Fine-grained file access control and folder access permissions for fe_users in TYPO3.

huangapple go评论58阅读模式
英文:

Fine-grained file access control and folder access permissions for fe_users in TYPO3

问题

Here is the translated content:

我在TYPO3中遇到了文件访问控制的问题,希望从社区中获得一些建议或建议。

问题:
我需要在TYPO3中实现一个文件访问控制系统,用户根据其个人权限访问特定文件夹。我正在使用sr_feuser_register扩展来创建前端用户帐户,并已修改它以自动为每个新用户创建文件夹(请参见下面的代码)。现在,我想授予每个用户仅对其各自的文件夹的读取访问权限。

我到目前为止尝试过的方法:
我已经研究了TYPO3中内置的用户组功能,但它只允许我在组级别分配访问权限,而不是在个别文件夹级别。
我已经研究了可用的TYPO3扩展,如secure_downloadsfal_securedownload等,但似乎没有一个提供我所需功能的扩展。

期望的解决方案:
我正在寻找关于在TYPO3中实现细粒度文件访问控制的建议、指导或替代方法。具体而言,我希望授予每个用户对其自己文件夹的读取访问权限,同时限制对其他用户文件夹的访问。目标是将文件上传到fileadmin位置,然后前端用户可以通过其登录凭据访问这些文件。
我目前使用的是TYPO3版本v11.5.22,没有使用composer模式,以及sr_feuser_register扩展来管理用户注册。理想情况下,我希望集成一个与这些组件无缝配合的解决方案。
我愿意接受任何定制解决方案或利用第三方扩展,如果它们提供所需的功能。

关于我添加到sr_feuser_register扩展的CreateActionController.php的代码,请告诉我是否需要完整的代码。

英文:

I'm facing a challenge with file access control in TYPO3, and I'm hoping to get some guidance or suggestions from the community.

Problem:
I need to implement a file access control system in TYPO3 where users have access to specific folders based on their individual permissions. I'm using the sr_feuser_register extension to create front-end user accounts, and I have modified it to automatically create a folder for each new user (see code below). Now, I want to grant each user read access only to their respective folder.

What I've tried so far:
I've explored the built-in user group functionality in TYPO3, but it only allows me to assign access permissions at the group level, rather than at the individual folder level.
I've researched available TYPO3 extensions such as secure_downloads, fal_securedownload etc. but none of them seem to provide the exact functionality I need.

Desired Solution:
I'm looking for suggestions, guidance, or alternative approaches to achieving fine-grained file access control in TYPO3. Specifically, I want to grant each user read access to their own folder while restricting access to other users' folders. The goal is to upload files to the fileadmin location which the frontend users then can access through their login credentials.
I'm currently using TYPO3 version v11.5.22 without composer mode and the sr_feuser_register extension to manage user registration. Ideally, I would like to integrate a solution that works seamlessly with these components.

I'm open to any custom solutions or utilizing third-party extensions if they provide the required functionality.

Any help or insights on this matter would be greatly appreciated. Thank you in advance!

Here is the code that i added to the CreateActionController.php of the sr_feuser_register extension to create the custom folders in fileadmin (i can provide the full code if needed):

<?php
namespace SJBR\SrFeuserRegister\Controller;

//....classes

/**
 * Create action controller
 */
class CreateActionController extends AbstractActionController
{
	/**
	 * Processes the create request
	 *
	 * @param array $dataArray: array of form input fields
	 * @param string $cmd: the command
	 * @param string $cmdKey: the command key
	 * @return string the template with substituted markers
	 */
	public function doProcessing(array $finalDataArray, $cmd, $cmdKey) {
		

		//......


		// Set the time zone
		date_default_timezone_set('Europe/Berlin'); // Replace 'Europe/Berlin' with your desired time zone

		// Get the current date
		$currentDate = date('ymd');

		// Prepare the folder name
		$firstName = $finalDataArray['first_name'];
		$lastName = $finalDataArray['last_name'];

		// Convert special characters to ASCII equivalents
		$firstName = iconv('UTF-8', 'ASCII//TRANSLIT', $firstName);
		$lastName = iconv('UTF-8', 'ASCII//TRANSLIT', $lastName);

		// Replace umlaut characters with their ASCII equivalents
		$firstName = str_replace(['ä', 'ö', 'ü', 'ß'], ['ae', 'oe', 'ue', 'ss'], $firstName);
		$lastName = str_replace(['ä', 'ö', 'ü', 'ß'], ['ae', 'oe', 'ue', 'ss'], $lastName);

		// Remove non-alphanumeric characters
		$firstName = preg_replace('/[^a-zA-Z0-9]/', '', $firstName);
		$lastName = preg_replace('/[^a-zA-Z0-9]/', '', $lastName);

