CommandLineUserAuthentication extends BackendUserAuthentication
TYPO3 backend user authentication on a CLI level Auto-logs in, only allowed on CLI
Table of Contents
Constants
- ROLE_SYSTEMMAINTAINER = 'systemMaintainer'
Properties
- $checkPid : bool
- If set, the user-record must be stored at the page defined by $checkPid_value
- $checkPid_value : int|string
- The page id the user record must be stored at, can also hold a comma separated list of pids
- $dontSetCookie : bool
- Will prevent the setting of the session cookie
- $enablecolumns : array<string|int, mixed>
- Enable field columns of user table
- $errorMsg : string
- Contains last error message
- $firstMainGroup : int
- $formfield_status : string
- Form field with status: *'login', 'logout'
- $formfield_uident : string
- Form field with password
- $formfield_uname : string
- Form field with login-name
- $groupData : array<string|int, mixed>
- holds lists of eg. tables, fields and other values related to the permission-system. See fetchGroupData
- $lastLogin_column : string
- Column name for last login timestamp
- $loginSessionStarted : bool
- Will be set to TRUE if the login session is actually written during auth-check.
- $loginType : string
- Login type, used for services.
- $name : string
- Session/Cookie name
- $uc : array<string|int, mixed>|string
- User Config
- $uc_default : array<string|int, mixed>
- User Config Default values: The array may contain other fields for configuration.
- $user : array<string|int, mixed>|null
- $user_table : string
- Table in database with user data
- $usergroup_column : string
- Should be set to the usergroup-column (id-list) in the user-record
- $usergroup_table : string
- The name of the group-table
- $userGroups : array<string|int, mixed>
- This array will hold the groups that the user is a member of
- $userGroupsUID : array<string|int, mixed>
- This array holds the uid's of the groups in the listed order
- $userid_column : string
- Column for user-id
- $userident_column : string
- Column for password
- $username_column : string
- Column for login-name
- $workspace : int
- User workspace.
- $workspaceRec : array<string|int, mixed>
- Custom workspace record if any
- $writeAttemptLog : bool
- If the writelog() functions is called if a login-attempt has be tried without success
- $writeStdLog : bool
- Decides if the writelog() function is called at login and logout
- $checkWorkspaceCurrent_cache : array<string|int, mixed>|null
- Cache for checkWorkspaceCurrent()
- $filePermissions : array<string|int, mixed>|null
- $fileStorages : array<string|int, ResourceStorage>
- $lifetime : int
- Lifetime for the session-cookie (on the client)
- $setCookie : Cookie|null
- If set, this cookie will be set to the response.
- $username : string
- The username of the CLI user (there is only one)
- $userSession : UserSession|null
- $userSessionManager : UserSessionManager
- $userTS : array<string|int, mixed>
- $userTSUpdated : bool
Methods
- __construct() : mixed
- Constructor, only allowed in CLI mode
- __get() : mixed
- __isset() : bool
- __set() : mixed
- __unset() : void
- appendCookieToResponse() : ResponseInterface
- Used to apply a cookie to a PSR-7 Response.
- authenticate() : mixed
- Logs-in the _CLI_ user. It does not need to check for credentials.
- backendCheckLogin() : mixed
- Logs in the TYPO3 Backend user "_cli_"
- backendSetUC() : mixed
- Initialize the internal ->uc array for the backend user Will make the overrides if necessary, and write the UC back to the be_users record if changes has happened
- calcPerms() : int
- Returns a combined binary representation of the current users permissions for the page-record, $row.
- check() : bool
- Returns TRUE if the $value is found in the list in a $this->groupData[] index pointed to by $type (array key).
- checkAuthentication() : mixed
- Replacement for AbstractUserAuthentication::checkAuthentication()
- checkAuthMode() : bool
- Checking the authMode of a select field with authMode set
- checkFullLanguagesAccess() : bool
- Check if user has access to all existing localizations for a certain record
- checkLanguageAccess() : bool
- Checking if a language value (-1, 0 and >0 for sys_language records) is allowed to be edited by the user.
- checkWorkspace() : array<string|int, mixed>
- Checking if a workspace is allowed for backend user
- checkWorkspaceCurrent() : array<string|int, mixed>
- Uses checkWorkspace() to check if current workspace is available for user.
- createSessionId() : string
- Creates a new session ID.
- createUserSession() : UserSession
- Creates a user session record and returns its values.
- doesUserHaveAccess() : bool
- Checks if the permissions is granted based on a page-record ($row) and $perms (binary and'ed)
- enforceNewSessionId() : mixed
- Regenerates the session ID and sets the cookie again.
- evaluateUserSpecificFileFilterSettings() : mixed
- Adds filters based on what the user has set this should be done in this place, and called whenever needed, but only when needed
- fetchGroupData() : mixed
- Initializes a lot of stuff like the access-lists, database-mountpoints and filemountpoints This method is called by ->backendCheckLogin() (from extending BackendUserAuthentication) if the backend user login has verified OK.
- fetchUserSession() : array<string|int, mixed>|bool
- Read the user session from db.
- getAuthInfoArray() : array<string|int, mixed>
- Returns an info array which provides additional information for auth services
- getCategoryMountPoints() : array<string|int, mixed>
- Returns an array of category mount points. The category permissions from BE Groups are also taken into consideration and are merged into User permissions.
- getCookieName() : string
- Getter for the cookie name
- getDefaultUploadFolder() : Folder|false
- Returns a \TYPO3\CMS\Core\Resource\Folder object that is used for uploading files by default.
- getDefaultUploadTemporaryFolder() : Folder|null
- Returns a \TYPO3\CMS\Core\Resource\Folder object that could be used for uploading temporary files in user context. The folder _temp_ below the default upload folder of the user is used.
- getDefaultWorkspace() : int
- Return default workspace ID for user, if EXT:workspaces is not installed the user will be pushed to the Live workspace, if he has access to. If no workspace is available for the user, the workspace ID is set to "-99"
- getFileMountRecords() : array<string|int, mixed>
- Returns an array of file mount records, taking workspaces and user home and group home directories into account Needs to be called AFTER the groups have been loaded.
- getFilePermissions() : array<string|int, mixed>
- Returns the information about file permissions.
- getFilePermissionsForStorage() : array<string|int, mixed>
- Gets the file permissions for a storage by merging any storage-specific permissions for a storage with the default settings.
- getFileStorages() : array<string|int, ResourceStorage>
- Returns an array with the filemounts for the user.
- getLoginFormData() : array<string|int, mixed>
- Returns an info array with Login/Logout data submitted by a form or params
- getModuleData() : mixed
- Gets module data for a module (from a loaded ->uc array)
- getOriginalUserIdWhenInSwitchUserMode() : int|null
- On CLI there is no session and no switched user
- getPagePermsClause() : string
- Returns a WHERE-clause for the pages-table where user permissions according to input argument, $perms, is validated.
