From a9ad0b4f30abe868cc419655d322434269196323 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Ausw=C3=B6ger?= Date: Mon, 21 Jun 2021 15:30:46 +0200 Subject: [PATCH] Add extended slider permissions (#75) --- src/Resources/contao/config/config.php | 3 + .../contao/dca/tl_rocksolid_slider.php | 16 +- .../dca/tl_rocksolid_slider_license.php | 3 + src/Resources/contao/dca/tl_user.php | 35 ++ src/Resources/contao/dca/tl_user_group.php | 34 ++ src/Resources/contao/languages/de/tl_user.php | 19 + .../contao/languages/de/tl_user_group.php | 19 + src/Resources/contao/languages/en/tl_user.php | 19 + .../contao/languages/en/tl_user_group.php | 19 + src/Slider.php | 469 +++++++++++++++++- src/SliderRunonce.php | 37 +- 11 files changed, 665 insertions(+), 8 deletions(-) create mode 100644 src/Resources/contao/dca/tl_user.php create mode 100644 src/Resources/contao/dca/tl_user_group.php create mode 100644 src/Resources/contao/languages/de/tl_user.php create mode 100644 src/Resources/contao/languages/de/tl_user_group.php create mode 100644 src/Resources/contao/languages/en/tl_user.php create mode 100644 src/Resources/contao/languages/en/tl_user_group.php diff --git a/src/Resources/contao/config/config.php b/src/Resources/contao/config/config.php index aa9038e..da365e5 100644 --- a/src/Resources/contao/config/config.php +++ b/src/Resources/contao/config/config.php @@ -35,3 +35,6 @@ // TODO: Replace with migration services $GLOBALS['TL_HOOKS']['sqlCompileCommands'][] = array('MadeYourDay\\RockSolidSlider\\SliderRunonce', 'onSqlCompileCommands'); + +$GLOBALS['TL_PERMISSIONS'][] = 'rsts_sliders'; +$GLOBALS['TL_PERMISSIONS'][] = 'rsts_permissions'; diff --git a/src/Resources/contao/dca/tl_rocksolid_slider.php b/src/Resources/contao/dca/tl_rocksolid_slider.php index a4ab8bd..41680c5 100644 --- a/src/Resources/contao/dca/tl_rocksolid_slider.php +++ b/src/Resources/contao/dca/tl_rocksolid_slider.php @@ -18,6 +18,15 @@ 'ctable' => array('tl_rocksolid_slide'), 'switchToEdit' => true, 'enableVersioning' => true, + 'onload_callback' => array( + array('MadeYourDay\\RockSolidSlider\\Slider', 'onloadCallback'), + ), + 'oncreate_callback' => array( + array('MadeYourDay\\RockSolidSlider\\Slider', 'oncreateCallback') + ), + 'oncopy_callback' => array( + array('MadeYourDay\\RockSolidSlider\\Slider', 'oncopyCallback') + ), 'sql' => array( 'keys' => array( 'id' => 'primary', @@ -42,6 +51,7 @@ 'href' => 'table=tl_rocksolid_slider_license', 'class' => 'header_icon', 'icon' => 'system/themes/' . \Backend::getTheme() . '/images/settings.gif', + 'button_callback' => array('MadeYourDay\\RockSolidSlider\\Slider', 'sliderLicenseButton'), ), 'all' => array( 'label' => &$GLOBALS['TL_LANG']['MSC']['all'], @@ -67,13 +77,15 @@ 'copy' => array( 'label' => &$GLOBALS['TL_LANG']['tl_rocksolid_slider']['copy'], 'href' => 'act=copy', - 'icon' => 'copy.gif', + 'icon' => 'copy.svg', + 'button_callback' => array('MadeYourDay\\RockSolidSlider\\Slider', 'copySliderIcon'), ), 'delete' => array( 'label' => &$GLOBALS['TL_LANG']['tl_rocksolid_slider']['delete'], 'href' => 'act=delete', - 'icon' => 'delete.gif', + 'icon' => 'delete.svg', 'attributes' => 'onclick="if(!confirm(\'' . ($GLOBALS['TL_LANG']['MSC']['deleteConfirm'] ?? '') . '\'))return false;Backend.getScrollOffset()"', + 'button_callback' => array('MadeYourDay\\RockSolidSlider\\Slider', 