‪TYPO3CMS  ‪main
Public Member Functions | Static Public Member Functions | Public Attributes | Protected Member Functions | Protected Attributes | List of all members
TYPO3\CMS\Core\Authentication\BackendUserAuthentication Class Reference
Inheritance diagram for TYPO3\CMS\Core\Authentication\BackendUserAuthentication:
TYPO3\CMS\Core\Authentication\AbstractUserAuthentication TYPO3\CMS\Backend\FrontendBackendUserAuthentication TYPO3\CMS\Core\Authentication\CommandLineUserAuthentication TYPO3\CMS\Reactions\Authentication\ReactionUserAuthentication TYPO3\CMS\Workspaces\Authentication\PreviewUserAuthentication

Public Member Functions

 __construct ()
 
bool isAdmin ()
 
bool doesUserHaveAccess ($row, $perms)
 
int null isInWebMount ($idOrRow, $readPerms='')
 
 isSystemMaintainer (bool $pure=false)
 
string getPagePermsClause ($perms)
 
int calcPerms ($row)
 
bool check ($type, $value)
 
bool checkAuthMode ($table, $field, $value)
 
bool checkLanguageAccess ($langValue)
 
bool checkFullLanguagesAccess ($table, $record)
 
bool recordEditAccessInternals ($table, $idOrRow, $newRecord=false, $deletedRecord=false, $checkFullLanguageAccess=false)
 
bool mayMakeShortcut ()
 
 workspaceAllowsLiveEditingInTable (string $table)
 
 workspaceCanCreateNewRecord (string $table)
 
bool workspaceCheckStageForCurrent ($stage)
 
array getTSConfig ()
 
 getUserTsConfig ()
 
array returnWebmounts ()
 
 setWebmounts (array $mountPointUids, $append=false)
 
 initializeWebmountsForElementBrowser ()
 
bool jsConfirmation (int $bitmask)
 
 fetchGroupData ()
 
array getCategoryMountPoints ()
 
array getFileMountRecords ()
 
TYPO3 CMS Core Resource ResourceStorage[] getFileStorages ()
 
 evaluateUserSpecificFileFilterSettings ()
 
 getFilePermissions ()
 
array false checkWorkspace (int|array $wsRec)
 
 setWorkspace ($workspaceId)
 
bool setTemporaryWorkspace ($workspaceId)
 
int writelog ($type, $action, $error, $details_nr, $details, $data, $tablename='', $recuid='', $recpid='', $event_pid=-1, $NEWid='', $userId=0)
 
 backendCheckLogin (ServerRequestInterface $request=null)
 
 initializeBackendLogin (ServerRequestInterface $request=null)
 
 handleUserLoggedIn (ServerRequestInterface $request=null)
 
 backendSetUC ()
 
 overrideUC ()
 
 resetUC ()
 
bool isUserAllowedToLogin ()
 
 logoff ()
 
int null getOriginalUserIdWhenInSwitchUserMode ()
 
 isMfaSetupRequired ()
 
 isImportEnabled ()
 
 isExportEnabled ()
 
 shallDisplayDebugInformation ()
 
- ‪Public Member Functions inherited from ‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication
 initializeUserSessionManager (?UserSessionManager $userSessionManager=null)
 
 start (ServerRequestInterface $request)
 
 appendCookieToResponse (ResponseInterface $response, ?NormalizedParams $normalizedParams=null)
 
 checkAuthentication (ServerRequestInterface $request)
 
UserSession createUserSession (array $userRecordCandidate)
 
 enforceNewSessionId ()
 
 removeCookie ($cookieName=null)
 
 writeUC ()
 
 pushModuleData (string $module, mixed $data, bool $dontPersistImmediately=false)
 
mixed getModuleData (string $module, string $type='')
 
mixed getSessionData ($key)
 
 setSessionData ($key, $data)
 
 setAndSaveSessionData ($key, $data)
 
array getLoginFormData (ServerRequestInterface $request)
 
 isActiveLogin (ServerRequestInterface $request)
 
array processLoginData (array $loginData, ServerRequestInterface $request)
 
array getAuthInfoArray (ServerRequestInterface $request)
 
 writelog ($type, $action, $error, $details_nr, $details, $data, $tablename, $recuid, $recpid)
 
 setBeUserByUid ($uid)
 
 setBeUserByName ($name)
 
array getRawUserByUid ($uid)
 
array getRawUserByName ($name)
 
 getUserId ()
 
 getUserName ()
 
 getSession ()
 

Static Public Member Functions

static getCookieName ()
 

Public Attributes

const ROLE_SYSTEMMAINTAINER = 'systemMaintainer'
 
string $usergroup_column = 'usergroup'
 
string $usergroup_table = 'be_groups'
 
array $groupData
 
array $userGroupsUID = array( )
 
int $workspace = -99
 
array $workspaceRec = array( )
 
string $errorMsg = ''
 
string $user_table = 'be_users'
 
string $username_column = 'username'
 
string $userident_column = 'password'
 
string $userid_column = 'uid'
 
string $lastLogin_column = 'lastlogin'
 
array $enablecolumns
 
bool $writeStdLog = true
 
bool $writeAttemptLog = true
 
int $firstMainGroup = 0
 
array $uc_default
 
string $loginType = 'BE'
 
- ‪Public Attributes inherited from ‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication
string $name = ''
 
string $user_table = ''
 
string $usergroup_table = ''
 
string $username_column = ''
 
string $userident_column = ''
 
string $userid_column = ''
 
string $usergroup_column = ''
 
array $enablecolumns
 
bool $writeStdLog = false
 
bool $writeAttemptLog = false
 
bool $checkPid = true
 
int string null $checkPid_value = 0
 
array null $user
 
array $userGroups = []
 
string $loginType = ''
 
array $uc = []
 

Protected Member Functions

 isMemberOfGroup (int $groupId)
 
array filterValidWebMounts (string $listOfWebMounts)
 
 prepareUserTsConfig ()
 
 initializeFileStorages ()
 
 workspaceInit ()
 
 initializeDbMountpointsInWorkspace ()
 
 hasEditAccessToLiveWorkspace ()
 
 checkWorkspaceCurrent ()
 
 setDefaultWorkspace ()
 
int getDefaultWorkspace ()
 
 releaseLockedRecords (int $userId)
 
 evaluateMfaRequirements ()
 
- ‪Protected Member Functions inherited from ‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication
 setSessionCookie ()
 
 shallSetSessionCookie ()
 
bool isSetSessionCookie ()
 
bool isRefreshTimeBasedCookie ()
 
 getAuthServiceConfiguration ()
 
 fetchPossibleUsers (array $loginData, bool $activeLogin, bool $isExistingSession, ?array $authenticatedUserFromSession, ServerRequestInterface $request)
 
Traversable getAuthServices (string $subType, array $loginData, ?array $authenticatedUserFromSession, ServerRequestInterface $request)
 
 regenerateSessionId ()
 
 updateLoginTimestamp (int $userId)
 
 fetchValidUserFromSessionOrDestroySession (bool $skipSessionUpdate=false)
 
 performLogoff ()
 
bool isCookieSet ()
 
 userConstraints ()
 
 unpack_uc ()
 
mixed removeSensitiveLoginDataForLoggingInfo ($data, bool $isUserRecord=false)
 