- getRawUserByName() : array<string|int, mixed>
- Fetching raw user record with username=$name
- getRawUserByUid() : array<string|int, mixed>
- Fetching raw user record with uid=$uid
- getSession() : UserSession
- getSessionData() : mixed
- Returns the session data stored for $key.
- getTSConfig() : array<string|int, mixed>
- Returns full parsed user TSconfig array, merged with TSconfig from groups.
- initializeBackendLogin() : void
- initializeUserSessionManager() : void
- Currently needed for various unit tests, until start() and checkAuthentication() methods are smaller and extracted from this class.
- initializeWebmountsForElementBrowser() : mixed
- Checks for alternative web mount points for the element browser.
- isActiveLogin() : bool
- isAdmin() : bool
- Returns TRUE if user is admin Basically this function evaluates if the ->user[admin] field has bit 0 set. If so, user is admin.
- isCookieSet() : bool
- Returns whether this request is going to set a cookie or a cookie was already found in the system
- isExportEnabled() : bool
- Returns if export functionality is available for current user
- isImportEnabled() : bool
- Returns if import functionality is available for current user
- isInWebMount() : int|null
- Checks if the page id or page record ($idOrRow) is found within the webmounts set up for the user.
- isMemberOfGroup() : bool
- Returns TRUE if the current user is a member of group $groupId $groupId must be set. $this->userGroupsUID must contain groups Will return TRUE also if the user is a member of a group through subgroups.
- isMfaSetupRequired() : bool
- Evaluate whether the user is required to set up MFA, based on user TSconfig and global configuration
- isRefreshTimeBasedCookie() : bool
- Determine whether a non-session cookie needs to be set (lifetime>0)
- isRTE() : bool
- Returns TRUE if the RTE (Rich Text Editor) is enabled for the user.
- isSetSessionCookie() : bool
- Determine whether a session cookie needs to be set (lifetime=0)
- isSystemMaintainer() : bool
- Checks if the user is in the valid list of allowed system maintainers. if the list is not set, then all admins are system maintainers. If the list is empty, no one is system maintainer (good for production systems). If the currently logged in user is in "switch user" mode, this method will return false.
- isUserAllowedToLogin() : bool
- Determines whether a CLI backend user is allowed to access TYPO3.
- jsConfirmation() : bool
- Returns TRUE or FALSE, depending if an alert popup (a javascript confirmation) should be shown call like $GLOBALS['BE_USER']->jsConfirmation($BITMASK).
- logoff() : mixed
- Logs out the current user and clears the form protection tokens.
- mayMakeShortcut() : bool
- Returns TRUE if the BE_USER is allowed to *create* shortcuts in the backend modules
- modAccess() : bool
- Checks access to a backend module with the $MCONF passed as first argument
- overrideUC() : mixed
- Override: Call this function every time the uc is updated.
- processLoginData() : array<string|int, mixed>
- Processes Login data submitted by a form or params
- pushModuleData() : mixed
- Stores data for a module.
- recordEditAccessInternals() : bool
- Checking if a user has editing access to a record from a $GLOBALS['TCA'] table.
- removeCookie() : mixed
- Empty / unset the cookie
- resetUC() : mixed
- Clears the user[uc] and ->uc to blank strings. Then calls ->backendSetUC() to fill it again with reset contents
- returnWebmounts() : array<string|int, mixed>
- Returns an array with the webmounts.
- setAndSaveSessionData() : mixed
- Sets the session data ($data) for $key and writes all session data (from ->user['ses_data']) to the database.
- setBeUserByName() : mixed
- Raw initialization of the be_user with username=$name
- setBeUserByUid() : mixed
- Raw initialization of the be_user with uid=$uid This will circumvent all login procedures and select a be_users record from the database and set the content of ->user to the record selected.
- setDefaultWorkspace() : mixed
- Sets the default workspace in the context of the current backend user.
- setSessionData() : mixed
- Set session data by key.
- setTemporaryWorkspace() : bool
- Sets a temporary workspace in the context of the current backend user.
- setWebmounts() : mixed
- Initializes the given mount points for the current Backend user.
- setWorkspace() : mixed
- Setting workspace ID
- shallDisplayDebugInformation() : bool
- Returns whether debug information shall be displayed to the user
- start() : mixed
- Replacement for AbstractUserAuthentication::start()
- unpack_uc() : mixed
- Sets $theUC as the internal variable ->uc IF $theUC is an array.
- workspaceAllowsLiveEditingInTable() : bool
- Checks if a record is allowed to be edited in the current workspace.
- workspaceCanCreateNewRecord() : bool
- Evaluates if a record from $table can be created. If the table is not set up for versioning, and the "live edit" flag of the page is set, return false. In live workspace this is always true, as all records can be created in live workspace
- workspaceCheckStageForCurrent() : bool
- Checks if an element stage allows access for the user in the current workspace In live workspace (= 0) access is always granted for any stage.
- workspaceInit() : mixed
- Initializing workspace.
- workspacePublishAccess() : bool
- Returns TRUE if the user has access to publish content from the workspace ID given.
- writelog() : int
- Writes an entry in the logfile/table Documentation in "TYPO3 Core API"
- writeUC() : mixed
- This writes $variable to the user-record. This is a way of providing session-data.
- checkIfCliUserExists() : bool
- Check if a user with username "_cli_" exists. Deleted users are left out but hidden and start / endtime restricted users are considered.
- createCliUser() : mixed
- Create a record in the DB table be_users called "_cli_" with no other information
- evaluateMfaRequirements() : void
- This method checks if the user is authenticated but has not succeeded in passing his MFA challenge. This method can therefore only be used if a user has been authenticated against his first authentication method (username+password or any other authentication token).
- fetchValidUserFromSessionOrDestroySession() : array<string|int, mixed>|null
- If the session is bound to a user, this method fetches the user record, and returns it.
- filterValidWebMounts() : array<string|int, mixed>
- Checking read access to web mounts, but keeps "0" or empty strings.
- generateHashedPassword() : string
- This function returns a salted hashed key.
- getAuthServiceConfiguration() : array<string|int, mixed>
- "auth" services configuration array from $GLOBALS['TYPO3_CONF_VARS']['SVCONF']['auth']
- getAuthServices() : Traversable
- Initializes authentication services to be used in a foreach loop
- getCookie() : string
- Get the value of a specified cookie.
- getCookieDomain() : string
- Gets the domain to be used on setting cookies.
- handleLoginFailure() : void
- Implement functionality when there was a failed login
- hasEditAccessToLiveWorkspace() : bool
- Checks if the user (or the group) has the workspace_perms set to 1 in order to allow editing records in live workspace.
