first commit

Classes/IndexQueue/FrontendHelper/AuthorizationService.php

@@ -0,0 +1,126 @@
+<?php
+namespace WapplerSystems\Meilisearch\IndexQueue\FrontendHelper;
+
+/***************************************************************
+ *  Copyright notice
+ *
+ *  (c) 2011-2015 Ingo Renner <ingo@typo3.org>
+ *  All rights reserved
+ *
+ *  This script is part of the TYPO3 project. The TYPO3 project is
+ *  free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  The GNU General Public License can be found at
+ *  http://www.gnu.org/copyleft/gpl.html.
+ *
+ *  This script is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  This copyright notice MUST APPEAR in all copies of the script!
+ ***************************************************************/
+
+use WapplerSystems\Meilisearch\Access\Rootline;
+use WapplerSystems\Meilisearch\IndexQueue\PageIndexerRequestHandler;
+use TYPO3\CMS\Core\Utility\GeneralUtility;
+use TYPO3\CMS\Core\Authentication\AbstractAuthenticationService;
+
+/**
+ * Authentication service to authorize the Index Queue page indexer to access
+ * protected pages.
+ *
+ * @author Ingo Renner <ingo@typo3.org>
+ */
+class AuthorizationService extends AbstractAuthenticationService
+{
+
+    /**
+     * User used when authenticating the page indexer for protected pages,
+     * to allow the indexer to access and protected content. May also allow to
+     * identify requests by the page indexer.
+     *
+     * @var string
+     */
+    const SOLR_INDEXER_USERNAME = '__SolrIndexerUser__';
+
+    /**
+     * Gets a fake frontend user record to allow access to protected pages.
+     *
+     * @return array An array representing a frontend user.
+     */
+    public function getUser()
+    {
+        return [
+            'uid' => 0,
+            'username' => self::SOLR_INDEXER_USERNAME,
+            'authenticated' => true
+        ];
+    }
+
+    /**
+     * Authenticates the page indexer frontend user to grant it access to
+     * protected pages and page content.
+     *
+     * Returns 200 which automatically grants access for the current fake page
+     * indexer user. A status of >= 200 also tells TYPO3 that it doesn't need to
+     * conduct other services that might be registered for "their opinion"
+     * whether a user is authenticated.
+     *
+     * @see \TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::checkAuthentication()
+     * @param array $user Array of user data
+     * @return int Returns 200 to grant access for the page indexer.
+     */
+    public function authUser($user)
+    {
+        // shouldn't happen, but in case we get a regular user we just
+        // pass it on to another (regular) auth service
+        $authenticationLevel = 100;
+
+        if ($user['username'] == self::SOLR_INDEXER_USERNAME) {
+            $authenticationLevel = 200;
+        }
+
+        return $authenticationLevel;
+    }
+
+    /**
+     * Creates user group records so that the page indexer is granted access to
+     * protected pages.
+     *
+     * @param array $user Data of user.
+     * @param array $knownGroups Group data array of already known groups. This is handy if you want select other related groups. Keys in this array are unique IDs of those groups.
+     * @return mixed Groups array, keys = uid which must be unique
+     */
+    public function getGroups(
+        $user,
+        /** @noinspection PhpUnusedParameterInspection */
+        $knownGroups
+    ) {
+        $groupData = [];
+
+            /** @var $requestHandler PageIndexerRequestHandler */
+        $requestHandler = GeneralUtility::makeInstance(PageIndexerRequestHandler::class);
+        $accessRootline = $requestHandler->getRequest()->getParameter('accessRootline');
+
+        if ($user['username'] == self::SOLR_INDEXER_USERNAME && !empty($accessRootline)) {
+            $accessRootline = GeneralUtility::makeInstance(Rootline::class, /** @scrutinizer ignore-type */ $accessRootline);
+            $groups = $accessRootline->getGroups();
+
+            foreach ($groups as $groupId) {
+                // faking a user group record
+                $groupData[] = [
+                    'uid' => $groupId,
+                    'pid' => 0,
+                    'title' => '__SolrIndexerGroup__',
+                    'TSconfig' => ''
+                ];
+            }
+        }
+
+        return $groupData;
+    }
+}