Protected Attributes

UserTsConfig $userTsConfig = null
 
bool $userTSUpdated = false
 
array null $checkWorkspaceCurrent_cache
 
TYPO3 CMS Core Resource ResourceStorage[] $fileStorages
 
array null $filePermissions
 
string $formfield_uname = 'username'
 
string $formfield_uident = 'userident'
 
string $formfield_status = 'login_status'
 
- ‪Protected Attributes inherited from ‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication
string $lastLogin_column = ''
 
string $formfield_uname = ''
 
string $formfield_uident = ''
 
string $formfield_status = ''
 
bool $loginSessionStarted = false
 
bool $dontSetCookie = false
 
UserSession $userSession = null
 
UserSessionManager $userSessionManager
 
SetCookieBehavior $setCookie = SetCookieBehavior::None
 

Detailed Description

TYPO3 backend user authentication Contains most of the functions used for checking permissions, authenticating users, setting up the user, and API for user from outside. This class contains the configuration of the database fields used plus some functions for the authentication process of backend users.

Definition at line 61 of file BackendUserAuthentication.php.

Constructor & Destructor Documentation

◆ __construct()

TYPO3\CMS\Core\Authentication\BackendUserAuthentication::__construct ( )

Constructor

Reimplemented from TYPO3\CMS\Core\Authentication\AbstractUserAuthentication.

Reimplemented in TYPO3\CMS\Workspaces\Authentication\PreviewUserAuthentication, and TYPO3\CMS\Core\Authentication\CommandLineUserAuthentication.

Definition at line 229 of file BackendUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\BackendUserAuthentication\getCookieName().

Member Function Documentation

◆ backendCheckLogin()

TYPO3\CMS\Core\Authentication\BackendUserAuthentication::backendCheckLogin ( ServerRequestInterface  $request = null)

Check if user is logged in and if so, call ->fetchGroupData() to load group information and access lists of all kind, further check IP, set the ->uc array. If no user is logged in the default behaviour is to exit with an error message. This function is called right after ->start() in fx. the TYPO3 Bootstrap.

Exceptions

Reimplemented in TYPO3\CMS\Core\Authentication\CommandLineUserAuthentication, TYPO3\CMS\Backend\FrontendBackendUserAuthentication, and TYPO3\CMS\Reactions\Authentication\ReactionUserAuthentication.

Definition at line 1815 of file BackendUserAuthentication.php.

References $GLOBALS, TYPO3\CMS\Webhooks\Message\$url, TYPO3\CMS\Core\Authentication\BackendUserAuthentication\initializeBackendLogin(), and TYPO3\CMS\Core\Authentication\BackendUserAuthentication\isUserAllowedToLogin().

◆ backendSetUC()

TYPO3\CMS\Core\Authentication\BackendUserAuthentication::backendSetUC ( )

Initialize the internal ->uc array for the backend user (UC - user configuration is a serialized array inside the user object). Will make the overrides if necessary, and write the UC back to the be_users record if changes has happened.

Definition at line 1876 of file BackendUserAuthentication.php.

References $GLOBALS, TYPO3\CMS\Core\Authentication\BackendUserAuthentication\getTSConfig(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\overrideUC(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\writeUC().

Referenced by TYPO3\CMS\Core\Authentication\CommandLineUserAuthentication\authenticate(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\initializeBackendLogin(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\resetUC(), and TYPO3\CMS\Reactions\Authentication\ReactionUserAuthentication\start().

◆ calcPerms()

int TYPO3\CMS\Core\Authentication\BackendUserAuthentication::calcPerms (   $row)

Returns a combined binary representation of the current users permissions for the page-record, $row. The perms for user, group and everybody is OR'ed together (provided that the page-owner is the user and for the groups that the user is a member of the group. If the user is admin, 31 is returned (full permissions for all five flags)

Parameters
array$row‪Input page row with all perms_* fields available.
Returns
‪int Bitwise representation of the users permissions in relation to input page row, $row

Reimplemented in TYPO3\CMS\Workspaces\Authentication\PreviewUserAuthentication.

Definition at line 469 of file BackendUserAuthentication.php.

References $GLOBALS, TYPO3\CMS\Core\Type\Bitmask\Permission\ALL, TYPO3\CMS\Core\Authentication\BackendUserAuthentication\isAdmin(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\isInWebMount(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\isMemberOfGroup(), and TYPO3\CMS\Core\Type\Bitmask\Permission\NOTHING.

Referenced by TYPO3\CMS\Core\Authentication\BackendUserAuthentication\doesUserHaveAccess().

◆ check()

bool TYPO3\CMS\Core\Authentication\BackendUserAuthentication::check (   $type,
  $value 
)

Returns TRUE if the $value is found in the list in a $this->groupData[] index pointed to by $type (array key). Can thus be users to check for modules, exclude-fields, select/modify permissions for tables etc. If user is admin TRUE is also returned

Parameters
string$type‪The type value; "webmounts", "filemounts", "pagetypes_select", "tables_select", "tables_modify", "non_exclude_fields", "modules", "available_widgets", "mfa_providers"
string | int$value‪String to search for in the groupData-list, can also be an integer for "pagetypes_select" or "allowed_languages")
Returns
‪bool TRUE if permission is granted (that is, the value was found in the groupData list - or the BE_USER is "admin")

Definition at line 514 of file BackendUserAuthentication.php.

References TYPO3\CMS\Core\Utility\GeneralUtility\inList(), and TYPO3\CMS\Core\Authentication\BackendUserAuthentication\isAdmin().

Referenced by TYPO3\CMS\Backend\Module\ModuleProvider\accessGranted(), and TYPO3\CMS\Core\Authentication\BackendUserAuthentication\checkLanguageAccess().

◆ checkAuthMode()

bool TYPO3\CMS\Core\Authentication\BackendUserAuthentication::checkAuthMode (   $table,
  $field,
  $value 
)

Checking the authMode of a select field with authMode set

Parameters
string$table‪Table name
string$field‪Field name (must be configured in TCA and of type "select" with authMode set!)
string$value‪Value to evaluation (single value, must not contain any of the chars ":,|")
Returns
‪bool Whether access is granted or not

Definition at line 528 of file BackendUserAuthentication.php.

References TYPO3\CMS\Core\Utility\GeneralUtility\inList(), and TYPO3\CMS\Core\Authentication\BackendUserAuthentication\isAdmin().

Referenced by TYPO3\CMS\Core\Authentication\BackendUserAuthentication\recordEditAccessInternals().

◆ checkFullLanguagesAccess()

bool TYPO3\CMS\Core\Authentication\BackendUserAuthentication::checkFullLanguagesAccess (   $table,
  $record 
)

Check if user has access to all existing localizations for a certain record

Parameters
string$table‪The table
array$record‪The current record
Returns
‪bool

Definition at line 586 of file BackendUserAuthentication.php.

