Feature: #98304 - PSR-14 event for modifying edit form user access¶
See forge#98304
Description¶
A new PSR-14 event \TYPO3\CMS\Backend\Form\Event\ModifyEditFormUserAccessEvent
has been introduced which serves as a more powerful and flexible alternative
for the now removed $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['typo3/alt_doc.php']['makeEditForm_accessCheck']
hook.
In contrast to the removed hook, the new event provides the full database row of the record in question next to the exception, which might have been set by the Core. Additionally, the event allows to modify the user access decision in an object-oriented way, using convenience methods.
To modify the user access, the following methods are available:
allowUserAccess()
: Allows user access to the editing formdenyUserAccess()
: Denies user access to the editing formdoesUserHaveAccess()
: Returns the current user access stategetAccessDeniedException()
: If Core's DataProvider previously denied access, this returns the corresponding exception,null
otherwise
The following additional methods can be used for further context:
getTableName()
: Returns the table name of the record in questiongetCommand()
: Returns the requested command, eithernew
oredit
getDatabaseRow()
: Returns the record's database row
In case any listener to the new event denies user access, while it was initially
allowed by Core, the TYPO3\CMS\Backend\Form\Exception\AccessDeniedListenerException
will be thrown.
Example¶
Registration of the event in your extension's Services.yaml
:
MyVendor\MyPackage\Backend\Form\ModifyEditFormUserAccessEventListener:
tags:
- name: event.listener
identifier: 'my-package/backend/modify-edit-form-user-access'
The corresponding event listener class:
use TYPO3\CMS\Backend\Form\Event\ModifyEditFormUserAccessEvent;
final class ModifyEditFormUserAccessEventListener
{
public function __invoke(ModifyEditFormUserAccessEvent $event): void
{
// Deny access for creating records of a custom table
if ($event->getTableName() === 'my_custom_table' && $event->getCommand() === 'new') {
$event->denyUserAccess();
}
}
}
Impact¶
It's now possible to modify the user access for the editing form,
using the new PSR-14 event ModifyLinkExplanationEvent
. The main
advantages of the new PSR-14 event are the object-oriented approach
as well as the built-in convenience features and an increased amount
of context information.