- initializeDbMountpointsInWorkspace() : mixed
- Limiting the DB mountpoints if there any selected in the workspace record
- initializeFileStorages() : mixed
- Sets up all file storages for a user.
- performLogoff() : mixed
- Perform the logoff action. Called from logoff() as a way to allow subclasses to override what happens when a user logs off, without needing to reproduce the hook calls and logging that happens in the public logoff() API method.
- prepareUserTsConfig() : void
- This method parses the UserTSconfig from the current user and all their groups.
- regenerateSessionId() : mixed
- Regenerate the session ID and transfer the session to new ID Call this method whenever a user proceeds to a higher authorization level e.g. when an anonymous session is now authenticated.
- releaseLockedRecords() : mixed
- Remove any "locked records" added for editing for the given user (= current backend user)
- removeSensitiveLoginDataForLoggingInfo() : mixed
- Removes any sensitive data from the incoming data (either from loginData, processedLogin data or the user record from the DB).
- setSessionCookie() : mixed
- Sets the session cookie for the current disposal.
- updateLoginTimestamp() : mixed
- Updates the last login column in the user with the given id
- userConstraints() : QueryRestrictionContainerInterface
- This returns the restrictions needed to select the user respecting enable columns and flags like deleted, hidden, starttime, endtime and rootLevel
Constants
ROLE_SYSTEMMAINTAINER
public
mixed
ROLE_SYSTEMMAINTAINER
= 'systemMaintainer'
Properties
$checkPid
If set, the user-record must be stored at the page defined by $checkPid_value
public
bool
$checkPid
= true
$checkPid_value
The page id the user record must be stored at, can also hold a comma separated list of pids
public
int|string
$checkPid_value
= 0
$dontSetCookie
Will prevent the setting of the session cookie
public
bool
$dontSetCookie
= false
$enablecolumns
Enable field columns of user table
public
array<string|int, mixed>
$enablecolumns
= ['rootLevel' => 1, 'deleted' => 'deleted', 'disabled' => 'disable', 'starttime' => 'starttime', 'endtime' => 'endtime']
$errorMsg
Contains last error message
public
string
$errorMsg
= ''
should only be used from within TYPO3 Core
$firstMainGroup
public
int
$firstMainGroup
= 0
should only be used from within TYPO3 Core
$formfield_status
Form field with status: *'login', 'logout'
public
string
$formfield_status
= 'login_status'
$formfield_uident
Form field with password
public
string
$formfield_uident
= 'userident'
$formfield_uname
Form field with login-name
public
string
$formfield_uname
= 'username'
$groupData
holds lists of eg. tables, fields and other values related to the permission-system. See fetchGroupData
public
array<string|int, mixed>
$groupData
= ['allowed_languages' => '', 'tables_select' => '', 'tables_modify' => '', 'pagetypes_select' => '', 'non_exclude_fields' => '', 'explicit_allowdeny' => '', 'custom_options' => '', 'file_permissions' => '']
$lastLogin_column
Column name for last login timestamp
public
string
$lastLogin_column
= 'lastlogin'
$loginSessionStarted
Will be set to TRUE if the login session is actually written during auth-check.
public
bool
$loginSessionStarted
= false
$loginType
Login type, used for services.
public
string
$loginType
= 'BE'
$name
Session/Cookie name
public
string
$name
= ''
$uc
User Config
public
array<string|int, mixed>|string
$uc
$uc_default
User Config Default values: The array may contain other fields for configuration.
public
array<string|int, mixed>
$uc_default
= [
'interfaceSetup' => '',
// serialized content that is used to store interface pane and menu positions. Set by the logout.php-script
'moduleData' => [],
// user-data for the modules
'emailMeAtLogin' => 0,
'titleLen' => 50,
'edit_RTE' => '1',
'edit_docModuleUpload' => '1',
'resizeTextareas_MaxHeight' => 500,
]
For this, see "setup" extension and "TSconfig" document (User TSconfig, "setup.[xxx]....") Reserved keys for other storage of session data: moduleData moduleSessionID
should only be used from within TYPO3 Core
$user
public
array<string|int, mixed>|null
$user
contains user- AND session-data from database (joined tables)
$user_table
Table in database with user data
public
string
$user_table
= 'be_users'
$usergroup_column
Should be set to the usergroup-column (id-list) in the user-record
public
string
$usergroup_column
= 'usergroup'
$usergroup_table
The name of the group-table
public
string
$usergroup_table
= 'be_groups'
$userGroups
This array will hold the groups that the user is a member of
public
array<string|int, mixed>
$userGroups
= []
$userGroupsUID
This array holds the uid's of the groups in the listed order
public
array<string|int, mixed>
$userGroupsUID
= []
$userid_column
Column for user-id
public
string
$userid_column
= 'uid'
$userident_column
Column for password
public
string
$userident_column
= 'password'
$username_column
Column for login-name
public
string
$username_column
= 'username'
$workspace
User workspace.
public
int
$workspace
= -99
-99 is ERROR (none available) 0 is online
0 is custom workspaces
$workspaceRec
Custom workspace record if any
public
array<string|int, mixed>
$workspaceRec
= []
$writeAttemptLog
If the writelog() functions is called if a login-attempt has be tried without success
public
bool
$writeAttemptLog
= true
$writeStdLog
Decides if the writelog() function is called at login and logout
public
bool
$writeStdLog
= true
$checkWorkspaceCurrent_cache
Cache for checkWorkspaceCurrent()
protected
array<string|int, mixed>|null
$checkWorkspaceCurrent_cache
$filePermissions
protected
array<string|int, mixed>|null
$filePermissions
$fileStorages
protected
array<string|int, ResourceStorage>
$fileStorages
$lifetime
Lifetime for the session-cookie (on the client)
protected
int
$lifetime
= 0
If >0: permanent cookie with given lifetime If 0: session-cookie Session-cookie means the browser will remove it when the browser is closed.
$setCookie
If set, this cookie will be set to the response.
protected
Cookie|null
$setCookie
= null
$username
The username of the CLI user (there is only one)
protected
string
$username
= '_cli_'
$userSession
protected
UserSession|null
$userSession
= null
$userSessionManager
protected
UserSessionManager
$userSessionManager
$userTS
protected
array<string|int, mixed>
$userTS
= []
Parsed user TSconfig
$userTSUpdated
protected
bool
$userTSUpdated
= false
True if the user TSconfig was parsed and needs to be cached.