References $GLOBALS, TYPO3\CMS\Webhooks\Message\$record, TYPO3\CMS\Core\Authentication\BackendUserAuthentication\checkLanguageAccess(), and TYPO3\CMS\Core\Database\Connection\PARAM_INT.

Referenced by TYPO3\CMS\Core\Authentication\BackendUserAuthentication\recordEditAccessInternals().

◆ checkLanguageAccess()

bool TYPO3\CMS\Core\Authentication\BackendUserAuthentication::checkLanguageAccess (   $langValue)

Checking if a language value (-1, 0 and >0) is allowed to be edited by the user.

Parameters
int | SiteLanguage | string$langValue‪Language value to evaluate
Returns
‪bool Returns TRUE if the language value is allowed, otherwise FALSE.

Definition at line 561 of file BackendUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\BackendUserAuthentication\check().

Referenced by TYPO3\CMS\Core\Authentication\BackendUserAuthentication\checkFullLanguagesAccess(), TYPO3\CMS\Core\Site\Entity\NullSite\getAvailableLanguages(), TYPO3\CMS\Backend\RecordList\DownloadRecordList\getRecords(), and TYPO3\CMS\Core\Authentication\BackendUserAuthentication\recordEditAccessInternals().

◆ checkWorkspace()

array false TYPO3\CMS\Core\Authentication\BackendUserAuthentication::checkWorkspace ( int|array  $wsRec)

Checking if a workspace is allowed for backend user

Parameters
int | array$wsRec‪If integer, workspace record is looked up, if array it is seen as a Workspace record with at least uid, title, members and adminusers columns. Can be faked for workspaces uid 0 (live)
Returns
‪array|false Output will also show how access was granted. Admin users will have a true output regardless of input.

should only be used from within TYPO3 Core

Reimplemented in TYPO3\CMS\Workspaces\Authentication\PreviewUserAuthentication.

Definition at line 1549 of file BackendUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\BackendUserAuthentication\hasEditAccessToLiveWorkspace(), TYPO3\CMS\Core\Utility\GeneralUtility\inList(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\isAdmin(), TYPO3\CMS\Core\Utility\ExtensionManagementUtility\isLoaded(), and TYPO3\CMS\Core\Database\Connection\PARAM_INT.

Referenced by TYPO3\CMS\Core\Authentication\BackendUserAuthentication\checkWorkspaceCurrent(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\getDefaultWorkspace(), TYPO3\CMS\Workspaces\Authorization\WorkspacePublishGate\isGranted(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\setDefaultWorkspace(), and TYPO3\CMS\Core\Authentication\BackendUserAuthentication\setTemporaryWorkspace().

◆ checkWorkspaceCurrent()

TYPO3\CMS\Core\Authentication\BackendUserAuthentication::checkWorkspaceCurrent ( )
protected

Uses checkWorkspace() to check if current workspace is available for user. This function caches the result and so can be called many times with no performance loss.

See also
checkWorkspace()

should only be used from within TYPO3 Core

Definition at line 1621 of file BackendUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\BackendUserAuthentication\$checkWorkspaceCurrent_cache, and TYPO3\CMS\Core\Authentication\BackendUserAuthentication\checkWorkspace().

Referenced by TYPO3\CMS\Core\Authentication\BackendUserAuthentication\workspaceCheckStageForCurrent().

◆ doesUserHaveAccess()

bool TYPO3\CMS\Core\Authentication\BackendUserAuthentication::doesUserHaveAccess (   $row,
  $perms 
)

Checks if the permissions is granted based on a page-record ($row) and $perms (binary and'ed)

Bits for permissions, see $perms variable:

1 - Show: See/Copy page and the pagecontent. 2 - Edit page: Change/Move the page, eg. change title, startdate, hidden. 4 - Delete page: Delete the page and pagecontent. 8 - New pages: Create new pages under the page. 16 - Edit pagecontent: Change/Add/Delete/Move pagecontent.

Parameters
array$row‪Is the pagerow for which the permissions is checked
int$perms‪Is the binary representation of the permission we are going to check. Every bit in this number represents a permission that must be set. See function explanation.
Returns
‪bool

Definition at line 276 of file BackendUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\BackendUserAuthentication\calcPerms().

◆ evaluateMfaRequirements()

TYPO3\CMS\Core\Authentication\BackendUserAuthentication::evaluateMfaRequirements ( )
protected

Reimplemented from TYPO3\CMS\Core\Authentication\AbstractUserAuthentication.

Definition at line 2022 of file BackendUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\BackendUserAuthentication\getOriginalUserIdWhenInSwitchUserMode(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getUserId(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getUserName().

◆ evaluateUserSpecificFileFilterSettings()

TYPO3\CMS\Core\Authentication\BackendUserAuthentication::evaluateUserSpecificFileFilterSettings ( )

Adds filters based on what the user has set this should be done in this place, and called whenever needed, but only when needed

Definition at line 1382 of file BackendUserAuthentication.php.

References TYPO3\CMS\Core\Resource\Filter\FileNameFilter\setShowHiddenFilesAndFolders().

Referenced by TYPO3\CMS\Core\Authentication\BackendUserAuthentication\initializeFileStorages().

◆ fetchGroupData()

TYPO3\CMS\Core\Authentication\BackendUserAuthentication::fetchGroupData ( )

Initializes a lot of stuff like the access-lists, database-mountpoints and filemountpoints This method is called by ->backendCheckLogin() (from extending BackendUserAuthentication) if the backend user login has verified OK. Generally this is required initialization of a backend user.

Definition at line 956 of file BackendUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\BackendUserAuthentication\filterValidWebMounts(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\getTSConfig(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\isAdmin(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\prepareUserTsConfig(), TYPO3\CMS\Core\Utility\StringUtility\uniqueList(), and TYPO3\CMS\Core\Authentication\BackendUserAuthentication\workspaceInit().

Referenced by TYPO3\CMS\Core\Authentication\CommandLineUserAuthentication\authenticate(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\initializeBackendLogin(), and TYPO3\CMS\Reactions\Authentication\ReactionUserAuthentication\start().

◆ filterValidWebMounts()

array TYPO3\CMS\Core\Authentication\BackendUserAuthentication::filterValidWebMounts ( string  $listOfWebMounts)
protected

Checking read access to web mounts, but keeps "0" or empty strings. In any case, checks if the list of pages is visible for the backend user but also if the page is not deleted.

Parameters
string$listOfWebMounts‪a comma-separated list of webmounts, could also be empty, or contain "0"
Returns
‪array a list of all valid web mounts the user has access to

Definition at line 1075 of file BackendUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\BackendUserAuthentication\getPagePermsClause(), TYPO3\CMS\Core\Utility\GeneralUtility\intExplode(), TYPO3\CMS\Core\Type\Bitmask\Permission\PAGE_SHOW, and TYPO3\CMS\Core\Database\Connection\PARAM_INT_ARRAY.

Referenced by TYPO3\CMS\Core\Authentication\BackendUserAuthentication\fetchGroupData().

◆ getCategoryMountPoints()

array TYPO3\CMS\Core\Authentication\BackendUserAuthentication::getCategoryMountPoints ( )

Returns an array of category mount points. The category permissions from BE Groups are also taken into consideration and are merged into User permissions.