'deleteSliderIcon'), ), 'show' => array( 'label' => &$GLOBALS['TL_LANG']['tl_rocksolid_slider']['show'], diff --git a/src/Resources/contao/dca/tl_rocksolid_slider_license.php b/src/Resources/contao/dca/tl_rocksolid_slider_license.php index 8cdad02..ee23aca 100644 --- a/src/Resources/contao/dca/tl_rocksolid_slider_license.php +++ b/src/Resources/contao/dca/tl_rocksolid_slider_license.php @@ -16,6 +16,9 @@ 'config' => array( 'dataContainer' => 'File', 'closed' => true, + 'onload_callback' => array( + array('MadeYourDay\\RockSolidSlider\\Slider', 'licenseOnloadCallback'), + ), ), 'list' => array( diff --git a/src/Resources/contao/dca/tl_user.php b/src/Resources/contao/dca/tl_user.php new file mode 100644 index 0000000..700fc97 --- /dev/null +++ b/src/Resources/contao/dca/tl_user.php @@ -0,0 +1,35 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +use Contao\CoreBundle\DataContainer\PaletteManipulator; + +PaletteManipulator::create() + ->addLegend('rsts_slider_legend', 'amg_legend', PaletteManipulator::POSITION_BEFORE) + ->addField(array('rsts_sliders', 'rsts_permissions'), 'rsts_slider_legend', PaletteManipulator::POSITION_APPEND) + ->applyToPalette('extend', 'tl_user') + ->applyToPalette('custom', 'tl_user') +; + +$GLOBALS['TL_DCA']['tl_user']['config']['onload_callback'][] = array('MadeYourDay\\RockSolidSlider\\Slider', 'userOnloadCallback'); + +$GLOBALS['TL_DCA']['tl_user']['fields']['rsts_sliders'] = array( + 'exclude' => true, + 'inputType' => 'checkbox', + 'foreignKey' => 'tl_rocksolid_slider.name', + 'eval' => array('multiple' => true), + 'sql' => "blob NULL", +); + +$GLOBALS['TL_DCA']['tl_user']['fields']['rsts_permissions'] = array( + 'exclude' => true, + 'inputType' => 'checkbox', + 'options' => array('create', 'delete'), + 'reference' => &$GLOBALS['TL_LANG']['MSC'], + 'eval' => array('multiple' => true), + 'sql' => "blob NULL", +); diff --git a/src/Resources/contao/dca/tl_user_group.php b/src/Resources/contao/dca/tl_user_group.php new file mode 100644 index 0000000..e53747e --- /dev/null +++ b/src/Resources/contao/dca/tl_user_group.php @@ -0,0 +1,34 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +use Contao\CoreBundle\DataContainer\PaletteManipulator; + +PaletteManipulator::create() + ->addLegend('rsts_slider_legend', 'amg_legend', PaletteManipulator::POSITION_BEFORE) + ->addField(array('rsts_sliders', 'rsts_permissions'), 'rsts_slider_legend', PaletteManipulator::POSITION_APPEND) + ->applyToPalette('default', 'tl_user_group') +; + +$GLOBALS['TL_DCA']['tl_user_group']['config']['onload_callback'][] = array('MadeYourDay\\RockSolidSlider\\Slider', 'userGroupOnloadCallback'); + +$GLOBALS['TL_DCA']['tl_user_group']['fields']['rsts_sliders'] = array( + 'exclude' => true, + 'inputType' => 'checkbox', + 'foreignKey' => 'tl_rocksolid_slider.name', + 'eval' => array('multiple' => true), + 'sql' => "blob NULL", +); + +$GLOBALS['TL_DCA']['tl_user_group']['fields']['rsts_permissions'] = array( + 'exclude' => true, + 'inputType' => 'checkbox', + 'options' => array('create', 'delete'), + 'reference' => &$GLOBALS['TL_LANG']['MSC'], + 'eval' => array('multiple' => true), + 'sql' => "blob NULL", +); diff --git a/src/Resources/contao/languages/de/tl_user.php b/src/Resources/contao/languages/de/tl_user.php new file mode 100644 index 0000000..7be7c65 --- /dev/null +++ b/src/Resources/contao/languages/de/tl_user.php @@ -0,0 +1,19 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +/** + * RockSolid Slider module translations + * + * @author Martin Auswöger + */ + +$GLOBALS['TL_LANG']['tl_user']['rsts_slider_legend'] = 'RockSolid Slider'; +$GLOBALS['TL_LANG']['tl_user']['rsts_sliders'][0] = 'Erlaubte Slider'; +$GLOBALS['TL_LANG']['tl_user']['rsts_sliders'][1] = 'Hier können Sie den Zugriff auf einen oder mehrere Slider erlauben.'; +$GLOBALS['TL_LANG']['tl_user']['rsts_permissions'][0] = 'Sliderrechte'; +$GLOBALS['TL_LANG']['tl_user']['rsts_permissions'][1] = 'Hier können Sie die Sliderrechte festlegen.'; diff --git a/src/Resources/contao/languages/de/tl_user_group.php b/src/Resources/contao/languages/de/tl_user_group.php new file mode 100644 index 0000000..3fbfcd0 --- /dev/null +++ b/src/Resources/contao/languages/de/tl_user_group.php @@ -0,0 +1,19 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +/** + * RockSolid Slider module translations + * + * @author Martin Auswöger + */ + +$GLOBALS['TL_LANG']['tl_user_group']['rsts_slider_legend'] = 'RockSolid Slider'; +$GLOBALS['TL_LANG']['tl_user_group']['rsts_sliders'][0] = 'Erlaubte Slider'; +$GLOBALS['TL_LANG']['tl_user_group']['rsts_sliders'][1] = 'Hier können Sie den Zugriff auf einen oder mehrere Slider erlauben.'; +$GLOBALS['TL_LANG']['tl_user_group']['rsts_permissions'][0] = 'Sliderrechte'; +$GLOBALS['TL_LANG']['tl_user_group']['rsts_permissions'][1] = 'Hier können Sie die Sliderrechte festlegen.'; diff --git a/src/Resources/contao/languages/en/tl_user.php b/src/Resources/contao/languages/en/tl_user.php new file mode 100644 index 0000000..a4c2e2b --- /dev/null +++ b/src/Resources/contao/languages/en/tl_user.php @@ -0,0 +1,19 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +/** + * RockSolid Slider module translations + * + * @author Martin Auswöger + */ + +$GLOBALS['TL_LANG']['tl_user']['rsts_slider_legend'] = 'RockSolid Slider'; +$GLOBALS['TL_LANG']['tl_user']['rsts_sliders'][0] = 'Allowed sliders'; +$GLOBALS['TL_LANG']['tl_user']['rsts_sliders'][1] = 'Here you can grant access to one or more sliders.'; +$GLOBALS['TL_LANG']['tl_user']['rsts_permissions'][0] = 'Slider permissions'; +$GLOBALS['TL_LANG']['tl_user']['rsts_permissions'][1] = 'Here you can define the slider permissions.'; diff --git a/src/Resources/contao/languages/en/tl_user_group.php b/src/Resources/contao/languages/en/tl_user_group.php new file mode 100644 index 0000000..39d3e4e --- /dev/null +++ b/src/Resources/contao/languages/en/tl_user_group.php @@ -0,0 +1,19 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +/** + * RockSolid Slider module translations + * + * @author Martin Auswöger + */ + +$GLOBALS['TL_LANG']['tl_user_group']['rsts_slider_legend'] = 'RockSolid Slider'; +$GLOBALS['TL_LANG']['tl_user_group']['rsts_sliders'][0] = 'Allowed sliders'; +$GLOBALS['TL_LANG']['tl_user_group']['rsts_sliders'][1] = 'Here you can grant access to one or more sliders.'; +$GLOBALS['TL_LANG']['tl_user_group']['rsts_permissions'][0] = 'Slider permissions'; +$GLOBALS['TL_LANG']['tl_user_group']['rsts_permissions'][1] = 'Here you can define the slider permissions.'; diff --git a/src/Slider.php b/src/Slider.php index 3271d40..5207a88 100644 --- a/src/Slider.php +++ b/src/Slider.php @@ -8,6 +8,11 @@ namespace MadeYourDay\RockSolidSlider; +use Contao\BackendUser; +use Contao\CoreBundle\Exception\AccessDeniedException; +use Contao\Input; +use Contao\StringUtil; +use Contao\System; use MadeYourDay\RockSolidSlider\Module\SliderEvents; /** @@ -65,6 +70,15 @@ public function toggleVisibility($intId, $blnVisible) $this->createNewVersion('tl_rocksolid_slide', $intId); } + public function sliderLicenseButton($href, $label, $title, $class, $attributes) + { + if (!