[FEATURE] Respect access rights for site selection in configuration r…

…ecord

Classes/Domain/Service/SiteService.php

@@ -4,16 +4,26 @@
 namespace In2code\Luxletter\Domain\Service;
 
 use In2code\Luxletter\Exception\MisconfigurationException;
+use In2code\Luxletter\Utility\BackendUserUtility;
 use In2code\Luxletter\Utility\FrontendUtility;
 use In2code\Luxletter\Utility\StringUtility;
 use LogicException;
+use TYPO3\CMS\Backend\Utility\BackendUtility;
 use TYPO3\CMS\Core\Exception\SiteNotFoundException;
 use TYPO3\CMS\Core\Site\Entity\Site;
 use TYPO3\CMS\Core\Site\SiteFinder;
+use TYPO3\CMS\Core\Type\Bitmask\Permission;
 use TYPO3\CMS\Core\Utility\GeneralUtility;
 
 class SiteService
 {
+    protected SiteFinder $siteFinder;
+
+    public function __construct(?SiteFinder $siteFinder = null)
+    {
+        $this->siteFinder = $siteFinder ?? GeneralUtility::makeInstance(SiteFinder::class);
+    }
+
     /**
      * Get a site from current page identifier. Works only in frontend context (so not when in CLI and BACKEND context)
      *
@@ -27,8 +37,7 @@ public function getSite(int $pageIdentifier = 0): Site
             $pageIdentifier = FrontendUtility::getCurrentPageIdentifier();
         }
         if ($pageIdentifier > 0) {
-            $siteFinder = GeneralUtility::makeInstance(SiteFinder::class);
-            return $siteFinder->getSiteByPageId($pageIdentifier);
+            return $this->siteFinder->getSiteByPageId($pageIdentifier);
         }
         throw new LogicException('No page identifier given. Maybe no frontend context?', 1622813408);
     }
@@ -46,8 +55,7 @@ public function getLanguages(int $pageIdentifier): array
 
     public function getFirstSite(): Site
     {
-        $siteFinder = GeneralUtility::makeInstance(SiteFinder::class);
-        $sites = $siteFinder->getAllSites();
+        $sites = $this->siteFinder->getAllSites();
         return current($sites);
     }
 
@@ -73,7 +81,7 @@ public function getDomainFromSite(Site $site): string
      */
     public function getPageUrlFromParameter(int $pageIdentifier, array $arguments = []): string
     {
-        $site = GeneralUtility::makeInstance(SiteFinder::class)->getSiteByPageId($pageIdentifier);
+        $site = $this->siteFinder->getSiteByPageId($pageIdentifier);
         $this->checkForValidSite($site);
         $uri = $site->getRouter()->generateUri($pageIdentifier, $arguments);
         return $uri->__tostring();
@@ -96,6 +104,26 @@ public function getFrontendUrlFromParameter(array $arguments, Site $site): strin
         return $url;
     }
 
+    public function getAllowedSites(): array
+    {
+        $sites = $this->siteFinder->getAllSites();
+        if (BackendUserUtility::isAdministrator()) {
+            return $sites;
+        }
+
+        $sanitziedSites = [];
+        foreach ($sites as $site) {
+            $beuserAuthentication = BackendUserUtility::getBackendUserAuthentication();
+            if ($beuserAuthentication !== null) {
+                $row = BackendUtility::getRecord('pages', $site->getRootPageId());
+                if ($beuserAuthentication->doesUserHaveAccess($row, Permission::PAGE_SHOW)) {
+                    $sanitziedSites[$site->getIdentifier()] = $site;
+                }
+            }
+        }
+        return $sanitziedSites;
+    }
+
     /**
      * @param Site $site
      * @return void

Classes/Tca/SiteSelection.php

@@ -3,32 +3,22 @@
 declare(strict_types=1);
 namespace In2code\Luxletter\Tca;
 
-use TYPO3\CMS\Core\Site\Entity\Site;
-use TYPO3\CMS\Core\Site\SiteFinder;
+use In2code\Luxletter\Domain\Service\SiteService;
 use TYPO3\CMS\Core\Utility\GeneralUtility;
 
-/**
- * Class SiteSelection
- */
 class SiteSelection
 {
-    /**
-     * @param array $configuration
-     * @return void
-     */
-    public function getAll(array &$configuration): void
+    protected SiteService $siteService;
+
+    public function __construct()
     {
-        foreach ($this->getAllSites() as $site) {
-            $configuration['items'][] = [$site->getIdentifier(), $site->getIdentifier()];
-        }
+        $this->siteService = GeneralUtility::makeInstance(SiteService::class);
     }
 
-    /**
-     * @return Site[]
-     */
-    protected function getAllSites(): array
+    public function getAll(array &$configuration): void
     {
-        $siteFinder = GeneralUtility::makeInstance(SiteFinder::class);
-        return $siteFinder->getAllSites();
+        foreach ($this->siteService->getAllowedSites() as $site) {
+            $configuration['items'][] = [$site->getIdentifier(), $site->getIdentifier()];
+        }
     }
 }

Classes/Utility/BackendUserUtility.php

@@ -5,37 +5,26 @@
 
 use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
 
-/**
- * Class BackendUserUtility
- */
 class BackendUserUtility
 {
-    /**
-     * @return bool
-     */
     public static function isBackendUserAuthenticated(): bool
     {
         return self::getBackendUserAuthentication() !== null;
     }
 
-    /**
-     * @param string $key
-     * @param string $action
-     * @param string $controller
-     * @param array $data
-     * @return void
-     */
+    public static function isAdministrator(): bool
+    {
+        if (self::getBackendUserAuthentication() !== null) {
+            return self::getBackendUserAuthentication()->isAdmin();
+        }
+        return false;
+    }
+
     public static function saveValueToSession(string $key, string $action, string $controller, array $data): void
     {
         self::getBackendUserAuthentication()->setAndSaveSessionData($key . $action . $controller . '_luxletter', $data);
     }
 
-    /**
-     * @param string $key
-     * @param string $action
-     * @param string $controller
-     * @return array
-     */
     public static function getSessionValue(string $key, string $action, string $controller): array
     {
         return (array)self::getBackendUserAuthentication()->getSessionData($key . $action . $controller . '_luxletter');