From 384b5018bd8fdfcf482d412236c535fe34183457 Mon Sep 17 00:00:00 2001 From: Oliver Gassner Date: Fri, 28 Mar 2025 12:52:30 +0100 Subject: [PATCH 1/2] [TASK] Add Filemount Permissions --- Classes/AttachPermissionsToGroups.php | 31 ++++++++++++++++++++++++++- Classes/PermissionSet.php | 8 +++++++ README.md | 8 +++++++ 3 files changed, 46 insertions(+), 1 deletion(-) diff --git a/Classes/AttachPermissionsToGroups.php b/Classes/AttachPermissionsToGroups.php index aba2630..02eebe3 100644 --- a/Classes/AttachPermissionsToGroups.php +++ b/Classes/AttachPermissionsToGroups.php @@ -13,14 +13,19 @@ namespace B13\PermissionSets; use TYPO3\CMS\Backend\Module\ModuleProvider; +use TYPO3\CMS\Core\Database\Connection; use TYPO3\CMS\Core\Authentication\Event\AfterGroupsResolvedEvent; use TYPO3\CMS\Core\Authentication\Mfa\MfaProviderRegistry; +use TYPO3\CMS\Core\Database\ConnectionPool; use TYPO3\CMS\Core\Exception\SiteNotFoundException; use TYPO3\CMS\Core\Package\PackageManager; use TYPO3\CMS\Core\Site\SiteFinder; use TYPO3\CMS\Core\TypoScript\TypoScriptService; use TYPO3\CMS\Core\Utility\ArrayUtility; use TYPO3\CMS\Core\Utility\GeneralUtility; +use TYPO3\CMS\Core\Database\Query\Restriction\DeletedRestriction; +use TYPO3\CMS\Core\Database\Query\Restriction\HiddenRestriction; +use TYPO3\CMS\Core\Database\Query\Restriction\RootLevelRestriction; use TYPO3\CMS\Core\Utility\MathUtility; use TYPO3\CMS\Dashboard\WidgetRegistry; @@ -35,7 +40,8 @@ public function __construct( private ModuleProvider $moduleProvider, private TypoScriptService $typoScriptService, private MfaProviderRegistry $mfaProviderRegistry, - private PackageManager $packageManager + private PackageManager $packageManager, + private ConnectionPool $connectionPool, ) {} public function __invoke(AfterGroupsResolvedEvent $event) @@ -98,6 +104,29 @@ private function expandGroupPermissionsWithPermissionSet(array $group, Permissio $group['db_mountpoints'] .= ',' . implode(',', $finalSitesAndPages); } + if ($permissionSet->getAllowedFileMounts()) { + $fileMounts = $permissionSet->getAllowedFileMounts(); + if ($fileMounts){ + $queryBuilder = $this->connectionPool->getQueryBuilderForTable('sys_filemounts'); + $queryBuilder->getRestrictions() + ->add(GeneralUtility::makeInstance(\TYPO3\CMS\Core\Database\Query\Restriction\DeletedRestriction::class)) + ->add(GeneralUtility::makeInstance(DeletedRestriction::class)) + ->add(GeneralUtility::makeInstance(HiddenRestriction::class)) + ->add(GeneralUtility::makeInstance(RootLevelRestriction::class)); + + $queryBuilder->select('uid') + ->from('sys_filemounts') + ->where( + $queryBuilder->expr()->in('title', $queryBuilder->createNamedParameter($fileMounts, Connection::PARAM_STR_ARRAY)) + ); + } + $fileMountRecords = $queryBuilder->executeQuery()->fetchAllAssociative(); + if ($fileMountRecords) { + $fileMountIds = array_column($fileMountRecords, 'uid'); + $group['file_mountpoints'] .= ',' . implode(',', $fileMountIds); + } + } + if ($permissionSet->getAllowedFilePermissions()) { $group['file_permissions'] .