($user = BackendUser::getInstance()) || !$user->isAdmin) { + return ''; + } + + return '' . $label . ' '; + } + /** * Return the "edit slider" button */ @@ -77,6 +91,32 @@ public function editSliderIcon($row, $href, $label, $title, $icon, $attributes) return '' . \Image::getHtml($icon, $label) . ' '; } + /** + * Return the "copy slider" button + */ + public function copySliderIcon($row, $href, $label, $title, $icon, $attributes) + { + $href .= '&id=' . $row['id']; + if (!($user = BackendUser::getInstance()) || !(static::canSkipPermissionCheck($user) || $user->hasAccess('create', 'rsts_permissions'))) { + return \Image::getHtml(preg_replace('/\.svg$/i', '_.svg', $icon), $label) . ' '; + } + + return '' . \Image::getHtml($icon, $label) . ' '; + } + + /** + * Return the "delete slider" button + */ + public function deleteSliderIcon($row, $href, $label, $title, $icon, $attributes) + { + $href .= '&id=' . $row['id']; + if (!($user = BackendUser::getInstance()) || !(static::canSkipPermissionCheck($user) || $user->hasAccess('delete', 'rsts_permissions'))) { + return \Image::getHtml(preg_replace('/\.svg$/i', '_.svg', $icon), $label) . ' '; + } + + return '' . \Image::getHtml($icon, $label) . ' '; + } + /** * Return the "edit slide" button */ @@ -135,6 +175,37 @@ public function headerCallbackContent($headerFields, $dc) return $headerFields; } + /** + * Check access to a particular content element + * + * @param integer $id + * @param array $root + * @param boolean $blnIsPid + * + * @throws AccessDeniedException + */ + protected function checkAccessToContentElement($id, $root, $blnIsPid=false) + { + if ($blnIsPid) { + $objArchive = $this->Database->prepare("SELECT a.id, n.id AS nid FROM tl_rocksolid_slide n, tl_rocksolid_slider a WHERE n.id=? AND n.pid=a.id") + ->limit(1) + ->execute($id); + } else { + $objArchive = $this->Database->prepare("SELECT a.id, n.id AS nid FROM tl_content c, tl_rocksolid_slide n, tl_rocksolid_slider a WHERE c.id=? AND c.pid=n.id AND n.pid=a.id") + ->limit(1) + ->execute($id); + } + + // Invalid ID + if ($objArchive->numRows < 1) { + throw new AccessDeniedException('Invalid slider content element ID ' . $id . '.'); + } + + if (!in_array($objArchive->id, $root)) { + throw new AccessDeniedException('Not enough permissions to modify slide ID ' . $objArchive->nid . ' in slider ID ' . $objArchive->id . '.'); + } + } + /** * Add the type of input field * @@ -159,6 +230,11 @@ public function getSliderIds() $arrSliders[$objSliders->id] = $objSliders->name; } + if (($user = BackendUser::getInstance()) && !static::canSkipPermissionCheck($user)) { + $userSliders = StringUtil::deserialize($user->rsts_sliders, true); + $arrSliders = array_intersect_key($arrSliders, array_combine($userSliders, $userSliders)); + } + return $arrSliders; } @@ -226,7 +302,7 @@ protected function removeProFields($table, $fields = array(), $legends = array() } $GLOBALS['TL_DCA'][$table]['fields']['rsts_getPro'] = array( 'input_field_callback' => function() { - return '
