[Typo3-dev] RFC: Frontend Permissions for Records within Plugins

Tue Nov 8 18:53:29 CET 2005

Hi Jeff,

if I got you right, the feature you're looking for is part of the TYPO3 core.

Take a look at the "$TCA reference" in "TYPO3 Core APIs" [1].
$GLOBALS['TCA']['my_ext_table']['ctrl']['enablecolumns']['fe_group'] =
'group_id_column';
should give you the desired functionality.

This is, as Peter already stated, supported by TS. And it's taken into
account by
$GLOBALS['TSFE']->sys_page->enableFields('my_ext_table');
if you want to use it in PHP.

Regards
Thorsten

[1] http://typo3.org/documentation/document-library/doc_core_api/

Jeff Segars wrote:
> Background
> --------------------
> For an upcoming extension that we're developing within Web-Empowered
> Church, we have a need to limit the records returned from a Frontend
> Plugin based on the group of the current frontend user.  It's probably
> easiest to describe this functionality in terms of existing extensions.
>  For something like tt_news, we would create a news article and assign
> that article to one or more frontend user groups.  When a user visits
> the site, he would see only the articles that are assigned to his groups.
> 
> What this functionality really comes down to is providing the same
> permissions for records within a plugin as we currently have for pages
> and content elements within the page tree.  I know there are ways to
> build similar functionality right now (connecting categories to user
> groups, and then limiting an instance of the plugin to a certain user
> group) but we're shooting for something that is more automated, as it
> will be used on a site with many user groups.
> 
> This seems like something that could be very useful to many extensions,
> not just our own, as it allows for portal-like functionality where users
> only see news and events for the groups they belong to.
> 
> Implementation
> --------------------
> The backend side of this functionality could mirror what is already
> available for content elements and pages for the TCA setup and other
> configuration-level code.  Extensions would have to provide a fe_group
> column within their database table, which would contain a
> comma-separated list of groups, as well as the appropriate entries in
> the TCA array.
> 
> After the method for selecting groups has been defined, the next
> challenge is ensuring that those group permissions are checked when
> extension output is rendered.   This check must be performed by
> including the groups of the current user in the WHERE clause of all
> database calls.  This could be a manual process (creating the WHERE
> clause within existing DB calls) but automating this as much as possible
> makes it more likely that new extension developers will implement it
> correctly and that existing extensions will be updated to include the
> functionality.
> 
> To this end, wrapper functions or optional arguments could be added to
> the existing database calls.  These functions or arguments would be used
> to add group permissions for the current user into the WHERE clause that
> the standard DB calls accept.  This approach means that the only
> extension code required to support these new permissions would be the
> database calls.  The rest of the codebase would not change; there would
> simply be a more limited subset of records returned from the DB calls.
> 
> --------------------
> 
> To sum it up, we're really looking for comments on two main questions..
> 1) Is this per-record level of permissions something that would be
> useful across other TYPO3 extensions?
> 2) Is the implementation outlined above a good way to add this
> functionality or are there other suggestions?
> 
> Thanks in advance for any comments!
> Jeff