= ',' . implode(',', $permissionSet->getAllowedFilePermissions()); } diff --git a/Classes/PermissionSet.php b/Classes/PermissionSet.php index ddf16a6..c4f04ce 100644 --- a/Classes/PermissionSet.php +++ b/Classes/PermissionSet.php @@ -43,6 +43,14 @@ public function getAllowedSitesAndPages(): ?array return null; } + public function getAllowedFileMounts(): ?array + { + if (isset($this->instructions['filemounts'])) { + return $this->instructions['filemounts']; + } + return null; + } + public function getAllowedFilePermissions(): ?array { if (isset($this->instructions['files'])) { diff --git a/README.md b/README.md index f1fdca7..03a42bd 100644 --- a/README.md +++ b/README.md @@ -116,6 +116,14 @@ files: - recursiveDeleteFolder ``` +### Filemount Permissions + +``` +filemounts: + - 'data' + - 'images' +``` + ### Sites ``` From 82fe34e8c71535fe98e2401d3198f8d72b8f8289 Mon Sep 17 00:00:00 2001 From: Oliver Gassner Date: Fri, 28 Mar 2025 13:10:44 +0100 Subject: [PATCH 2/2] [TASk] Add Permissions f. Categorymounts --- Classes/AttachPermissionsToGroups.php | 23 +++++++++++++++++++++++ Classes/PermissionSet.php | 8 ++++++++ README.md | 8 ++++++++ 3 files changed, 39 insertions(+) diff --git a/Classes/AttachPermissionsToGroups.php b/Classes/AttachPermissionsToGroups.php index 02eebe3..f65b89d 100644 --- a/Classes/AttachPermissionsToGroups.php +++ b/Classes/AttachPermissionsToGroups.php @@ -127,6 +127,29 @@ private function expandGroupPermissionsWithPermissionSet(array $group, Permissio } } + if ($permissionSet->getAllowedCategories()) { + $allowedCategories = $permissionSet->getAllowedCategories(); + if ($allowedCategories) { + $queryBuilder = $this->connectionPool->getQueryBuilderForTable('sys_category'); + $queryBuilder->getRestrictions() + ->add(GeneralUtility::makeInstance(\TYPO3\CMS\Core\Database\Query\Restriction\DeletedRestriction::class)) + ->add(GeneralUtility::makeInstance(DeletedRestriction::class)) + ->add(GeneralUtility::makeInstance(HiddenRestriction::class)); + $queryBuilder->select('uid') + ->from('sys_category') + ->where( + $queryBuilder->expr()->in('title', $queryBuilder->createNamedParameter($allowedCategories, Connection::PARAM_STR_ARRAY)) + ); + $categoryRecords = $queryBuilder->executeQuery()->fetchAllAssociative(); + if ($categoryRecords) { + $allowedCategoryKeys = array_column($categoryRecords, 'uid'); + $group['category_perms'] .= ',' . implode(',', $allowedCategoryKeys); + } + } + } + + + if ($permissionSet->getAllowedFilePermissions()) { $group['file_permissions'] .= ',' . implode(',', $permissionSet->getAllowedFilePermissions()); } diff --git a/Classes/PermissionSet.php b/Classes/PermissionSet.php index c4f04ce..d56ef51 100644 --- a/Classes/PermissionSet.php +++ b/Classes/PermissionSet.php @@ -51,6 +51,14 @@ public function getAllowedFileMounts(): ?array return null; } + public function getAllowedCategories(): ?array + { + if (isset($this->instructions['categories'])) { + return $this->instructions['categories']; + } + return null; + } + public function getAllowedFilePermissions(): ?array { if (isset($this->instructions['files'])) { diff --git a/README.md b/README.md index 03a42bd..4731e3c 100644 --- a/README.md +++ b/README.md @@ -135,6 +135,14 @@ sites: - 13 ``` +### Category Mounts + +``` +categories: + - category1 + - category2 +``` + ### UserTsConfig UserTsConfig is merged automatically with the users' / user group