Methods
__construct()
Constructor, only allowed in CLI mode
public
__construct() : mixed
Tags
__get()
public
__get(string $propertyName) : mixed
Parameters
- $propertyName : string
__isset()
public
__isset(string $propertyName) : bool
Parameters
- $propertyName : string
Return values
bool__set()
public
__set(string $propertyName, mixed $propertyValue) : mixed
Parameters
- $propertyName : string
- $propertyValue : mixed
__unset()
public
__unset(string $propertyName) : void
Parameters
- $propertyName : string
appendCookieToResponse()
Used to apply a cookie to a PSR-7 Response.
public
appendCookieToResponse(ResponseInterface $response) : ResponseInterface
Parameters
- $response : ResponseInterface
Return values
ResponseInterfaceauthenticate()
Logs-in the _CLI_ user. It does not need to check for credentials.
public
authenticate() : mixed
Tags
backendCheckLogin()
Logs in the TYPO3 Backend user "_cli_"
public
backendCheckLogin([bool|null $proceedIfNoUserIsLoggedIn = null ]) : mixed
Parameters
- $proceedIfNoUserIsLoggedIn : bool|null = null
-
if this option is set, then there won't be a redirect to the login screen of the Backend - used for areas in the backend which do not need user rights like the login page.
backendSetUC()
Initialize the internal ->uc array for the backend user Will make the overrides if necessary, and write the UC back to the be_users record if changes has happened
public
backendSetUC() : mixed
calcPerms()
Returns a combined binary representation of the current users permissions for the page-record, $row.
public
calcPerms(array<string|int, mixed> $row) : int
The perms for user, group and everybody is OR'ed together (provided that the page-owner is the user and for the groups that the user is a member of the group. If the user is admin, 31 is returned (full permissions for all five flags)
Parameters
- $row : array<string|int, mixed>
-
Input page row with all perms_* fields available.
Return values
int —Bitwise representation of the users permissions in relation to input page row, $row
check()
Returns TRUE if the $value is found in the list in a $this->groupData[] index pointed to by $type (array key).
public
check(string $type, string $value) : bool
Can thus be users to check for modules, exclude-fields, select/modify permissions for tables etc. If user is admin TRUE is also returned
Parameters
- $type : string
-
The type value; "webmounts", "filemounts", "pagetypes_select", "tables_select", "tables_modify", "non_exclude_fields", "modules", "available_widgets", "mfa_providers"
- $value : string
-
String to search for in the groupData-list
Return values
bool —TRUE if permission is granted (that is, the value was found in the groupData list - or the BE_USER is "admin")
checkAuthentication()
Replacement for AbstractUserAuthentication::checkAuthentication()
public
checkAuthentication([ServerRequestInterface|null $request = null ]) : mixed
Not required in CLI mode, therefore empty.
Parameters
- $request : ServerRequestInterface|null = null
-
@todo: Make mandatory in v12.
checkAuthMode()
Checking the authMode of a select field with authMode set
public
checkAuthMode(string $table, string $field, string $value, string $authMode) : bool
Parameters
- $table : string
-
Table name
- $field : string
-
Field name (must be configured in TCA and of type "select" with authMode set!)
- $value : string
-
Value to evaluation (single value, must not contain any of the chars ":,|")
- $authMode : string
-
Auth mode keyword (explicitAllow, explicitDeny, individual)
Return values
bool —Whether access is granted or not
checkFullLanguagesAccess()
Check if user has access to all existing localizations for a certain record
public
checkFullLanguagesAccess(string $table, array<string|int, mixed> $record) : bool
Parameters
- $table : string
-
The table
- $record : array<string|int, mixed>
-
The current record
Return values
boolcheckLanguageAccess()
Checking if a language value (-1, 0 and >0 for sys_language records) is allowed to be edited by the user.
public
checkLanguageAccess(int $langValue) : bool
Parameters
- $langValue : int
-
Language value to evaluate
Return values
bool —Returns TRUE if the language value is allowed, otherwise FALSE.
checkWorkspace()
Checking if a workspace is allowed for backend user
public
checkWorkspace(mixed $wsRec[, string $fields = '*' ]) : array<string|int, mixed>
Parameters
- $wsRec : mixed
-
If integer, workspace record is looked up, if array it is seen as a Workspace record with at least uid, title, members and adminusers columns. Can be faked for workspaces uid 0 and -1 (online and offline)
- $fields : string = '*'
-
List of fields to select. Default fields are all
should only be used from within TYPO3 Core
Return values
array<string|int, mixed> —Output will also show how access was granted. Admin users will have a true output regardless of input.
checkWorkspaceCurrent()
Uses checkWorkspace() to check if current workspace is available for user.
public
checkWorkspaceCurrent() : array<string|int, mixed>
This function caches the result and so can be called many times with no performance loss.
should only be used from within TYPO3 Core
Tags
Return values
array<string|int, mixed> —See checkWorkspace()
createSessionId()
Creates a new session ID.
public
createSessionId() : string
since TYPO3 v11.0, will be removed in TYPO3 v12, is kept because it is used in Testing Framework
Return values
string —The new session ID
createUserSession()
Creates a user session record and returns its values.
public
createUserSession(array<string|int, mixed> $tempuser) : UserSession
Parameters
- $tempuser : array<string|int, mixed>
-
User data array
Return values
UserSession —The session data for the newly created session.
doesUserHaveAccess()
Checks if the permissions is granted based on a page-record ($row) and $perms (binary and'ed)
public
doesUserHaveAccess(array<string|int, mixed> $row, int $perms) : bool
Bits for permissions, see $perms variable:
1 - Show: See/Copy page and the pagecontent. 2 - Edit page: Change/Move the page, eg. change title, startdate, hidden. 4 - Delete page: Delete the page and pagecontent. 8 - New pages: Create new pages under the page. 16 - Edit pagecontent: Change/Add/Delete/Move pagecontent.
Parameters
- $row : array<string|int, mixed>
-
Is the pagerow for which the permissions is checked
- $perms : int
-
Is the binary representation of the permission we are going to check. Every bit in this number represents a permission that must be set. See function explanation.
Return values
boolenforceNewSessionId()
Regenerates the session ID and sets the cookie again.
public
enforceNewSessionId() : mixed
evaluateUserSpecificFileFilterSettings()
Adds filters based on what the user has set this should be done in this place, and called whenever needed, but only when needed
public
evaluateUserSpecificFileFilterSettings() : mixed
fetchGroupData()
Initializes a lot of stuff like the access-lists, database-mountpoints and filemountpoints This method is called by ->backendCheckLogin() (from extending BackendUserAuthentication) if the backend user login has verified OK.
public
fetchGroupData() : mixed
Generally this is required initialization of a backend user.
Tags
fetchUserSession()
Read the user session from db.
public
fetchUserSession([bool $skipSessionUpdate = false ]) : array<string|int, mixed>|bool
since TYPO3 v11, will be removed in TYPO3 v12.