Returns
‪array

Definition at line 1181 of file BackendUserAuthentication.php.

References TYPO3\CMS\Core\Utility\GeneralUtility\trimExplode().

Referenced by TYPO3\CMS\Beuser\Service\UserInformationService\convert().

◆ getCookieName()

static TYPO3\CMS\Core\Authentication\BackendUserAuthentication::getCookieName ( )
static

Returns the configured cookie name

Definition at line 1800 of file BackendUserAuthentication.php.

References $GLOBALS.

Referenced by TYPO3\CMS\Core\Authentication\BackendUserAuthentication\__construct(), TYPO3\CMS\Backend\Controller\LoginController\checkRedirect(), and TYPO3\CMS\Frontend\Middleware\BackendUserAuthenticator\process().

◆ getDefaultWorkspace()

int TYPO3\CMS\Core\Authentication\BackendUserAuthentication::getDefaultWorkspace ( )
protected

Return default workspace ID for user, if EXT:workspaces is not installed the user will be pushed to the Live workspace, if he has access to. If no workspace is available for the user, the workspace ID is set to "-99"

Returns
‪int Default workspace id.

should only be used from within TYPO3 Core

Definition at line 1692 of file BackendUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\BackendUserAuthentication\checkWorkspace(), and TYPO3\CMS\Core\Utility\ExtensionManagementUtility\isLoaded().

Referenced by TYPO3\CMS\Core\Authentication\BackendUserAuthentication\setDefaultWorkspace().

◆ getFileMountRecords()

array TYPO3\CMS\Core\Authentication\BackendUserAuthentication::getFileMountRecords ( )

Returns an array of file mount records, taking workspaces and user home and group home directories into account Needs to be called AFTER the groups have been loaded.

Returns
‪array

Definition at line 1214 of file BackendUserAuthentication.php.

References $GLOBALS, TYPO3\CMS\Core\Authentication\BackendUserAuthentication\$groupData, TYPO3\CMS\Core\Authentication\BackendUserAuthentication\getTSConfig(), TYPO3\CMS\Core\Utility\GeneralUtility\intExplode(), TYPO3\CMS\Core\Database\Connection\PARAM_INT, TYPO3\CMS\Core\Database\Connection\PARAM_INT_ARRAY, TYPO3\CMS\Core\Database\Query\QueryHelper\parseOrderBy(), and TYPO3\CMS\Core\Utility\GeneralUtility\trimExplode().

Referenced by TYPO3\CMS\Core\Authentication\BackendUserAuthentication\initializeFileStorages().

◆ getFilePermissions()

TYPO3\CMS\Core\Authentication\BackendUserAuthentication::getFilePermissions ( )

Returns the information about file permissions. Previously, this was stored in the DB field fileoper_perms now it is file_permissions. Besides it can be handled via user TSconfig

permissions.file.default { addFile = 1 readFile = 1 writeFile = 1 copyFile = 1 moveFile = 1 renameFile = 1 deleteFile = 1

addFolder = 1 readFolder = 1 writeFolder = 1 copyFolder = 1 moveFolder = 1 renameFolder = 1 deleteFolder = 1 recursivedeleteFolder = 1 }

overwrite settings for a specific storageObject

permissions.file.storage.StorageUid { readFile = 1 recursivedeleteFolder = 0 }

Please note that these permissions only apply, if the storage has the capabilities (browseable, writable), and if the driver allows for writing etc

Definition at line 1423 of file BackendUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\BackendUserAuthentication\$filePermissions, TYPO3\CMS\Core\Authentication\BackendUserAuthentication\getTSConfig(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\isAdmin(), and TYPO3\CMS\Core\Utility\GeneralUtility\trimExplode().

◆ getFileStorages()

TYPO3 CMS Core Resource ResourceStorage [] TYPO3\CMS\Core\Authentication\BackendUserAuthentication::getFileStorages ( )

Returns an array with the filemounts for the user. Each filemount is represented with an array of a "name", "path" and "type". If no filemounts an empty array is returned.

Returns
‪\TYPO3\CMS\Core\Resource\ResourceStorage[]

Definition at line 1368 of file BackendUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\BackendUserAuthentication\$fileStorages, and TYPO3\CMS\Core\Authentication\BackendUserAuthentication\initializeFileStorages().

Referenced by TYPO3\CMS\Core\Resource\DefaultUploadFolderResolver\getDefaultUploadFolder(), TYPO3\CMS\Backend\Tree\FileStorageTreeProvider\getFilteredTree(), and TYPO3\CMS\Backend\Tree\FileStorageTreeProvider\getRootNodes().

◆ getOriginalUserIdWhenInSwitchUserMode()

int null TYPO3\CMS\Core\Authentication\BackendUserAuthentication::getOriginalUserIdWhenInSwitchUserMode ( )

Returns the uid of the backend user to return to. This is set when the current session is a "switch-user" session.

Returns
‪int|null The user id

should only be used from within TYPO3 Core

Reimplemented in TYPO3\CMS\Core\Authentication\CommandLineUserAuthentication, and TYPO3\CMS\Reactions\Authentication\ReactionUserAuthentication.

Definition at line 2013 of file BackendUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getSessionData().

Referenced by TYPO3\CMS\Core\Authentication\BackendUserAuthentication\evaluateMfaRequirements(), TYPO3\CMS\Workspaces\Hook\DataHandlerHook\getRecordHistoryStore(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\isSystemMaintainer(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\isUserAllowedToLogin(), and TYPO3\CMS\Core\Authentication\BackendUserAuthentication\writelog().

◆ getPagePermsClause()

string TYPO3\CMS\Core\Authentication\BackendUserAuthentication::getPagePermsClause (   $perms)

Returns a WHERE-clause for the pages-table where user permissions according to input argument, $perms, is validated. $perms is the "mask" used to select. Fx. if $perms is 1 then you'll get all pages that a user can actually see! 2^0 = show (1) 2^1 = edit (2) 2^2 = delete (4) 2^3 = new (8) If the user is 'admin' " 1=1" is returned (no effect) If the user is not set at all (->user is not an array), then " 1=0" is returned (will cause no selection results at all) The 95% use of this function is "->getPagePermsClause(1)" which will return WHERE clauses for selecting pages in backend listings - in other words this will check read permissions.

Parameters
int$perms‪Permission mask to use, see function description
Returns
‪string Part of where clause. Prefix " AND " to this.

should only be used from within TYPO3 Core, use PagePermissionDatabaseRestriction instead.

Reimplemented in TYPO3\CMS\Workspaces\Authentication\PreviewUserAuthentication.

Definition at line 400 of file BackendUserAuthentication.php.

References $GLOBALS, and TYPO3\CMS\Core\Authentication\BackendUserAuthentication\isAdmin().

Referenced by TYPO3\CMS\Core\Authentication\BackendUserAuthentication\filterValidWebMounts(), TYPO3\CMS\Adminpanel\Repositories\FrontendGroupsRepository\getUserGroupOptionCountByBackendUser(), TYPO3\CMS\Adminpanel\Repositories\FrontendGroupsRepository\getUserGroupsForPagesByBackendUser(), and TYPO3\CMS\Core\Authentication\BackendUserAuthentication\isInWebMount().

