[BUGFIX] Fix thumbnails and download from backend

Resolves: #188 Resolves: #186
beechit · Jul 7, 2022 · 8233513 · 8233513
1 parent a3bfa32
commit 8233513
Show file tree

Hide file tree

Showing 4 changed files with 87 additions and 4 deletions.
diff --git a/Classes/Hooks/FileDumpHook.php b/Classes/Hooks/FileDumpHook.php
@@ -214,7 +214,7 @@ public function checkFileAccess(ResourceInterface $file)
      */
     protected function dumpFileContents($file, $asDownload, $resumableDownload)
     {
-        $downloadName = $file->getProperty('download_name') ?: $file->getName();
+        $downloadName = $file->hasProperty('download_name') ? $file->getProperty('download_name') : $file->getName();
 
         // Make sure downloadName has a file extension
         $fileParts = pathinfo($downloadName);
@@ -330,6 +330,10 @@ protected function checkPermissions()
         /** @var $checkPermissionsService CheckPermissions */
         $checkPermissionsService = GeneralUtility::makeInstance(CheckPermissions::class);
 
+        if ($checkPermissionsService->checkBackendUserFileAccess($this->originalFile)) {
+            return true;
+        }
+
         $userFeGroups = !$this->feUser->user ? false : $this->feUser->groupData['uid'];
 
         return $checkPermissionsService->checkFileAccess($this->originalFile, $userFeGroups);

diff --git a/Classes/Middleware/EidFrontendAuthentication.php b/Classes/Middleware/EidFrontendAuthentication.php
@@ -6,6 +6,7 @@
 use Psr\Http\Message\ServerRequestInterface;
 use Psr\Http\Server\MiddlewareInterface;
 use Psr\Http\Server\RequestHandlerInterface;
+use TYPO3\CMS\Backend\FrontendBackendUserAuthentication;
 use TYPO3\CMS\Core\Authentication\AbstractUserAuthentication;
 use TYPO3\CMS\Core\Context\Context;
 use TYPO3\CMS\Core\Exception;
@@ -39,6 +40,9 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
         if ($eID === null || !in_array($eID, ['dumpFile', 'FalSecuredownloadFileTreeState'])) {
             return $handler->handle($request);
         }
+
+        $GLOBALS['TYPO3_REQUEST'] = $request;
+
         $frontendUser = GeneralUtility::makeInstance(FrontendUserAuthentication::class);
 
         // List of page IDs where to look for frontend user records
@@ -53,8 +57,16 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
 
         // Register the frontend user as aspect and within the session
         $this->setFrontendUserAspect($frontendUser);
-        $response = $handler->handle($request);
-        return $response;
+
+        $backendUserObject = GeneralUtility::makeInstance(FrontendBackendUserAuthentication::class);
+        $backendUserObject->start();
+        $backendUserObject->unpack_uc();
+        if (!empty($backendUserObject->user['uid'])) {
+            $backendUserObject->fetchGroupData();
+        }
+        $this->setBackendUserAspect($backendUserObject);
+
+        return $handler->handle($request);
     }
 
     /**
@@ -66,4 +78,15 @@ protected function setFrontendUserAspect(AbstractUserAuthentication $user)
     {
         $this->context->setAspect('beechit.user', GeneralUtility::makeInstance(UserAspect::class, $user));
     }
+
+    /**
+     * Register the backend user as aspect
+     *
+     * @param AbstractUserAuthentication $user
+     */
+    protected function setBackendUserAspect(AbstractUserAuthentication $user)
+    {
+        $this->context->setAspect('beechit.beuser', GeneralUtility::makeInstance(UserAspect::class, $user));
+        $GLOBALS['BE_USER'] = $user;
+    }
 }
diff --git a/Classes/Security/CheckPermissions.php b/Classes/Security/CheckPermissions.php
@@ -27,6 +27,12 @@
 use BeechIt\FalSecuredownload\Events\AddCustomGroupsEvent;
 use BeechIt\FalSecuredownload\Service\Utility;
 use Psr\EventDispatcher\EventDispatcherInterface;
+use TYPO3\CMS\Backend\FrontendBackendUserAuthentication;
+use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
+use TYPO3\CMS\Core\Authentication\Mfa\MfaRequiredException;
+use TYPO3\CMS\Core\Context\Context;
+use TYPO3\CMS\Core\Context\UserAspect;
+use TYPO3\CMS\Core\Resource\Exception\FolderDoesNotExistException;
 use TYPO3\CMS\Core\Resource\File;
 use TYPO3\CMS\Core\Resource\Folder;
 use TYPO3\CMS\Core\Resource\FolderInterface;
@@ -78,6 +84,56 @@ public function checkFileAccessForCurrentFeUser($file)
         return $this->checkFileAccess($file, $userFeGroups);
     }
 
+    /**
+     * Check backend user file access
+     *
+     * @param File $file
+     * @return bool
+     */
+    public function checkBackendUserFileAccess(File $file): bool
+    {
+        $backendUser = $GLOBALS['BE_USER'] ?? null;
+        if (!$backendUser instanceof BackendUserAuthentication || empty($backendUser->user['uid'])) {
+            return false;
+        }
+        if ($backendUser->isAdmin()) {
+            return true;
+        }
+        $resourceStorage = $file->getStorage();
+        $resourceStorage->setUserPermissions($GLOBALS['BE_USER']->getFilePermissionsForStorage($resourceStorage));
+        foreach ($GLOBALS['BE_USER']->getFileMountRecords() as $fileMountRow) {
+            if ((int)$fileMountRow['base'] === (int)$resourceStorage->getUid()) {
+                try {
+                    $resourceStorage->addFileMount($fileMountRow['path'], $fileMountRow);
+                } catch (FolderDoesNotExistException $e) {
+                    // That file mount does not seem to be valid, fail silently
+                }
+            }
+        }
+        $originalEvaluatePermissions = $resourceStorage->getEvaluatePermissions();
+        $resourceStorage->setEvaluatePermissions(true);
+        $access = $resourceStorage->checkFileActionPermission('read', $file);
+        $resourceStorage->setEvaluatePermissions($originalEvaluatePermissions);
+        return $access;
+    }
+
+    /**
+     * Get backend user object
+     *
+     * @return FrontendBackendUserAuthentication
+     * @throws MfaRequiredException
+     */
+    protected function getBackendUser(): FrontendBackendUserAuthentication
+    {
+        $backendUserObject = GeneralUtility::makeInstance(FrontendBackendUserAuthentication::class);
+        $backendUserObject->start();
+        $backendUserObject->unpack_uc();
+        if (!empty($backendUserObject->user['uid'])) {
+            $backendUserObject->fetchGroupData();
+        }
+        return $backendUserObject;
+    }
+
     /**
      * Check file access for given FeGroups combination
      *

diff --git a/Classes/Service/LeafStateService.php b/Classes/Service/LeafStateService.php
@@ -86,7 +86,7 @@ public function getLeafStateForUser(FrontendUserAuthentication $user, $folder)
      */
     protected function getFolderState(FrontendUserAuthentication $user)
     {
-        $folderStates = $user->getKey($user->user['uid'] ? 'user' : 'ses', 'LeafStateService');
+        $folderStates = $user->getKey(empty($user->user['uid']) ? 'ses' : 'user', 'LeafStateService');
         if ($folderStates) {
             $folderStates = unserialize($folderStates);
         }