Parameters
- $skipSessionUpdate : bool = false
Return values
array<string|int, mixed>|bool —User session data, false if $userSession->getIdentifier() does not represent valid session
getAuthInfoArray()
Returns an info array which provides additional information for auth services
public
getAuthInfoArray() : array<string|int, mixed>
Return values
array<string|int, mixed>getCategoryMountPoints()
Returns an array of category mount points. The category permissions from BE Groups are also taken into consideration and are merged into User permissions.
public
getCategoryMountPoints() : array<string|int, mixed>
Return values
array<string|int, mixed>getCookieName()
Getter for the cookie name
public
static getCookieName() : string
Tags
Return values
string —returns the configured cookie name
getDefaultUploadFolder()
Returns a \TYPO3\CMS\Core\Resource\Folder object that is used for uploading files by default.
public
getDefaultUploadFolder([int $pid = null ][, string $table = null ][, string $field = null ]) : Folder|false
This is used for RTE and its magic images, as well as uploads in the TCEforms fields.
The default upload folder for a user is the defaultFolder on the first filestorage/filemount that the user can access and to which files are allowed to be added however, you can set the users' upload folder like this:
options.defaultUploadFolder = 3:myfolder/yourfolder/
Parameters
- $pid : int = null
-
PageUid
- $table : string = null
-
Table name
- $field : string = null
-
Field name
Return values
Folder|false —The default upload folder for this user
getDefaultUploadTemporaryFolder()
Returns a \TYPO3\CMS\Core\Resource\Folder object that could be used for uploading temporary files in user context. The folder _temp_ below the default upload folder of the user is used.
public
getDefaultUploadTemporaryFolder() : Folder|null
Tags
Return values
Folder|nullgetDefaultWorkspace()
Return default workspace ID for user, if EXT:workspaces is not installed the user will be pushed to the Live workspace, if he has access to. If no workspace is available for the user, the workspace ID is set to "-99"
public
getDefaultWorkspace() : int
should only be used from within TYPO3 Core
Return values
int —Default workspace id.
getFileMountRecords()
Returns an array of file mount records, taking workspaces and user home and group home directories into account Needs to be called AFTER the groups have been loaded.
public
getFileMountRecords() : array<string|int, mixed>
Return values
array<string|int, mixed>getFilePermissions()
Returns the information about file permissions.
public
getFilePermissions() : array<string|int, mixed>
Previously, this was stored in the DB field fileoper_perms now it is file_permissions. Besides it can be handled via userTSconfig
permissions.file.default { addFile = 1 readFile = 1 writeFile = 1 copyFile = 1 moveFile = 1 renameFile = 1 deleteFile = 1
addFolder = 1 readFolder = 1 writeFolder = 1 copyFolder = 1 moveFolder = 1 renameFolder = 1 deleteFolder = 1 recursivedeleteFolder = 1 }
overwrite settings for a specific storageObject
permissions.file.storage.StorageUid { readFile = 1 recursivedeleteFolder = 0 }
Please note that these permissions only apply, if the storage has the capabilities (browseable, writable), and if the driver allows for writing etc
Return values
array<string|int, mixed>getFilePermissionsForStorage()
Gets the file permissions for a storage by merging any storage-specific permissions for a storage with the default settings.
public
getFilePermissionsForStorage(ResourceStorage $storageObject) : array<string|int, mixed>
Admin users will always get the default settings.
Parameters
- $storageObject : ResourceStorage
Return values
array<string|int, mixed>getFileStorages()
Returns an array with the filemounts for the user.
public
getFileStorages() : array<string|int, ResourceStorage>
Each filemount is represented with an array of a "name", "path" and "type". If no filemounts an empty array is returned.
Return values
array<string|int, ResourceStorage>getLoginFormData()
Returns an info array with Login/Logout data submitted by a form or params
public
getLoginFormData() : array<string|int, mixed>
Return values
array<string|int, mixed>getModuleData()
Gets module data for a module (from a loaded ->uc array)
public
getModuleData(string $module[, string $type = '' ]) : mixed
Parameters
- $module : string
-
Is the name of the module ($MCONF['name'])
- $type : string = ''
-
If $type = 'ses' then module data is returned only if it was stored in the current session, otherwise data from a previous session will be returned (if available).
Return values
mixed —The module data if available: $this->uc['moduleData'][$module];
getOriginalUserIdWhenInSwitchUserMode()
On CLI there is no session and no switched user
public
getOriginalUserIdWhenInSwitchUserMode() : int|null
Return values
int|null —The user id
getPagePermsClause()
Returns a WHERE-clause for the pages-table where user permissions according to input argument, $perms, is validated.
public
getPagePermsClause(int $perms) : string
$perms is the "mask" used to select. Fx. if $perms is 1 then you'll get all pages that a user can actually see! 2^0 = show (1) 2^1 = edit (2) 2^2 = delete (4) 2^3 = new (8) If the user is 'admin' " 1=1" is returned (no effect) If the user is not set at all (->user is not an array), then " 1=0" is returned (will cause no selection results at all) The 95% use of this function is "->getPagePermsClause(1)" which will return WHERE clauses for selecting pages in backend listings - in other words this will check read permissions.
Parameters
- $perms : int
-
Permission mask to use, see function description
should only be used from within TYPO3 Core, use PagePermissionDatabaseRestriction instead.
Return values
string —Part of where clause. Prefix " AND " to this.
getRawUserByName()
Fetching raw user record with username=$name
public
getRawUserByName(string $name) : array<string|int, mixed>
Parameters
- $name : string
-
The username to look up.
Tags
Return values
array<string|int, mixed> —user record or FALSE
getRawUserByUid()
Fetching raw user record with uid=$uid
public
getRawUserByUid(int $uid) : array<string|int, mixed>
Parameters
- $uid : int
-
The UID of the backend user to set in ->user
Return values
array<string|int, mixed> —user record or FALSE
getSession()
public
getSession() : UserSession
Return values
UserSessiongetSessionData()
Returns the session data stored for $key.
public
getSessionData(string $key) : mixed
The data will last only for this login session since it is stored in the user session.
Parameters
- $key : string
-
The key associated with the session data
getTSConfig()
Returns full parsed user TSconfig array, merged with TSconfig from groups.
public
getTSConfig() : array<string|int, mixed>
Example: [ 'options.' => [ 'fooEnabled' => '0', 'fooEnabled.' => [ 'tt_content' => 1, ], ], ]
Return values
array<string|int, mixed> —Parsed and merged user TSconfig array
initializeBackendLogin()
public
initializeBackendLogin() : void
initializeUserSessionManager()
Currently needed for various unit tests, until start() and checkAuthentication() methods are smaller and extracted from this class.
public
initializeUserSessionManager([UserSessionManager|null $userSessionManager = null ]) : void
Parameters
- $userSessionManager : UserSessionManager|null = null
initializeWebmountsForElementBrowser()
Checks for alternative web mount points for the element browser.
public
initializeWebmountsForElementBrowser() : mixed
If there is a temporary mount point active in the page tree it will be used.