' + return '
' . sprintf($GLOBALS['TL_LANG']['tl_rocksolid_slider']['proLegendDescription'], 'contao/main.php?do=rocksolid_slider&table=tl_rocksolid_slider_license&ref=' . TL_REFERER_ID) . '
'; }, @@ -234,6 +310,187 @@ protected function removeProFields($table, $fields = array(), $legends = array() } } + /** + * On load callback for tl_rocksolid_slider + * + * @param \DataContainer $dc + * @return void + */ + public function onloadCallback($dc) + { + $user = BackendUser::getInstance(); + + if (static::canSkipPermissionCheck($user)) { + return; + } + + // Set root IDs + if (empty($user->rsts_sliders) || !is_array($user->rsts_sliders)) { + $root = array(0); + } else { + $root = $user->rsts_sliders; + } + + $GLOBALS['TL_DCA']['tl_rocksolid_slider']['list']['sorting']['root'] = $root; + + // Check permissions to add archives + if (!$user->hasAccess('create', 'rsts_permissions')) { + $GLOBALS['TL_DCA']['tl_rocksolid_slider']['config']['closed'] = true; + $GLOBALS['TL_DCA']['tl_rocksolid_slider']['config']['notCreatable'] = true; + $GLOBALS['TL_DCA']['tl_rocksolid_slider']['config']['notCopyable'] = true; + } + + // Check permissions to delete calendars + if (!$user->hasAccess('delete', 'rsts_permissions')) { + $GLOBALS['TL_DCA']['tl_rocksolid_slider']['config']['notDeletable'] = true; + } + + /** @var SessionInterface $objSession */ + $objSession = System::getContainer()->get('session'); + + // Check current action + switch (Input::get('act')) { + case 'select': + // Allow + break; + + case 'create': + if (!$user->hasAccess('create', 'rsts_permissions')) { + throw new AccessDeniedException('Not enough permissions to create sliders.'); + } + break; + + case 'edit': + case 'copy': + case 'delete': + case 'show': + if (!in_array(Input::get('id'), $root) || (Input::get('act') == 'delete' && !$user->hasAccess('delete', 'rsts_permissions'))) { + throw new AccessDeniedException('Not enough permissions to ' . Input::get('act') . ' slider ID ' . Input::get('id') . '.'); + } + break; + + case 'editAll': + case 'deleteAll': + case 'overrideAll': + case 'copyAll': + $session = $objSession->all(); + + if (Input::get('act') == 'deleteAll' && !$user->hasAccess('delete', 'rsts_permissions')) { + $session['CURRENT']['IDS'] = array(); + } else { + $session['CURRENT']['IDS'] = array_intersect((array) $session['CURRENT']['IDS'], $root); + } + $objSession->replace($session); + break; + + default: + if (Input::get('act')) { + throw new AccessDeniedException('Not enough permissions to ' . Input::get('act') . ' sliders.'); + } + break; + } + } + + /** + * On create callback for tl_rocksolid_slider + * + * @param \DataContainer $dc + * @return void + */ + public function oncreateCallback($table, $insertId, $row, $dc) + { + $user = BackendUser::getInstance(); + + if (static::canSkipPermissionCheck($user)) { + return; + } + + // Set root IDs + if (empty($user->rsts_sliders) || !is_array($user->rsts_sliders)) { + $root = array(0); + } else { + $root = $user->rsts_sliders; + } + + // The archive is enabled already + if (in_array($insertId, $root)) { + return; + } + + /** @var AttributeBagInterface $objSessionBag */ + $objSessionBag = System::getContainer()->get('session')->getBag('contao_backend'); + + $arrNew = $objSessionBag->get('new_records'); + + if (is_array($arrNew['tl_rocksolid_slider']) && in_array($insertId, $arrNew['tl_rocksolid_slider'])) { + // Add the permissions on group level + if ($user->inherit != 'custom') { + $objGroup = $this->Database->execute("SELECT id, rsts_sliders, rsts_permissions FROM tl_user_group WHERE id IN(" . implode(',', array_map('\intval', $user->groups)) . ")"); + + while ($objGroup->next()) { + $arrPermissions = StringUtil::deserialize($objGroup->rsts_permissions); + + if (is_array($arrPermissions) && in_array('create', $arrPermissions)) { + $arrSliders = StringUtil::deserialize($objGroup->rsts_sliders, true); + $arrSliders[] = $insertId; + + $this->Database->prepare("UPDATE tl_user_group SET rsts_sliders=? WHERE id=?") + ->execute(serialize($arrSliders), $objGroup->id); + } + } + } + + // Add the permissions on user level + if ($user->inherit != 'group') { + $objUser = $this->Database->prepare("SELECT rsts_sliders, rsts_permissions FROM tl_user WHERE id=?") + ->limit(1) + ->execute($user->id); + + $arrPermissions = StringUtil::deserialize($objUser->rsts_permissions); + + if (is_array($arrPermissions) && in_array('create', $arrPermissions)) { + $arrSliders = StringUtil::deserialize($objUser->rsts_sliders, true); + $arrSliders[] = $insertId; + + $this->Database->prepare("UPDATE tl_user SET rsts_sliders=? WHERE id=?") + ->execute(serialize($arrSliders), $user->id); + } + } + + // Add the new element to the user object + $root[] = $insertId; + $user->rsts_sliders = $root; + } + } + + /** + * On copy callback for tl_rocksolid_slider + * + * @param \DataContainer $dc + * @return void + */ + public function oncopyCallback($insertId, $dc) + { + return $this->oncreateCallback($dc->table, $insertId, [], $dc); + } + + /** + * On load callback for tl_rocksolid_slider_license + * + * @param \DataContainer $dc + * @return void + */ + public function licenseOnloadCallback($dc) + { + $user = BackendUser::getInstance(); + + if ($user->isAdmin) { + return; + } + + throw new AccessDeniedException('Not enough permissions to access slider license key settings.'); + } + /** * On load callback for tl_rocksolid_slide * @@ -245,6 +502,107 @@ public function slideOnloadCallback($dc) if (!static::checkLicense()) { $this->removeProFields($dc->table, array('videos', 'centerContent', 'autoplay'), array('background_legend')); } + + $user = BackendUser::getInstance(); + + if (static::canSkipPermissionCheck($user)) { + return; + } + + // Set the root IDs + if (empty($user->rsts_sliders) || !is_array($user->rsts_sliders)) { + $root = array(0); + } else { + $root = $user->rsts_sliders; + } + + $id = strlen(Input::get('id')) ? Input::get('id') : CURRENT_ID; + + // Check current action + switch (Input::get('act')) { + case 'paste': + case 'select': + if (!in_array(CURRENT_ID, $root)) { + throw new AccessDeniedException('Not enough permissions to access slider ID ' . $id . '.'); + } + break; + + case 'create': + if (!Input::get('pid') || !in_array(Input::get('pid'), $root)) { + throw new AccessDeniedException('Not enough permissions to create slides in slider ID ' . Input::get('pid') . '.'); + } + break; + + case 'cut': + case 'copy': + if (Input::get('act') == 'cut' && Input::get('mode') == 1) { + $objArchive = $this->Database->prepare("SELECT pid FROM tl_rocksolid_slide WHERE id=?") + ->limit(1) + ->execute(Input::get('pid')); + + if ($objArchive->numRows < 1) + { + throw new AccessDeniedException('Invalid slide ID ' . Input::get('pid') . '.'); + } + + $pid = $objArchive->pid; + } else { + $pid = Input::get('pid'); + } + + if (!in_array($pid, $root)) { + throw new AccessDeniedException('Not enough permissions to ' . Input::get('act') . ' slide ID ' . $id . ' to slider ID ' . $pid . '.'); + } + // no break + + case 'edit': + case 'show': + case 'delete': + case 'toggle': + case 'feature': + $objArchive = $this->Database->prepare("SELECT pid FROM tl_rocksolid_slide WHERE id=?") + ->limit(1) + ->execute($id); + + if ($objArchive->numRows < 1) { + throw new AccessDeniedException('Invalid slide ID ' . $id . '.'); + } + + if (!in_array($objArchive->pid, $root)) { + throw new AccessDeniedException('Not enough permissions to ' . Input::get('act') . ' slide ID ' . $id . ' of slider ID ' . $objArchive->pid . '.'); + } + break; + + case 'editAll': + case 'deleteAll': + case 'overrideAll': + case 'cutAll': + case 'copyAll': + if (!in_array($id, $root)) { + throw new AccessDeniedException('Not enough permissions to access slider ID ' . $id . '.'); + } + + $objArchive = $this->Database->prepare("SELECT id FROM tl_rocksolid_slide WHERE pid=?") + ->execute($id); + + /** @var SessionInterface $objSession */ + $objSession = System::getContainer()->get('session'); + + $session = $objSession->all(); + $session['CURRENT']['IDS'] = array_intersect((array) $session['CURRENT']['IDS'], $objArchive->fetchEach('id')); + $objSession->replace($session); + break; + + default: + if (Input::get('act')) { + throw new AccessDeniedException('Invalid command "' . Input::get('act') . '".'); + } + + if (!in_array($id, $root)) { + throw new AccessDeniedException('Not enough permissions to access slider ID ' . $id . '.'); + } + break; + } } /** @@ -259,6 +617,8 @@ public function contentOnloadCallback($dc) $this->removeProFields($dc->table, array('rsts_content_type', 'rsts_direction', 'rsts_centerContent'), array('rsts_carousel_legend')); } + $this->contentCheckPermission(); + if (!$dc->id) { return; } @@ -275,6 +635,68 @@ public function contentOnloadCallback($dc) } } + private function contentCheckPermission() + { + if (Input::get('do') !== 'rocksolid_slider') { + return; + } + + $user = BackendUser::getInstance(); + + if (static::canSkipPermissionCheck($user)) { + return; + } + + // Set the root IDs + if (empty($user->rsts_sliders) || !is_array($user->rsts_sliders)) { + $root = array(0); + } else { + $root = $user->rsts_sliders; + } + + // Check the current action + switch (Input::get('act')) { + case '': // empty + case 'paste': + case 'create': + case 'select': + $this->checkAccessToContentElement(CURRENT_ID, $root, true); + break; + + case 'editAll': + case 'deleteAll': + case 'overrideAll': + case 'cutAll': + case 'copyAll': + // Check access to the parent element if a content element is moved + if (in_array(Input::get('act'), array('cutAll', 'copyAll'))) { + $this->checkAccessToContentElement(Input::get('pid'), $root, (Input::get('mode') == 2)); + } + + $objCes = $this->Database->prepare("SELECT id FROM tl_content WHERE ptable='tl_rocksolid_slide' AND pid=?") + ->execute(CURRENT_ID); + + /** @var SessionInterface $objSession */ + $objSession = System::getContainer()->get('session'); + + $session = $objSession->all(); + $session['CURRENT']['IDS'] = array_intersect((array) $session['CURRENT']['IDS'], $objCes->fetchEach('id')); + $objSession->replace($session); + break; + + case 'cut': + case 'copy': + // Check access to the parent element if a content element is moved + $this->checkAccessToContentElement(Input::get('pid'), $root, (Input::get('mode') == 2)); + // no break + + default: + // Check access to the content element + $this->checkAccessToContentElement(Input::get('id'), $root); + break; + } + } + /** * On load callback for tl_module * @@ -303,6 +725,32 @@ public function moduleOnloadCallback($dc) } } + /** + * On load callback for tl_user + * + * @param \DataContainer $dc + * @return void + */ + public function userOnloadCallback($dc) + { + if (!static::checkLicense()) { + $this->removeProFields($dc->table, array(), array('rsts_slider_legend')); + } + } + + /** + * On load callback for tl_user_group + * + * @param \DataContainer $dc + * @return void + */ + public function userGroupOnloadCallback($dc) + { + if (!static::checkLicense()) { + $this->removeProFields($dc->table, array(), array('rsts_slider_legend')); + } + } + /** * parseFrontendTemplate hook for SliderEvents::getEventItems() * @@ -365,4 +813,23 @@ public static function checkLicense($license = null) return false; } + + public static function canSkipPermissionCheck(BackendUser $user): bool + { + if ($user->isAdmin) { + return true; + } + + // Active license means permissions feature is enabled + if (static::checkLicense()) { + return false; + } + + // Still check permissions if set previously with an active license + if (!empty($user->rsts_permissions) || !empty($user->rsts_sliders)) { + return false; + } + + return true; + } } diff --git a/src/SliderRunonce.php b/src/SliderRunonce.php index 931bef3..aed5e83 100644 --- a/src/SliderRunonce.php +++ b/src/SliderRunonce.php @@ -17,17 +17,15 @@ class SliderRunonce { public function onSqlCompileCommands($sql) { - static::run(); - - return $sql; + return static::run($sql); } /** * Run database migrations * - * @return void + * @return array */ - public static function run() + public static function run($sql = []) { $database = \Database::getInstance(); @@ -137,5 +135,34 @@ public static function run() "); } } + + // Initialize the permissions fields + if ( + Slider::checkLicense() + && $database->tableExists('tl_rocksolid_slider') + && $database->tableExists('tl_user') + && $database->tableExists('tl_user_group') + && !$database->fieldExists('rsts_sliders', 'tl_user') + && !$database->fieldExists('rsts_permissions', 'tl_user') + && !$database->fieldExists('rsts_sliders', 'tl_user_group') + && !$database->fieldExists('rsts_permissions', 'tl_user_group') + ) { + $defaultPermissions = serialize(['create', 'delete']); + $defaultSliders = serialize(array_values($database->query("SELECT id FROM tl_rocksolid_slider")->fetchEach('id'))); + foreach (['tl_user', 'tl_user_group'] as $table) { + foreach ([ + "ALTER TABLE $table ADD rsts_permissions BLOB DEFAULT NULL", + "ALTER TABLE $table ADD rsts_sliders BLOB DEFAULT NULL", + ] as $query) { + if (($key = array_search($query, $sql['ALTER_ADD'] ?? [], true)) !== false) { + unset($sql['ALTER_ADD'][$key]); + } + $database->query($query); + } + $database->prepare("UPDATE $table SET rsts_permissions = ?, rsts_sliders = ?")->execute($defaultPermissions, $defaultSliders); + } + } + + return $sql; } }