◆ getTSConfig()

array TYPO3\CMS\Core\Authentication\BackendUserAuthentication::getTSConfig ( )

Returns full parsed user TSconfig array, merged with TSconfig from groups.

Example: [ 'options.' => [ 'fooEnabled' => '0', 'fooEnabled.' => [ 'tt_content' => 1, ], ], ]

Returns
‪array Parsed and merged user TSconfig array

Definition at line 857 of file BackendUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\BackendUserAuthentication\getUserTsConfig().

Referenced by TYPO3\CMS\Core\Authentication\BackendUserAuthentication\backendSetUC(), TYPO3\CMS\Beuser\Service\UserInformationService\convert(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\fetchGroupData(), TYPO3\CMS\Core\Resource\DefaultUploadFolderResolver\getDefaultUploadFolderForUser(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\getFileMountRecords(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\getFilePermissions(), TYPO3\CMS\Backend\Module\ModuleProvider\getModuleForMenu(), TYPO3\CMS\Backend\Module\ModuleProvider\getModulesForModuleMenu(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\initializeWebmountsForElementBrowser(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\isExportEnabled(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\isImportEnabled(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\isMfaSetupRequired(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\jsConfirmation(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\mayMakeShortcut(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\overrideUC(), and TYPO3\CMS\Core\Authentication\BackendUserAuthentication\workspaceInit().

◆ getUserTsConfig()

TYPO3\CMS\Core\Authentication\BackendUserAuthentication::getUserTsConfig ( )

Return the full user TSconfig object instead of just the array as in getTSConfig()

for now until API stabilized

Definition at line 867 of file BackendUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\BackendUserAuthentication\$userTsConfig.

Referenced by TYPO3\CMS\Core\Authentication\BackendUserAuthentication\getTSConfig(), and TYPO3\CMS\Core\Authentication\BackendUserAuthentication\prepareUserTsConfig().

◆ handleUserLoggedIn()

TYPO3\CMS\Core\Authentication\BackendUserAuthentication::handleUserLoggedIn ( ServerRequestInterface  $request = null)

Is called after a user has sucesfully logged in. So either by using only one factor (e.g. username/password) or after the multi-factor authentication process has been passed.

Definition at line 1854 of file BackendUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\BackendUserAuthentication\initializeBackendLogin().

◆ hasEditAccessToLiveWorkspace()

TYPO3\CMS\Core\Authentication\BackendUserAuthentication::hasEditAccessToLiveWorkspace ( )
protected

Checks if the user (or the group) has the workspace_perms set to 1 in order to allow editing records in live workspace.

Reimplemented in TYPO3\CMS\Backend\FrontendBackendUserAuthentication.

Definition at line 1609 of file BackendUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\BackendUserAuthentication\checkWorkspace().

◆ initializeBackendLogin()

TYPO3\CMS\Core\Authentication\BackendUserAuthentication::initializeBackendLogin ( ServerRequestInterface  $request = null)

Reimplemented in TYPO3\CMS\Reactions\Authentication\ReactionUserAuthentication.

Definition at line 1834 of file BackendUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\BackendUserAuthentication\backendSetUC(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\fetchGroupData(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getSessionData(), and TYPO3\CMS\Core\Authentication\BackendUserAuthentication\handleUserLoggedIn().

Referenced by TYPO3\CMS\Core\Authentication\BackendUserAuthentication\backendCheckLogin().

◆ initializeDbMountpointsInWorkspace()

TYPO3\CMS\Core\Authentication\BackendUserAuthentication::initializeDbMountpointsInWorkspace ( )
protected

Limiting the DB mountpoints if there are any selected in the workspace record

Definition at line 1493 of file BackendUserAuthentication.php.

References TYPO3\CMS\Core\Utility\GeneralUtility\intExplode(), and TYPO3\CMS\Core\Authentication\BackendUserAuthentication\isInWebMount().

Referenced by TYPO3\CMS\Core\Authentication\BackendUserAuthentication\workspaceInit().

◆ initializeFileStorages()

TYPO3\CMS\Core\Authentication\BackendUserAuthentication::initializeFileStorages ( )
protected

Sets up all file storages for a user. Needs to be called AFTER the groups have been loaded.

Definition at line 1141 of file BackendUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\BackendUserAuthentication\evaluateUserSpecificFileFilterSettings(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\getFileMountRecords(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\isAdmin(), and TYPO3\CMS\Core\Utility\GeneralUtility\trimExplode().

Referenced by TYPO3\CMS\Core\Authentication\BackendUserAuthentication\getFileStorages().

◆ initializeWebmountsForElementBrowser()

TYPO3\CMS\Core\Authentication\BackendUserAuthentication::initializeWebmountsForElementBrowser ( )

Checks for alternative web mount points for the element browser.

If there is a temporary mount point active in the page tree it will be used.

If the user TSconfig options.pageTree.altElementBrowserMountPoints is not empty the pages configured there are used as web mounts If options.pageTree.altElementBrowserMountPoints.append is enabled, they are appended to the existing webmounts.

- do not use in your own extension

Definition at line 913 of file BackendUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getSessionData(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\getTSConfig(), TYPO3\CMS\Core\Utility\GeneralUtility\intExplode(), and TYPO3\CMS\Core\Authentication\BackendUserAuthentication\setWebmounts().

◆ isAdmin()

bool TYPO3\CMS\Core\Authentication\BackendUserAuthentication::isAdmin ( )

Returns TRUE if user is admin Basically this function evaluates if the ->user[admin] field has bit 0 set. If so, user is admin.

Returns
‪bool

Definition at line 241 of file BackendUserAuthentication.php.

Referenced by TYPO3\CMS\Backend\Module\ModuleProvider\accessGranted(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\calcPerms(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\check(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\checkAuthMode(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\checkWorkspace(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\fetchGroupData(), TYPO3\CMS\Backend\Domain\Repository\Localization\LocalizationRepository\getAllowedLanguageConstraintsForBackendUser(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\getFilePermissions(), TYPO3\CMS\Backend\Tree\FileStorageTreeProvider\getMountsInStorage(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\getPagePermsClause(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\initializeFileStorages(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\isExportEnabled(), TYPO3\CMS\Workspaces\Authorization\WorkspacePublishGate\isGranted(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\isImportEnabled(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\isInWebMount(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\isMfaSetupRequired(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\isSystemMaintainer(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\isUserAllowedToLogin(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\recordEditAccessInternals(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\shallDisplayDebugInformation(), and TYPO3\CMS\Core\Authentication\BackendUserAuthentication\workspaceCheckStageForCurrent().

◆ isExportEnabled()

TYPO3\CMS\Core\Authentication\BackendUserAuthentication::isExportEnabled ( )

Returns if export functionality is available for current user

Definition at line 2078 of file BackendUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\BackendUserAuthentication\getTSConfig(), and TYPO3\CMS\Core\Authentication\BackendUserAuthentication\isAdmin().

