items, no spaces between items! 00988 * @param string The string to find in the list of items 00989 * @return string Boolean 00990 */ 00991 function inList($in_list,$item) { 00992 return strstr(','.$in_list.',', ','.$item.','); 00993 } 00994 00995 /** 00996 * Returns an array with the webmounts. 00997 * If no webmounts, and empty array is returned. 00998 * NOTICE: Deleted pages WILL NOT be filtered out! So if a mounted page has been deleted it is STILL coming out as a webmount. This is not checked due to performance. 00999 * 01000 * @return array 01001 */ 01002 function returnWebmounts() { 01003 return (string)($this->groupData['webmounts'])!='' ? explode(',',$this->groupData['webmounts']) : Array(); 01004 } 01005 01006 /** 01007 * Returns an array with the filemounts for the user. Each filemount is represented with an array of a "name", "path" and "type". 01008 * If no filemounts an empty array is returned. 01009 * 01010 * @return array 01011 */ 01012 function returnFilemounts() { 01013 return $this->groupData['filemounts']; 01014 } 01015 01016 /** 01017 * Returns an integer bitmask that represents the permissions for file operations. 01018 * Permissions of the user and groups the user is a member of were combined by a logical OR. 01019 * 01020 * Meaning of each bit: 01021 * 1 - Files: Upload,Copy,Move,Delete,Rename 01022 * 2 - Files: Unzip 01023 * 4 - Directory: Move,Delete,Rename,New 01024 * 8 - Directory: Copy 01025 * 16 - Directory: Delete recursively (rm -Rf) 01026 * 01027 * @return integer File operation permission bitmask 01028 */ 01029 public function getFileoperationPermissions() { 01030 return $this->groupData['fileoper_perms']; 01031 } 01032 01033 /** 01034 * Returns true or false, depending if an alert popup (a javascript confirmation) should be shown 01035 * call like $GLOBALS['BE_USER']->jsConfirmation($BITMASK) 01036 * 01037 * 1 - typeChange 01038 * 2 - copy/move/paste 01039 * 4 - delete 01040 * 8 - frontend editing 01041 * 128 - other (not used yet) 01042 * 01043 * @param integer Bitmask 01044 * @return boolean true if the confirmation should be shown 01045 */ 01046 function jsConfirmation($bitmask) { 01047 $alertPopup = $GLOBALS['BE_USER']->getTSConfig('options.alertPopups'); 01048 if (empty($alertPopup['value'])) { 01049 $alertPopup = 255; // default: show all warnings 01050 } else { 01051 $alertPopup = (int)$alertPopup['value']; 01052 } 01053 if(($alertPopup&$bitmask) == $bitmask) { // show confirmation 01054 return 1; 01055 } else { // don't show confirmation 01056 return 0; 01057 } 01058 } 01059 01060 01061 01062 01063 01064 01065 01066 01067 01068 /************************************* 01069 * 01070 * Authentication methods 01071 * 01072 *************************************/ 01073 01074 01075 /** 01076 * Initializes a lot of stuff like the access-lists, database-mountpoints and filemountpoints 01077 * This method is called by ->backendCheckLogin() (from extending class t3lib_beuserauth) if the backend user login has verified OK. 01078 * Generally this is required initialization of a backend user. 01079 * 01080 * @return void 01081 * @access private 01082 * @see t3lib_TSparser 01083 */ 01084 function fetchGroupData() { 01085 if ($this->user['uid']) { 01086 01087 // Get lists for the be_user record and set them as default/primary values. 01088 $this->dataLists['modList'] = $this->user['userMods']; // Enabled Backend Modules 01089 $this->dataLists['allowed_languages'] = $this->user['allowed_languages']; // Add Allowed Languages 01090 $this->dataLists['workspace_perms'] = $this->user['workspace_perms']; // Set user value for workspace permissions. 01091 $this->dataLists['webmount_list'] = $this->user['db_mountpoints']; // Database mountpoints 01092 $this->dataLists['filemount_list'] = $this->user['file_mountpoints']; // File mountpoints 01093 $this->dataLists['fileoper_perms'] = (int)$this->user['fileoper_perms']; // Fileoperation permissions 01094 01095 // Setting default User TSconfig: 01096 $this->TSdataArray[]=$this->addTScomment('From $GLOBALS["TYPO3_CONF_VARS"]["BE"]["defaultUserTSconfig"]:'). 01097 $GLOBALS['TYPO3_CONF_VARS']['BE']['defaultUserTSconfig']; 01098 01099 // Default TSconfig for admin-users 01100 if ($this->isAdmin()) { 01101 $this->TSdataArray[]=$this->addTScomment('"admin" user presets:').' 01102 admPanel.enable.all = 1 01103 options.shortcutFrame = 1 01104 '; 01105 if (t3lib_extMgm::isLoaded('sys_note')) { 01106 $this->TSdataArray[]=' 01107 // Setting defaults for sys_note author / email... 01108 TCAdefaults.sys_note.author = '.$this->user['realName'].' 01109 TCAdefaults.sys_note.email = '.$this->user['email'].' 01110 '; 01111 } 01112 } 01113 01114 // FILE MOUNTS: 01115 // Admin users has the base fileadmin dir mounted 01116 if ($this->isAdmin() && $GLOBALS['TYPO3_CONF_VARS']['BE']['fileadminDir']) { 01117 $this->addFileMount($GLOBALS['TYPO3_CONF_VARS']['BE']['fileadminDir'], '', PATH_site.$GLOBALS['TYPO3_CONF_VARS']['BE']['fileadminDir'], 0, ''); 01118 } 01119 01120 // If userHomePath is set, we attempt to mount it 01121 if ($GLOBALS['TYPO3_CONF_VARS']['BE']['userHomePath']) { 01122 // First try and mount with [uid]_[username] 01123 $didMount=$this->addFileMount($this->user['username'], '',$GLOBALS['TYPO3_CONF_VARS']['BE']['userHomePath'].$this->user['uid'].'_'.$this->user['username'].$GLOBALS['TYPO3_CONF_VARS']['BE']['userUploadDir'], 0, 'user'); 01124 if (!$didMount) { 01125 // If that failed, try and mount with only [uid] 01126 $this->addFileMount($this->user['username'], '', $GLOBALS['TYPO3_CONF_VARS']['BE']['userHomePath'].$this->user['uid'].$GLOBALS['TYPO3_CONF_VARS']['BE']['userUploadDir'], 0, 'user'); 01127 } 01128 } 01129 01130 // BE_GROUPS: 01131 // Get the groups... 01132 # $grList = t3lib_BEfunc::getSQLselectableList($this->user[$this->usergroup_column],$this->usergroup_table,$this->usergroup_table); 01133 $grList = $GLOBALS['TYPO3_DB']->cleanIntList($this->user[$this->usergroup_column]); // 240203: Since the group-field never contains any references to groups with a prepended table name we think it's safe to just intExplode and re-implode - which should be much faster than the other function call. 01134 if ($grList) { 01135