2 namespace TYPO3\CMS\Core\Resource\Security;
43 $accessAllowed = $otherHookGrantedAccess;
44 if ($table ===
'sys_file_metadata' && $accessAllowed !== 0) {
46 if ($existingFileMetadataRecord === null || (empty($existingFileMetadataRecord[
'file']) && !empty($fileMetadataRecord[
'file']))) {
47 $existingFileMetadataRecord = $fileMetadataRecord;
52 return $accessAllowed;
68 if ($table ===
'sys_file_metadata') {
69 if (isset($parent->cmdmap[$table]) && is_array($parent->cmdmap[$table])) {
70 foreach ($parent->cmdmap[$table] as $id => $command) {
72 throw new \UnexpectedValueException(
73 'Integer expected for data manipulation command.
74 This can only happen in the case of an attack attempt or when something went horribly wrong.
75 To not compromise security, we exit here.',
82 if (!$accessAllowed) {
89 if (isset($parent->datamap[$table]) && is_array($parent->datamap[$table])) {
90 foreach ($parent->datamap[$table] as $id => $data) {
91 $recordAccessAllowed =
false;
93 if (strpos($id,
'NEW') ===
false) {
95 if ($fileMetadataRecord !== null) {
96 if ($parent->isImporting && empty($fileMetadataRecord[
'file'])) {
98 $recordAccessAllowed =
true;
105 $recordAccessAllowed =
true;
108 if (isset($data[
'file'])) {
109 if ($parent->isImporting && empty($data[
'file'])) {
111 $dataAccessAllowed =
true;
112 }
elseif (empty($data[
'file'])) {
113 $dataAccessAllowed =
false;
118 $dataAccessAllowed =
true;
121 if (!$recordAccessAllowed || !$dataAccessAllowed) {
123 $accessAllowed =
false;
139 $table = $parameters[
'table'];
140 $uid = $parameters[
'uid'];
141 $cmd = $parameters[
'cmd'];
142 $accessAllowed = $parameters[
'hasAccess'];
144 if ($accessAllowed && $table ===
'sys_file_metadata' && $cmd ===
'edit') {
148 return $accessAllowed;
159 $accessAllowed =
false;
160 if (is_array($fileMetadataRecord) && !empty($fileMetadataRecord[
'file'])) {
161 $file = $fileMetadataRecord[
'file'];
163 if (strpos($file,
'sys_file_') !==
false) {
164 $file = substr($file, strlen(
'sys_file_'));
167 $accessAllowed = $fileObject->checkActionPermission(
'write');
169 return $accessAllowed;