If the User TSconfig options.pageTree.altElementBrowserMountPoints is not empty the pages configured there are used as web mounts If options.pageTree.altElementBrowserMountPoints.append is enabled, they are appended to the existing webmounts.
- do not use in your own extension
isActiveLogin()
public
isActiveLogin(ServerRequestInterface $request) : bool
Parameters
- $request : ServerRequestInterface
Return values
boolisAdmin()
Returns TRUE if user is admin Basically this function evaluates if the ->user[admin] field has bit 0 set. If so, user is admin.
public
isAdmin() : bool
Return values
boolisCookieSet()
Returns whether this request is going to set a cookie or a cookie was already found in the system
public
isCookieSet() : bool
Return values
bool —Returns TRUE if a cookie is set
isExportEnabled()
Returns if export functionality is available for current user
public
isExportEnabled() : bool
Return values
boolisImportEnabled()
Returns if import functionality is available for current user
public
isImportEnabled() : bool
Return values
boolisInWebMount()
Checks if the page id or page record ($idOrRow) is found within the webmounts set up for the user.
public
isInWebMount(int|array<string|int, mixed> $idOrRow[, string $readPerms = '' ][, bool|int|null $exitOnError = null ]) : int|null
This should ALWAYS be checked for any page id a user works with, whether it's about reading, writing or whatever. The point is that this will add the security that a user can NEVER touch parts outside his mounted pages in the page tree. This is otherwise possible if the raw page permissions allows for it. So this security check just makes it easier to make safe user configurations. If the user is admin then it returns "1" right away Otherwise the function will return the uid of the webmount which was first found in the rootline of the input page $id
Parameters
- $idOrRow : int|array<string|int, mixed>
-
Page ID or full page record to check
- $readPerms : string = ''
-
Content of "->getPagePermsClause(1)" (read-permissions). If not set, they will be internally calculated (but if you have the correct value right away you can save that database lookup!)
- $exitOnError : bool|int|null = null
-
If set, then the function will exit with an error message. @deprecated will be removed in TYPO3 v12.0.
Tags
Return values
int|null —The page UID of a page in the rootline that matched a mount point
isMemberOfGroup()
Returns TRUE if the current user is a member of group $groupId $groupId must be set. $this->userGroupsUID must contain groups Will return TRUE also if the user is a member of a group through subgroups.
public
isMemberOfGroup(int $groupId) : bool
Parameters
- $groupId : int
-
Group ID to look for in $this->userGroupsUID
should only be used from within TYPO3 Core, use Context API for quicker access
Return values
boolisMfaSetupRequired()
Evaluate whether the user is required to set up MFA, based on user TSconfig and global configuration
public
isMfaSetupRequired() : bool
Return values
boolisRefreshTimeBasedCookie()
Determine whether a non-session cookie needs to be set (lifetime>0)
public
isRefreshTimeBasedCookie() : bool
Return values
boolisRTE()
Returns TRUE if the RTE (Rich Text Editor) is enabled for the user.
public
isRTE() : bool
should only be used from within TYPO3 Core
Return values
boolisSetSessionCookie()
Determine whether a session cookie needs to be set (lifetime=0)
public
isSetSessionCookie() : bool
Return values
boolisSystemMaintainer()
Checks if the user is in the valid list of allowed system maintainers. if the list is not set, then all admins are system maintainers. If the list is empty, no one is system maintainer (good for production systems). If the currently logged in user is in "switch user" mode, this method will return false.
public
isSystemMaintainer() : bool
Return values
boolisUserAllowedToLogin()
Determines whether a CLI backend user is allowed to access TYPO3.
public
isUserAllowedToLogin() : bool
Only when adminOnly is off (=0), and only allowed for admins and CLI users (=2)
Return values
bool —Whether the CLI user is allowed to access TYPO3
jsConfirmation()
Returns TRUE or FALSE, depending if an alert popup (a javascript confirmation) should be shown call like $GLOBALS['BE_USER']->jsConfirmation($BITMASK).
public
jsConfirmation(int $bitmask) : bool
Parameters
- $bitmask : int
-
Bitmask, one of \TYPO3\CMS\Core\Type\Bitmask\JsConfirmation
Tags
Return values
bool —TRUE if the confirmation should be shown
logoff()
Logs out the current user and clears the form protection tokens.
public
logoff() : mixed
mayMakeShortcut()
Returns TRUE if the BE_USER is allowed to *create* shortcuts in the backend modules
public
mayMakeShortcut() : bool
Return values
boolmodAccess()
Checks access to a backend module with the $MCONF passed as first argument
public
modAccess(array<string|int, mixed> $conf) : bool
Parameters
- $conf : array<string|int, mixed>
-
$MCONF array of a backend module!
Tags
Return values
bool —Will return TRUE if $MCONF['access'] is not set at all, if the BE_USER is admin or if the module is enabled in the be_users/be_groups records of the user (specifically enabled). Will return FALSE if the module name is not even found in $TBE_MODULES
overrideUC()
Override: Call this function every time the uc is updated.
public
overrideUC() : mixed
That is 1) by reverting to default values, 2) in the setup-module, 3) userTS changes (userauthgroup)
processLoginData()
Processes Login data submitted by a form or params
public
processLoginData(array<string|int, mixed> $loginData) : array<string|int, mixed>
Parameters
- $loginData : array<string|int, mixed>
-
Login data array
Return values
array<string|int, mixed>pushModuleData()
Stores data for a module.
public
pushModuleData(string $module, mixed $data[, bool|int $noSave = 0 ]) : mixed
The data is stored with the session id so you can even check upon retrieval if the module data is from a previous session or from the current session.
Parameters
- $module : string
-
Is the name of the module ($MCONF['name'])
- $data : mixed
-
Is the data you want to store for that module (array, string, ...)
- $noSave : bool|int = 0
-
If $noSave is set, then the ->uc array (which carries all kinds of user data) is NOT written immediately, but must be written by some subsequent call.
recordEditAccessInternals()
Checking if a user has editing access to a record from a $GLOBALS['TCA'] table.
public
recordEditAccessInternals(string $table, int|array<string|int, mixed> $idOrRow[, bool $newRecord = false ][, bool $deletedRecord = false ][, bool $checkFullLanguageAccess = false ]) : bool
The checks does not take page permissions and other "environmental" things into account. It only deal with record internals; If any values in the record fields disallows it. For instance languages settings, authMode selector boxes are evaluated (and maybe more in the future). It will check for workspace dependent access. The function takes an ID (int) or row (array) as second argument.
