meilisearch/Classes/IndexQueue/FrontendHelper/AuthorizationService.php

<?php
namespace WapplerSystems\Meilisearch\IndexQueue\FrontendHelper;

/***************************************************************
 *  Copyright notice
 *
 *  (c) 2011-2015 Ingo Renner <ingo@typo3.org>
 *  All rights reserved
 *
 *  This script is part of the TYPO3 project. The TYPO3 project is
 *  free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 3 of the License, or
 *  (at your option) any later version.
 *
 *  The GNU General Public License can be found at
 *  http://www.gnu.org/copyleft/gpl.html.
 *
 *  This script is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  This copyright notice MUST APPEAR in all copies of the script!
 ***************************************************************/

use WapplerSystems\Meilisearch\Access\Rootline;
use WapplerSystems\Meilisearch\IndexQueue\PageIndexerRequestHandler;
use TYPO3\CMS\Core\Utility\GeneralUtility;
use TYPO3\CMS\Core\Authentication\AbstractAuthenticationService;

/**
 * Authentication service to authorize the Index Queue page indexer to access
 * protected pages.
 *
 * @author Ingo Renner <ingo@typo3.org>
 */
class AuthorizationService extends AbstractAuthenticationService
{

    /**
     * User used when authenticating the page indexer for protected pages,
     * to allow the indexer to access and protected content. May also allow to
     * identify requests by the page indexer.
     *
     * @var string
     */
    const SOLR_INDEXER_USERNAME = '__MeilisearchIndexerUser__';

    /**
     * Gets a fake frontend user record to allow access to protected pages.
     *
     * @return array An array representing a frontend user.
     */
    public function getUser()
    {
        return [
            'uid' => 0,
            'username' => self::SOLR_INDEXER_USERNAME,
            'authenticated' => true
        ];
    }

    /**
     * Authenticates the page indexer frontend user to grant it access to
     * protected pages and page content.
     *
     * Returns 200 which automatically grants access for the current fake page
     * indexer user. A status of >= 200 also tells TYPO3 that it doesn't need to
     * conduct other services that might be registered for "their opinion"
     * whether a user is authenticated.
     *
     * @see \TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::checkAuthentication()
     * @param array $user Array of user data
     * @return int Returns 200 to grant access for the page indexer.
     */
    public function authUser($user)
    {
        // shouldn't happen, but in case we get a regular user we just
        // pass it on to another (regular) auth service
        $authenticationLevel = 100;

        if ($user['username'] == self::SOLR_INDEXER_USERNAME) {
            $authenticationLevel = 200;
        }

        return $authenticationLevel;
    }

    /**
     * Creates user group records so that the page indexer is granted access to
     * protected pages.
     *
     * @param array $user Data of user.
     * @param array $knownGroups Group data array of already known groups. This is handy if you want select other related groups. Keys in this array are unique IDs of those groups.
     * @return mixed Groups array, keys = uid which must be unique
     */
    public function getGroups(
        $user,
        /** @noinspection PhpUnusedParameterInspection */
        $knownGroups
    ) {
        $groupData = [];

            /** @var $requestHandler PageIndexerRequestHandler */
        $requestHandler = GeneralUtility::makeInstance(PageIndexerRequestHandler::class);
        $accessRootline = $requestHandler->getRequest()->getParameter('accessRootline');

        if ($user['username'] == self::SOLR_INDEXER_USERNAME && !empty($accessRootline)) {
            $accessRootline = GeneralUtility::makeInstance(Rootline::class, /** @scrutinizer ignore-type */ $accessRootline);
            $groups = $accessRootline->getGroups();

            foreach ($groups as $groupId) {
                // faking a user group record
                $groupData[] = [
                    'uid' => $groupId,
                    'pid' => 0,
                    'title' => '__MeilisearchIndexerGroup__',
                    'TSconfig' => ''
                ];
            }
        }

        return $groupData;
    }
}