◆ isImportEnabled()

TYPO3\CMS\Core\Authentication\BackendUserAuthentication::isImportEnabled ( )

Returns if import functionality is available for current user

Definition at line 2067 of file BackendUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\BackendUserAuthentication\getTSConfig(), and TYPO3\CMS\Core\Authentication\BackendUserAuthentication\isAdmin().

◆ isInWebMount()

int null TYPO3\CMS\Core\Authentication\BackendUserAuthentication::isInWebMount (   $idOrRow,
  $readPerms = '' 
)

Checks if the page id or page record ($idOrRow) is found within the webmounts set up for the user. This should ALWAYS be checked for any page id a user works with, whether it's about reading, writing or whatever. The point is that this will add the security that a user can NEVER touch parts outside his mounted pages in the page tree. This is otherwise possible if the raw page permissions allows for it. So this security check just makes it easier to make safe user configurations. If the user is admin then it returns "1" right away Otherwise the function will return the uid of the webmount which was first found in the rootline of the input page $id

Parameters
int | array$idOrRowPage ID or full page record to check
string$readPerms‪Content of "->getPagePermsClause(1)" (read-permissions). If not set, they will be internally calculated (but if you have the correct value right away you can save that database lookup!)
Exceptions

Definition at line 296 of file BackendUserAuthentication.php.

References $GLOBALS, TYPO3\CMS\Core\Authentication\BackendUserAuthentication\getPagePermsClause(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\isAdmin(), TYPO3\CMS\Core\Type\Bitmask\Permission\PAGE_SHOW, and TYPO3\CMS\Core\Authentication\BackendUserAuthentication\returnWebmounts().

Referenced by TYPO3\CMS\Core\Authentication\BackendUserAuthentication\calcPerms(), and TYPO3\CMS\Core\Authentication\BackendUserAuthentication\initializeDbMountpointsInWorkspace().

◆ isMemberOfGroup()

TYPO3\CMS\Core\Authentication\BackendUserAuthentication::isMemberOfGroup ( int  $groupId)
protected

Returns TRUE if the current user is a member of group $groupId $groupId must be set. $this->userGroupsUID must contain groups Will return TRUE also if the user is a member of a group through subgroups.

should only be used from within TYPO3 Core, use Context API for quicker access

Definition at line 253 of file BackendUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\BackendUserAuthentication\calcPerms().

◆ isMfaSetupRequired()

TYPO3\CMS\Core\Authentication\BackendUserAuthentication::isMfaSetupRequired ( )

Evaluate whether the user is required to set up MFA, based on user TSconfig and global configuration

Reimplemented from TYPO3\CMS\Core\Authentication\AbstractUserAuthentication.

Definition at line 2040 of file BackendUserAuthentication.php.

References $GLOBALS, TYPO3\CMS\Core\Authentication\BackendUserAuthentication\getTSConfig(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\isAdmin(), and TYPO3\CMS\Core\Authentication\BackendUserAuthentication\isSystemMaintainer().

◆ isSystemMaintainer()

TYPO3\CMS\Core\Authentication\BackendUserAuthentication::isSystemMaintainer ( bool  $pure = false)

Checks if the user is in the valid list of allowed system maintainers. if the list is not set, then all admins are system maintainers. If the list is empty, no one is system maintainer (good for production systems). If the currently logged in user is in "switch user" mode, this method will return false.

Parameters
bool$pure‪Whether to apply pure behavior (ignore development & skip fallback for empty setting)

Definition at line 358 of file BackendUserAuthentication.php.

References $GLOBALS, TYPO3\CMS\Core\Core\Environment\getContext(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\getOriginalUserIdWhenInSwitchUserMode(), and TYPO3\CMS\Core\Authentication\BackendUserAuthentication\isAdmin().

Referenced by TYPO3\CMS\Backend\Module\ModuleProvider\accessGranted(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\isMfaSetupRequired(), TYPO3\CMS\Backend\Security\ContentSecurityPolicy\CspAjaxController\isSystemMaintainer(), and TYPO3\CMS\Core\Authentication\BackendUserAuthentication\logoff().

◆ isUserAllowedToLogin()

bool TYPO3\CMS\Core\Authentication\BackendUserAuthentication::isUserAllowedToLogin ( )

Determines whether a backend user is allowed to access the backend.

The conditions are:

  • ‪backend user is a regular user and adminOnly is not defined
  • ‪backend user is an admin user
  • ‪backend user is used in CLI context and adminOnly is explicitly set to "2" (see CommandLineUserAuthentication)
  • ‪backend user is being controlled by an admin user
Returns
‪bool Whether a backend user is allowed to access the backend

Reimplemented in TYPO3\CMS\Core\Authentication\CommandLineUserAuthentication, and TYPO3\CMS\Reactions\Authentication\ReactionUserAuthentication.

Definition at line 1935 of file BackendUserAuthentication.php.

References $GLOBALS, TYPO3\CMS\Core\Authentication\BackendUserAuthentication\getOriginalUserIdWhenInSwitchUserMode(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\isAdmin(), and TYPO3\CMS\Core\Database\Connection\PARAM_INT.

Referenced by TYPO3\CMS\Backend\FrontendBackendUserAuthentication\backendCheckLogin(), and TYPO3\CMS\Core\Authentication\BackendUserAuthentication\backendCheckLogin().

◆ jsConfirmation()

bool TYPO3\CMS\Core\Authentication\BackendUserAuthentication::jsConfirmation ( int  $bitmask)

Returns TRUE or FALSE, depending if an alert popup (a javascript confirmation) should be shown call like $GLOBALS['BE_USER']->jsConfirmation($BITMASK).

Parameters
int$bitmask‪Bitmask, one of \TYPO3\CMS\Core\Authentication\JsConfirmation
Returns
‪bool TRUE if the confirmation should be shown
See also
JsConfirmation

Definition at line 938 of file BackendUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\JsConfirmation\ALL, TYPO3\CMS\Core\Utility\MathUtility\canBeInterpretedAsInteger(), TYPO3\CMS\Core\Utility\MathUtility\forceIntegerInRange(), and TYPO3\CMS\Core\Authentication\BackendUserAuthentication\getTSConfig().

◆ logoff()

TYPO3\CMS\Core\Authentication\BackendUserAuthentication::logoff ( )

Logs out the current user and clears the form protection tokens.

Reimplemented from TYPO3\CMS\Core\Authentication\AbstractUserAuthentication.

Definition at line 1962 of file BackendUserAuthentication.php.

References $GLOBALS, TYPO3\CMS\Core\Authentication\BackendUserAuthentication\isSystemMaintainer(), and TYPO3\CMS\Core\Authentication\BackendUserAuthentication\releaseLockedRecords().

◆ mayMakeShortcut()

bool TYPO3\CMS\Core\Authentication\BackendUserAuthentication::mayMakeShortcut ( )

Returns TRUE if the BE_USER is allowed to create shortcuts in the backend modules

Returns
‪bool

Definition at line 730 of file BackendUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\BackendUserAuthentication\getTSConfig().

