Attention
TYPO3 v10 has reached end-of-life as of April 30th 2023 and is no longer being maintained. Use the version switcher on the top left of this page to select documentation for a supported version of TYPO3.
Need more time before upgrading? You can purchase Extended Long Term Support (ELTS) for TYPO3 v10 here: TYPO3 ELTS.
Backend User Object¶
The backend user of a session is always available in extensions
as the global variable $GLOBALS['BE_USER']
. The object is created in
\TYPO3\CMS\Core\Core\Bootstrap::initializeBackendUser()
and is an instance of the class \TYPO3\CMS\Core\Authentication\BackendUserAuthentication
(which extends \TYPO3\CMS\Core\Authentication\AbstractUserAuthentication
).
Checking User Access¶
The $GLOBALS['BE_USER']
object is mostly used to check user access right,
but contains other helpful information. This is presented here by a few examples:
Checking Access to Current Backend Module¶
$MCONF
is module configuration and the key $MCONF['access']
determines
the access scope for the module. This function call will check if the
$GLOBALS['BE_USER']
is allowed to access the module and if not, the function
will exit with an error message.
$GLOBALS['BE_USER']->modAccess($MCONF);
Checking Access to any Backend Module¶
If you know the module key you can check if the module is included in the access list by this function call:
$GLOBALS['BE_USER']->check('modules', 'web_list');
Here access to the module Web > List is checked.
Access to Tables and Fields?¶
The same function ->check()
can actually check all the ->groupLists
inside $GLOBALS['BE_USER']
. For instance:
Checking modify access to the table "pages":
$GLOBALS['BE_USER']->check('tables_modify', 'pages');
Checking read access to the table "tt_content":
$GLOBALS['BE_USER']->check('tables_select', 'tt_content');
Checking if a table/field pair is allowed explicitly through the "Allowed Excludefields":
$GLOBALS['BE_USER']->check('non_exclude_fields', $table . ':' . $field);
Is "admin"?¶
If you want to know if a user is an "admin" user (has complete access), just call this method:
$GLOBALS['BE_USER']->isAdmin();
Read Access to a Page?¶
This function call will return true if the user has read access to a
page (represented by its database record, $pageRec
):
$GLOBALS['BE_USER']->doesUserHaveAccess($pageRec, 1);
Changing the "1" for other values will check other permissions:
use "2" for checking if the user may edit the page
use "4" for checking if the user may delete the page.
Is a Page Inside a DB Mount?¶
Access to a page should not be checked only based on page permissions
but also if a page is found within a DB mount for ther user. This can
be checked by this function call ($id
is the page uid):
$GLOBALS['BE_USER']->isInWebMount($id)
Selecting Readable Pages From Database?¶
If you wish to make a SQL statement which selects pages from the database and you want it to be only pages that the user has read access to, you can have a proper WHERE clause returned by this function call:
$GLOBALS['BE_USER']->getPagePermsClause(1);
Again the number "1" represents the "read" permission; "2" is "edit" and "4" is "delete" permission. The result from the above query could be this string:
((pages.perms_everybody & 1 = 1)OR(pages.perms_userid = 2 AND pages.perms_user & 1 = 1)OR(pages.perms_groupid in (1) AND pages.perms_group & 1 = 1))
Saving Module Data¶
This stores the input variable $compareFlags
(an array!) with the key
"tools_beuser/index.php/compare"
$compareFlags = \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('compareFlags');
$GLOBALS['BE_USER']->pushModuleData('tools_beuser/index.php/compare', $compareFlags);
Getting Module Data¶
This gets the module data with the key "tools_beuser/index.php/compare" (lasting only for the session)
$compareFlags = $GLOBALS['BE_USER']->getModuleData('tools_beuser/index.php/compare', 'ses');
Getting TSconfig¶
This function can return a value from the "User TSconfig" structure of the user. In this case the value for "options.clipboardNumberPads":
$tsconfig = $GLOBALS['BE_USER']->getTSConfig();
$clipboardNumberPads = $tsconfig['options.']['clipboardNumberPads'] ?? '';
Getting the Username¶
The full "be_users" record of a authenticated user is available in
$GLOBALS['BE_USER']
->user as an array. This will return the "username":
$GLOBALS['BE_USER']->user['username']
Get User Configuration Value¶
The internal ->uc
array contains options which are managed by the
User Tools > User Settings module (extension "setup"). These values are accessible in
the $GLOBALS['BE_USER']->uc
array. This will return the current state of
"Notify me by email, when somebody logs in from my account" for the user:
$GLOBALS['BE_USER']->uc['emailMeAtLogin']