Parameters
- $table : string
-
Table name
- $idOrRow : int|array<string|int, mixed>
-
If integer, then this is the ID of the record. If Array this just represents fields in the record.
- $newRecord : bool = false
-
Set, if testing a new (non-existing) record array. Will disable certain checks that doesn't make much sense in that context.
- $deletedRecord : bool = false
-
Set, if testing a deleted record array.
- $checkFullLanguageAccess : bool = false
-
Set, whenever access to all translations of the record is required
should only be used from within TYPO3 Core
Return values
bool —TRUE if OK, otherwise FALSE
removeCookie()
Empty / unset the cookie
public
removeCookie([string|null $cookieName = null ]) : mixed
Parameters
- $cookieName : string|null = null
-
usually, this is $this->name
resetUC()
Clears the user[uc] and ->uc to blank strings. Then calls ->backendSetUC() to fill it again with reset contents
public
resetUC() : mixed
returnWebmounts()
Returns an array with the webmounts.
public
returnWebmounts() : array<string|int, mixed>
If no webmounts, and empty array is returned. Webmounts permissions are checked in fetchGroupData()
Return values
array<string|int, mixed> —of web mounts uids (may include '0')
setAndSaveSessionData()
Sets the session data ($data) for $key and writes all session data (from ->user['ses_data']) to the database.
public
setAndSaveSessionData(string $key, mixed $data) : mixed
The data will last only for this login session since it is stored in the session table.
Parameters
- $key : string
-
Pointer to an associative key in the session data array which is stored serialized in the field "ses_data" of the session table.
- $data : mixed
-
The data to store in index $key
setBeUserByName()
Raw initialization of the be_user with username=$name
public
setBeUserByName(string $name) : mixed
Parameters
- $name : string
-
The username to look up.
Tags
setBeUserByUid()
Raw initialization of the be_user with uid=$uid This will circumvent all login procedures and select a be_users record from the database and set the content of ->user to the record selected.
public
setBeUserByUid(int $uid) : mixed
Thus the BE_USER object will appear like if a user was authenticated - however without a session id and the fields from the session table of course. Will check the users for disabled, start/endtime, etc. ($this->user_where_clause())
Parameters
- $uid : int
-
The UID of the backend user to set in ->user
setDefaultWorkspace()
Sets the default workspace in the context of the current backend user.
public
setDefaultWorkspace() : mixed
should only be used from within TYPO3 Core
setSessionData()
Set session data by key.
public
setSessionData(string $key, mixed $data) : mixed
The data will last only for this login session since it is stored in the user session.
Parameters
- $key : string
-
A non empty string to store the data under
- $data : mixed
-
Data store store in session
setTemporaryWorkspace()
Sets a temporary workspace in the context of the current backend user.
public
setTemporaryWorkspace(int $workspaceId) : bool
Parameters
- $workspaceId : int
should only be used from within TYPO3 Core
Return values
boolsetWebmounts()
Initializes the given mount points for the current Backend user.
public
setWebmounts(array<string|int, mixed> $mountPointUids[, bool $append = false ]) : mixed
Parameters
- $mountPointUids : array<string|int, mixed>
-
Page UIDs that should be used as web mountpoints
- $append : bool = false
-
If TRUE the given mount point will be appended. Otherwise the current mount points will be replaced.
setWorkspace()
Setting workspace ID
public
setWorkspace(int $workspaceId) : mixed
Parameters
- $workspaceId : int
-
ID of workspace to set for backend user. If not valid the default workspace for BE user is found and set.
should only be used from within TYPO3 Core
shallDisplayDebugInformation()
Returns whether debug information shall be displayed to the user
public
shallDisplayDebugInformation() : bool
Return values
boolstart()
Replacement for AbstractUserAuthentication::start()
public
start([ServerRequestInterface|null $request = null ]) : mixed
We do not need support for sessions, cookies, $_GET-modes, the postUserLookup hook or a database connection during CLI Bootstrap
Parameters
- $request : ServerRequestInterface|null = null
unpack_uc()
Sets $theUC as the internal variable ->uc IF $theUC is an array.
public
unpack_uc([mixed $theUC = '' ]) : mixed
If $theUC is FALSE, the 'uc' content from the ->user array will be unserialized and restored in ->uc
Parameters
- $theUC : mixed = ''
-
If an array, then set as ->uc, otherwise load from user record @deprecated will be removed in TYPO3 v12.0.
workspaceAllowsLiveEditingInTable()
Checks if a record is allowed to be edited in the current workspace.
public
workspaceAllowsLiveEditingInTable(string $table) : bool
This is not bound to an actual record, but to the mere fact if the user is in a workspace and depending on the table settings.
Parameters
- $table : string
should only be used from within TYPO3 Core
Return values
boolworkspaceCanCreateNewRecord()
Evaluates if a record from $table can be created. If the table is not set up for versioning, and the "live edit" flag of the page is set, return false. In live workspace this is always true, as all records can be created in live workspace
public
workspaceCanCreateNewRecord(string $table) : bool
Parameters
- $table : string
-
Table name
should only be used from within TYPO3 Core
Return values
boolworkspaceCheckStageForCurrent()
Checks if an element stage allows access for the user in the current workspace In live workspace (= 0) access is always granted for any stage.
public
workspaceCheckStageForCurrent(int $stage) : bool
Admins are always allowed. An option for custom workspaces allows members to also edit when the stage is "Review"
Parameters
- $stage : int
-
Stage id from an element: -1,0 = editing, 1 = reviewer, >1 = owner
should only be used from within TYPO3 Core
Return values
bool —TRUE if user is allowed access
workspaceInit()
Initializing workspace.
public
workspaceInit() : mixed
Called from within this function, see fetchGroupData()
should only be used from within TYPO3 Core
Tags
workspacePublishAccess()
Returns TRUE if the user has access to publish content from the workspace ID given.
public
workspacePublishAccess(int $wsid) : bool
Admin-users are always granted access to do this If the workspace ID is 0 (live) all users have access also For custom workspaces it depends on whether the user is owner OR like with draft workspace if the user has access to Live workspace.
Parameters
- $wsid : int
-
Workspace UID; 0,1+
this method will be moved to EXT:workspaces
Return values
bool —Returns TRUE if the user has access to publish content from the workspace ID given.
writelog()
Writes an entry in the logfile/table Documentation in "TYPO3 Core API"
public
writelog(int $type, int $action, int $error, int $details_nr, string $details, array<string|int, mixed> $data[, string $tablename = '' ][, int|string $recuid = '' ][, int|string $recpid = '' ][, int $event_pid = -1 ][, string $NEWid = '' ][, int $userId = 0 ]) : int
Parameters
- $type : int
-
Denotes which module that has submitted the entry. See "TYPO3 Core API". Use "4" for extensions.