◆ overrideUC()

TYPO3\CMS\Core\Authentication\BackendUserAuthentication::overrideUC ( )

Override: Call this function every time the uc is updated. That is 1) by reverting to default values, 2) in the setup-module, 3) userTS changes (userauthgroup)

Definition at line 1906 of file BackendUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\BackendUserAuthentication\getTSConfig().

Referenced by TYPO3\CMS\Core\Authentication\BackendUserAuthentication\backendSetUC().

◆ prepareUserTsConfig()

TYPO3\CMS\Core\Authentication\BackendUserAuthentication::prepareUserTsConfig ( )
protected

Parse user TSconfig from current user and its groups and set it as $this->userTS.

Definition at line 1113 of file BackendUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\BackendUserAuthentication\getUserTsConfig().

Referenced by TYPO3\CMS\Core\Authentication\BackendUserAuthentication\fetchGroupData().

◆ recordEditAccessInternals()

bool TYPO3\CMS\Core\Authentication\BackendUserAuthentication::recordEditAccessInternals (   $table,
  $idOrRow,
  $newRecord = false,
  $deletedRecord = false,
  $checkFullLanguageAccess = false 
)

Checking if a user has editing access to a record from a $GLOBALS['TCA'] table. The checks does not take page permissions and other "environmental" things into account. It only deal with record internals; If any values in the record fields disallows it. For instance languages settings, authMode selector boxes are evaluated (and maybe more in the future). It will check for workspace dependent access. The function takes an ID (int) or row (array) as second argument.

Parameters
string$table‪Table name
int | array$idOrRow‪If integer, then this is the ID of the record. If Array this just represents fields in the record.
bool$newRecord‪Set, if testing a new (non-existing) record array. Will disable certain checks that doesn't make much sense in that context.
bool$deletedRecord‪Set, if testing a deleted record array.
bool$checkFullLanguageAccess‪Set, whenever access to all translations of the record is required
Returns
‪bool TRUE if OK, otherwise FALSE

should only be used from within TYPO3 Core

Definition at line 636 of file BackendUserAuthentication.php.

References $GLOBALS, TYPO3\CMS\Core\Authentication\BackendUserAuthentication\checkAuthMode(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\checkFullLanguagesAccess(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\checkLanguageAccess(), and TYPO3\CMS\Core\Authentication\BackendUserAuthentication\isAdmin().

◆ releaseLockedRecords()

TYPO3\CMS\Core\Authentication\BackendUserAuthentication::releaseLockedRecords ( int  $userId)
protected

Remove any "locked records" added for editing for the given user (= current backend user)

Definition at line 1994 of file BackendUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\BackendUserAuthentication\logoff().

◆ resetUC()

TYPO3\CMS\Core\Authentication\BackendUserAuthentication::resetUC ( )

Clears the user[uc] and ->uc to blank strings. Then calls ->backendSetUC() to fill it again with reset contents

Definition at line 1916 of file BackendUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\BackendUserAuthentication\backendSetUC().

◆ returnWebmounts()

array TYPO3\CMS\Core\Authentication\BackendUserAuthentication::returnWebmounts ( )

Returns an array with the webmounts. If no webmounts, and empty array is returned. Webmounts permissions are checked in fetchGroupData()

Returns
‪array of web mounts uids (may include '0')

Definition at line 879 of file BackendUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\BackendUserAuthentication\isInWebMount().

◆ setDefaultWorkspace()

TYPO3\CMS\Core\Authentication\BackendUserAuthentication::setDefaultWorkspace ( )
protected

Sets the default workspace in the context of the current backend user.

should only be used from within TYPO3 Core

Definition at line 1678 of file BackendUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\BackendUserAuthentication\checkWorkspace(), and TYPO3\CMS\Core\Authentication\BackendUserAuthentication\getDefaultWorkspace().

Referenced by TYPO3\CMS\Core\Authentication\BackendUserAuthentication\setWorkspace().

◆ setTemporaryWorkspace()

bool TYPO3\CMS\Core\Authentication\BackendUserAuthentication::setTemporaryWorkspace (   $workspaceId)

Sets a temporary workspace in the context of the current backend user.

Parameters
int$workspaceId
Returns
‪bool

should only be used from within TYPO3 Core

Definition at line 1662 of file BackendUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\BackendUserAuthentication\checkWorkspace().

Referenced by TYPO3\CMS\Core\Authentication\BackendUserAuthentication\setWorkspace().

◆ setWebmounts()

TYPO3\CMS\Core\Authentication\BackendUserAuthentication::setWebmounts ( array  $mountPointUids,
  $append = false 
)

Initializes the given mount points for the current Backend user.

Parameters
array$mountPointUidsPage UIDs that should be used as web mountpoints
bool$append‪If TRUE the given mount point will be appended. Otherwise the current mount points will be replaced.

Definition at line 890 of file BackendUserAuthentication.php.

References TYPO3\CMS\Core\Utility\GeneralUtility\intExplode().

Referenced by TYPO3\CMS\Core\Authentication\BackendUserAuthentication\initializeWebmountsForElementBrowser().

◆ setWorkspace()

TYPO3\CMS\Core\Authentication\BackendUserAuthentication::setWorkspace (   $workspaceId)

Setting workspace ID

Parameters
int$workspaceId‪ID of workspace to set for backend user. If not valid the default workspace for BE user is found and set.

should only be used from within TYPO3 Core

Definition at line 1635 of file BackendUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\BackendUserAuthentication\$workspace, TYPO3\CMS\Core\Authentication\BackendUserAuthentication\setDefaultWorkspace(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\setTemporaryWorkspace(), and TYPO3\CMS\Core\Authentication\BackendUserAuthentication\writelog().

Referenced by TYPO3\CMS\Core\Authentication\BackendUserAuthentication\workspaceInit().

◆ shallDisplayDebugInformation()

TYPO3\CMS\Core\Authentication\BackendUserAuthentication::shallDisplayDebugInformation ( )

Returns whether debug information shall be displayed to the user

Definition at line 2089 of file BackendUserAuthentication.php.

References $GLOBALS, and TYPO3\CMS\Core\Authentication\BackendUserAuthentication\isAdmin().

◆ workspaceAllowsLiveEditingInTable()

TYPO3\CMS\Core\Authentication\BackendUserAuthentication::workspaceAllowsLiveEditingInTable ( string  $table)

Checks if a record is allowed to be edited in the current workspace. This is not bound to an actual record, but to the mere fact if the user is in a workspace and depending on the table settings.

should only be used from within TYPO3 Core

Definition at line 743 of file BackendUserAuthentication.php.

References $GLOBALS.

Referenced by TYPO3\CMS\Core\Authentication\BackendUserAuthentication\workspaceCanCreateNewRecord().

◆ workspaceCanCreateNewRecord()

TYPO3\CMS\Core\Authentication\BackendUserAuthentication::workspaceCanCreateNewRecord ( string  $table)

Evaluates if a record from $table can be created. If the table is not set up for versioning, and the "live edit" flag of the page is set, return false. In live workspace this is always true, as all records can be created in live workspace

Parameters
string$table‪Table name

should only be used from within TYPO3 Core

Definition at line 772 of file BackendUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\BackendUserAuthentication\workspaceAllowsLiveEditingInTable().