		// Check if the first name and last name are not empty
		if (!empty($firstName) && !empty($lastName)) {
		    // Construct the folder name
		    $folderName = $currentDate . '_' . strtolower($lastName) . '_' . strtolower($firstName);

		    // Create the folder path
		    $folderPath = 'fileadmin/data/' . $folderName;

		    // Attempt to create the folder
		    if (mkdir($folderPath, 0755)) {
		        // Folder created successfully
		        // Set folder permissions
		        chmod($folderPath, 0755); // Adjust the permissions as needed

		        // Get the FE user UID
		        $feUserUid = $GLOBALS['TSFE']->fe_user->user['uid'];

		        // Set folder access rights for the FE user
				$feUserUid = $GLOBALS['TSFE']->fe_user->user['uid'];

				// Get the FE user group ID
				$groupId = $GLOBALS['TSFE']->fe_user->user['usergroup'];

				// Get the TYPO3 database connection
				$databaseConnection = GeneralUtility::makeInstance(\TYPO3\CMS\Core\Database\ConnectionPool::class)->getConnectionForTable('sys_file_metadata');

				// Clear any existing folder permissions for the patient's folder
				$databaseConnection->exec_DELETEquery(
				    'sys_file_metadata',
				    $databaseConnection->quoteIdentifier('table_local') . ' = 1 AND ' .
				    $databaseConnection->quoteIdentifier('identifier') . ' = ' . $databaseConnection->quote($folderName)
				);

				// Grant folder permissions to the FE user group for the patient's folder
				$databaseConnection->insert(
				    'sys_file_metadata',
				    [
				        'uid' => $groupId,
				        'table_local' => 1,
				        'identifier' => $folderName,
				        'permissions' => 31, // Set desired folder permissions (e.g., 31 for full access)
				        'modified' => time()
				    ]
				);
		    }
		}



		//......
	}
}

答案1

得分: 1

I'm here to provide the translated content:

"根据我的看法,对于这种情况,没有现成的解决方案。
所以你将需要为此创建自己的扩展。

为此:

  1. 你将需要一个非公共文件存储,如此处第2点所述(不要忘记.htaccess文件或在文档根目录之外使用文件夹):https://docs.typo3.org/p/beechit/fal-securedownload/4.0/en-us/Installation/Index.html
  2. 你需要一个数据库表来保存文件夹权限。你可以查看EXT:fal_securedownload,了解如何将组分配给文件夹,然后重新构建它,将fe_users分配给文件夹。
  3. 你需要一个控制器和插件来处理已登录用户的文件(例如列表视图)。
  4. 调整你的CreateActionController,在创建用户文件夹时创建文件夹权限。

或者

你可以完全使用EXT:fal_securedownload,并使用用户组实现用户权限。你可以在CreateActionController中创建这些组,并将它们分配给fe_user。
该扩展带有文件和文件夹的TreeView。"

英文:

IMMO there is no ready-to-use solution for this case.
So you would have to create your own extension for that.

For that:

  1. You will need a non public file storage, as described here under point 2 (Don't forget the .htaccess file or use folder outside docroot): https://docs.typo3.org/p/beechit/fal-securedownload/4.0/en-us/Installation/Index.html
  2. You will need a database table to save the folder permissions. You could check out EXT:fal_securedownload on how to assign groups to folders. And then rebuild it, assigning fe_users to folders.
  3. You need a controller and the plugins to handle the files of logged in user. (i.e. A list view)
  4. Adjust your CreateActionController to create the folder permissions, when creating the user folder.

OR

You could use the EXT:fal_securedownload completely and realize the user permissions with usergroups. You could create the groups in your CreateActionController and assign them to the fe_user.
The Extensions comes with an TreeView for files and folders.

答案2

得分: 0

I solved the problem by writing data with an event listener in my own typo3 extension into the tx_falsecuredownload_folder table in the typo3 database. You have to generate a sha1-hash for the folder path and use the fe_groups uid and timestamp variable.

Here is the link to the post: https://stackoverflow.com/questions/76346721/automatically-set-fe-groups-folder-access-permissions-with-fal-securedownload

英文:

I solved the problem by writing data with an event listener in my own typo3 extension into the tx_falsecuredownload_folder table in the typo3 database. You have to generate a sha1-hash for the folder path and use the fe_groups uid and timestamp variable.

Here is the link to the post: https://stackoverflow.com/questions/76346721/automatically-set-fe-groups-folder-access-permissions-with-fal-securedownload

huangapple
  • 本文由 发表于 2023年5月14日 18:38:03
  • 转载请务必保留本文链接:https://go.coder-hub.com/76247008.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定