- $action : int
-
Denotes which specific operation that wrote the entry. Use "0" when no sub-categorizing applies
- $error : int
-
Flag. 0 = message, 1 = error (user problem), 2 = System Error (which should not happen), 3 = security notice (admin)
- $details_nr : int
-
The message number. Specific for each $type and $action. This will make it possible to translate errormessages to other languages
- $details : string
-
Default text that follows the message (in english!). Possibly translated by identification through type/action/details_nr
- $data : array<string|int, mixed>
-
Data that follows the log. Might be used to carry special information. If an array the first 5 entries (0-4) will be sprintf'ed with the details-text
- $tablename : string = ''
-
Table name. Special field used by tce_main.php.
- $recuid : int|string = ''
-
Record UID. Special field used by tce_main.php.
- $recpid : int|string = ''
-
Record PID. Special field used by tce_main.php. OBSOLETE
- $event_pid : int = -1
-
The page_uid (pid) where the event occurred. Used to select log-content for specific pages.
- $NEWid : string = ''
-
Special field used by tce_main.php. NEWid string of newly created records.
- $userId : int = 0
-
Alternative Backend User ID (used for logging login actions where this is not yet known).
Return values
int —Log entry ID.
writeUC()
This writes $variable to the user-record. This is a way of providing session-data.
public
writeUC([array<string|int, mixed>|string $variable = '' ]) : mixed
You can fetch the data again through $this->uc in this class! If $variable is not an array, $this->uc is saved!
Parameters
- $variable : array<string|int, mixed>|string = ''
-
An array you want to store for the user as session data. If $variable is not supplied (is null), the internal variable, ->uc, is stored by default @deprecated will be removed in TYPO3 v12.0.
checkIfCliUserExists()
Check if a user with username "_cli_" exists. Deleted users are left out but hidden and start / endtime restricted users are considered.
protected
checkIfCliUserExists() : bool
Return values
bool —true if the user exists
createCliUser()
Create a record in the DB table be_users called "_cli_" with no other information
protected
createCliUser() : mixed
evaluateMfaRequirements()
This method checks if the user is authenticated but has not succeeded in passing his MFA challenge. This method can therefore only be used if a user has been authenticated against his first authentication method (username+password or any other authentication token).
protected
evaluateMfaRequirements() : void
fetchValidUserFromSessionOrDestroySession()
If the session is bound to a user, this method fetches the user record, and returns it.
protected
fetchValidUserFromSessionOrDestroySession([bool $skipSessionUpdate = false ]) : array<string|int, mixed>|null
If the session has a timeout, the session date is extended if needed. Also the ìs_online flag is updated for the user.
However, if the session has expired the session is removed and the request is treated as an anonymous session.
Parameters
- $skipSessionUpdate : bool = false
Return values
array<string|int, mixed>|nullfilterValidWebMounts()
Checking read access to web mounts, but keeps "0" or empty strings.
protected
filterValidWebMounts(string $listOfWebMounts) : array<string|int, mixed>
In any case, checks if the list of pages is visible for the backend user but also if the page is not deleted.
Parameters
- $listOfWebMounts : string
-
a comma-separated list of webmounts, could also be empty, or contain "0"
Return values
array<string|int, mixed> —a list of all valid web mounts the user has access to
generateHashedPassword()
This function returns a salted hashed key.
protected
generateHashedPassword() : string
Return values
string —a random password
getAuthServiceConfiguration()
"auth" services configuration array from $GLOBALS['TYPO3_CONF_VARS']['SVCONF']['auth']
protected
getAuthServiceConfiguration() : array<string|int, mixed>
Return values
array<string|int, mixed>getAuthServices()
Initializes authentication services to be used in a foreach loop
protected
getAuthServices(string $subType, array<string|int, mixed> $loginData, array<string|int, mixed> $authInfo) : Traversable
Parameters
- $subType : string
-
e.g. getUserFE
- $loginData : array<string|int, mixed>
- $authInfo : array<string|int, mixed>
Return values
Traversable —A generator of service objects
getCookie()
Get the value of a specified cookie.
protected
getCookie(string $cookieName) : string
Parameters
- $cookieName : string
-
The cookie ID
Return values
string —The value stored in the cookie
getCookieDomain()
Gets the domain to be used on setting cookies.
protected
getCookieDomain() : string
The information is taken from the value in $GLOBALS['TYPO3_CONF_VARS']['SYS']['cookieDomain'].
Return values
string —The domain to be used on setting cookies
handleLoginFailure()
Implement functionality when there was a failed login
protected
handleLoginFailure() : void
hasEditAccessToLiveWorkspace()
Checks if the user (or the group) has the workspace_perms set to 1 in order to allow editing records in live workspace.
protected
hasEditAccessToLiveWorkspace() : bool
Return values
boolinitializeDbMountpointsInWorkspace()
Limiting the DB mountpoints if there any selected in the workspace record
protected
initializeDbMountpointsInWorkspace() : mixed
initializeFileStorages()
Sets up all file storages for a user.
protected
initializeFileStorages() : mixed
Needs to be called AFTER the groups have been loaded.
performLogoff()
Perform the logoff action. Called from logoff() as a way to allow subclasses to override what happens when a user logs off, without needing to reproduce the hook calls and logging that happens in the public logoff() API method.
protected
performLogoff() : mixed
prepareUserTsConfig()
This method parses the UserTSconfig from the current user and all their groups.
protected
prepareUserTsConfig() : void
If the contents are the same, parsing is skipped. No matching is applied here currently.
regenerateSessionId()
Regenerate the session ID and transfer the session to new ID Call this method whenever a user proceeds to a higher authorization level e.g. when an anonymous session is now authenticated.
protected
regenerateSessionId() : mixed
releaseLockedRecords()
Remove any "locked records" added for editing for the given user (= current backend user)
protected
releaseLockedRecords(int $userId) : mixed
Parameters
- $userId : int
removeSensitiveLoginDataForLoggingInfo()
Removes any sensitive data from the incoming data (either from loginData, processedLogin data or the user record from the DB).
protected
removeSensitiveLoginDataForLoggingInfo(mixed|array<string|int, mixed> $data[, bool $isUserRecord = false ]) : mixed
No type hinting is added because it might be possible that the incoming data is of any other type.
Parameters
- $data : mixed|array<string|int, mixed>
- $isUserRecord : bool = false
setSessionCookie()
Sets the session cookie for the current disposal.
protected
setSessionCookie() : mixed
updateLoginTimestamp()
Updates the last login column in the user with the given id
protected
updateLoginTimestamp(int $userId) : mixed
Parameters
- $userId : int
userConstraints()
This returns the restrictions needed to select the user respecting enable columns and flags like deleted, hidden, starttime, endtime and rootLevel
protected
userConstraints() : QueryRestrictionContainerInterface