Feature: #98304 - PSR-14 event for modifying edit form user access

See forge#98304

Description

A new PSR-14 event \TYPO3\CMS\Backend\Form\Event\ModifyEditFormUserAccessEvent has been introduced which serves as a more powerful and flexible alternative for the now removed $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['typo3/alt_doc.php']['makeEditForm_accessCheck'] hook.

In contrast to the removed hook, the new event provides the full database row of the record in question next to the exception, which might have been set by the core. Additionally, the event allows to modify the user access decision in an object-oriented way, using convenience methods.

To modify the user access, the following methods are available:

  • allowUserAccess(): Allows user access to the editing form

  • setLinkExplanation(): Denies user access to the editing form

  • doesUserHaveAccess(): Returns the current user access state

  • getAccessDeniedException(): If core's DataProvider previously denied access, this returns the corresponding exception, null otherwise

The following additional methods can be used for further context:

  • getTableName(): Returns the table name of the record in question

  • getCommand(): Returns the requested command, either new or edit

  • getDatabaseRow(): Returns the record's database row

In case any listener to the new event denies user access, while it was initially allowed by core, the TYPO3\CMS\Backend\Form\Exception\AccessDeniedListenerException will be thrown.

Example

Registration of the event in your extensions' Services.yaml:

MyVendor\MyPackage\Backend\Form\ModifyEditFormUserAccessEventListener:
  tags:
    - name: event.listener
      identifier: 'my-package/backend/modify-edit-form-user-access'

The corresponding event listener class:

use TYPO3\CMS\Backend\Form\Event\ModifyEditFormUserAccessEvent;

final class ModifyEditFormUserAccessEventListener
{
    public function __invoke(ModifyEditFormUserAccessEvent $event): void
    {
        // Deny access for creating records of a custom table
        if ($event->getTableName() === 'my_custom_table' && $event->getCommand() === 'new') {
            $event->denyUserAccess();
        }
    }
}

Impact

It's now possible to modify the user access for the editing form, using the new PSR-14 event ModifyLinkExplanationEvent. The main advantages of the new PSR-14 event are the object-oriented approach as well as the built-in convenience features and an increased amount of context information.