[Typo3-dev] RFC: Frontend Permissions for Records within Plugins
Thorsten Kahler
thorsten.kahler at dkd.de
Tue Nov 8 18:53:29 CET 2005
Hi Jeff,
if I got you right, the feature you're looking for is part of the TYPO3 core.
Take a look at the "$TCA reference" in "TYPO3 Core APIs" [1].
$GLOBALS['TCA']['my_ext_table']['ctrl']['enablecolumns']['fe_group'] =
'group_id_column';
should give you the desired functionality.
This is, as Peter already stated, supported by TS. And it's taken into
account by
$GLOBALS['TSFE']->sys_page->enableFields('my_ext_table');
if you want to use it in PHP.
Regards
Thorsten
[1] http://typo3.org/documentation/document-library/doc_core_api/
Jeff Segars wrote:
> Background
> --------------------
> For an upcoming extension that we're developing within Web-Empowered
> Church, we have a need to limit the records returned from a Frontend
> Plugin based on the group of the current frontend user. It's probably
> easiest to describe this functionality in terms of existing extensions.
> For something like tt_news, we would create a news article and assign
> that article to one or more frontend user groups. When a user visits
> the site, he would see only the articles that are assigned to his groups.
>
> What this functionality really comes down to is providing the same
> permissions for records within a plugin as we currently have for pages
> and content elements within the page tree. I know there are ways to
> build similar functionality right now (connecting categories to user
> groups, and then limiting an instance of the plugin to a certain user
> group) but we're shooting for something that is more automated, as it
> will be used on a site with many user groups.
>
> This seems like something that could be very useful to many extensions,
> not just our own, as it allows for portal-like functionality where users
> only see news and events for the groups they belong to.
>
> Implementation
> --------------------
> The backend side of this functionality could mirror what is already
> available for content elements and pages for the TCA setup and other
> configuration-level code. Extensions would have to provide a fe_group
> column within their database table, which would contain a
> comma-separated list of groups, as well as the appropriate entries in
> the TCA array.
>
> After the method for selecting groups has been defined, the next
> challenge is ensuring that those group permissions are checked when
> extension output is rendered. This check must be performed by
> including the groups of the current user in the WHERE clause of all
> database calls. This could be a manual process (creating the WHERE
> clause within existing DB calls) but automating this as much as possible
> makes it more likely that new extension developers will implement it
> correctly and that existing extensions will be updated to include the
> functionality.
>
> To this end, wrapper functions or optional arguments could be added to
> the existing database calls. These functions or arguments would be used
> to add group permissions for the current user into the WHERE clause that
> the standard DB calls accept. This approach means that the only
> extension code required to support these new permissions would be the
> database calls. The rest of the codebase would not change; there would
> simply be a more limited subset of records returned from the DB calls.
>
> --------------------
>
> To sum it up, we're really looking for comments on two main questions..
> 1) Is this per-record level of permissions something that would be
> useful across other TYPO3 extensions?
> 2) Is the implementation outlined above a good way to add this
> functionality or are there other suggestions?
>
> Thanks in advance for any comments!
> Jeff
More information about the TYPO3-dev
mailing list