◆ workspaceCheckStageForCurrent()

bool TYPO3\CMS\Core\Authentication\BackendUserAuthentication::workspaceCheckStageForCurrent (   $stage)

Checks if an element stage allows access for the user in the current workspace In live workspace (= 0) access is always granted for any stage. Admins are always allowed. An option for custom workspaces allows members to also edit when the stage is "Review"

Parameters
int$stage‪Stage id from an element: -1,0 = editing, 1 = reviewer, >1 = owner
Returns
‪bool TRUE if user is allowed access

should only be used from within TYPO3 Core

Definition at line 791 of file BackendUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\BackendUserAuthentication\$workspaceRec, TYPO3\CMS\Core\Authentication\BackendUserAuthentication\checkWorkspaceCurrent(), TYPO3\CMS\Core\Utility\GeneralUtility\inList(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\isAdmin(), and TYPO3\CMS\Core\Utility\ExtensionManagementUtility\isLoaded().

◆ workspaceInit()

TYPO3\CMS\Core\Authentication\BackendUserAuthentication::workspaceInit ( )
protected

Initializing workspace settings after all TSconfig has been parsed. Called from within fetchGroupData()

See also
fetchGroupData()

Definition at line 1478 of file BackendUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\BackendUserAuthentication\$workspace, TYPO3\CMS\Core\Authentication\BackendUserAuthentication\getTSConfig(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\initializeDbMountpointsInWorkspace(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\setWorkspace(), and TYPO3\CMS\Core\Utility\StringUtility\uniqueList().

Referenced by TYPO3\CMS\Core\Authentication\BackendUserAuthentication\fetchGroupData().

◆ writelog()

int TYPO3\CMS\Core\Authentication\BackendUserAuthentication::writelog (   $type,
  $action,
  $error,
  $details_nr,
  $details,
  $data,
  $tablename = '',
  $recuid = '',
  $recpid = '',
  $event_pid = -1,
  $NEWid = '',
  $userId = 0 
)

Writes an entry in the logfile/table Documentation in "TYPO3 Core API"

Parameters
int$type‪Denotes which module that has submitted the entry. See "TYPO3 Core API". Use "4" for extensions.
int$action‪Denotes which specific operation that wrote the entry. Use "0" when no sub-categorizing applies
int$error‪Flag. 0 = message, 1 = error (user problem), 2 = System Error (which should not happen), 3 = security notice (admin)
int$details_nr‪The message number. Specific for each $type and $action. This will make it possible to translate errormessages to other languages
string$details‪Default text that follows the message (in english!). Possibly translated by identification through type/action/details_nr
array$data‪Data that follows the log. Might be used to carry special information. If an array the first 5 entries (0-4) will be sprintf'ed with the details-text
string$tablename‪Table name. Special field used by tce_main.php.
int | string$recuid‪Record UID. Special field used by tce_main.php.
int | string$recpid‪Record PID. Special field used by tce_main.php. OBSOLETE
int$event_pid‪The page_uid (pid) where the event occurred. Used to select log-content for specific pages.
string$NEWid‪Special field used by tce_main.php. NEWid string of newly created records.
int$userId‪Alternative Backend User ID (used for logging login actions where this is not yet known).
Returns
‪int Log entry ID.

Definition at line 1735 of file BackendUserAuthentication.php.

References TYPO3\CMS\Webhooks\Message\$details, $fields, $GLOBALS, TYPO3\CMS\Core\Authentication\BackendUserAuthentication\getOriginalUserIdWhenInSwitchUserMode(), TYPO3\CMS\Core\Database\Connection\PARAM_INT, TYPO3\CMS\Core\Database\Connection\PARAM_STR, TYPO3\CMS\Core\SysLog\Type\toChannel(), and TYPO3\CMS\Core\SysLog\Type\toLevel().

Referenced by TYPO3\CMS\Core\Hooks\CreateSiteConfiguration\generateSiteConfigurationForRootPage(), and TYPO3\CMS\Core\Authentication\BackendUserAuthentication\setWorkspace().

Member Data Documentation

◆ $checkWorkspaceCurrent_cache

array null TYPO3\CMS\Core\Authentication\BackendUserAuthentication::$checkWorkspaceCurrent_cache
protected

Cache for checkWorkspaceCurrent()

Definition at line 125 of file BackendUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\BackendUserAuthentication\checkWorkspaceCurrent().

◆ $enablecolumns

array TYPO3\CMS\Core\Authentication\BackendUserAuthentication::$enablecolumns
Initial value:
= array(
'rootLevel' => 1,
'deleted' => 'deleted',
'disabled' => 'disable',
'starttime' => 'starttime',
'endtime' => 'endtime',
)

Enable field columns of user table

Definition at line 162 of file BackendUserAuthentication.php.

◆ $errorMsg

string TYPO3\CMS\Core\Authentication\BackendUserAuthentication::$errorMsg = ''

Contains last error message

should only be used from within TYPO3 Core

Definition at line 120 of file BackendUserAuthentication.php.

◆ $filePermissions

array null TYPO3\CMS\Core\Authentication\BackendUserAuthentication::$filePermissions
protected

Definition at line 133 of file BackendUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\BackendUserAuthentication\getFilePermissions().

◆ $fileStorages

TYPO3 CMS Core Resource ResourceStorage [] TYPO3\CMS\Core\Authentication\BackendUserAuthentication::$fileStorages
protected

Definition at line 129 of file BackendUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\BackendUserAuthentication\getFileStorages().

◆ $firstMainGroup

int TYPO3\CMS\Core\Authentication\BackendUserAuthentication::$firstMainGroup = 0

should only be used from within TYPO3 Core

Definition at line 201 of file BackendUserAuthentication.php.

◆ $formfield_status

string TYPO3\CMS\Core\Authentication\BackendUserAuthentication::$formfield_status = 'login_status'
protected

Form field with status: *'login', 'logout'

Definition at line 186 of file BackendUserAuthentication.php.

◆ $formfield_uident

string TYPO3\CMS\Core\Authentication\BackendUserAuthentication::$formfield_uident = 'userident'
protected

Form field with password

Definition at line 180 of file BackendUserAuthentication.php.

◆ $formfield_uname

string TYPO3\CMS\Core\Authentication\BackendUserAuthentication::$formfield_uname = 'username'
protected

Form field with login-name

Definition at line 174 of file BackendUserAuthentication.php.

◆ $groupData

array TYPO3\CMS\Core\Authentication\BackendUserAuthentication::$groupData
Initial value:
= array(
'allowed_languages' => '',
'tables_select' => '',
'tables_modify' => '',
'pagetypes_select' => '',
'non_exclude_fields' => '',
'explicit_allowdeny' => '',
'custom_options' => '',
'file_permissions' => '',
)

holds lists of eg. tables, fields and other values related to the permission-system. See fetchGroupData

Definition at line 79 of file BackendUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\BackendUserAuthentication\getFileMountRecords().

◆ $lastLogin_column

string TYPO3\CMS\Core\Authentication\BackendUserAuthentication::$lastLogin_column = 'lastlogin'

Definition at line 157 of file BackendUserAuthentication.php.

◆ $loginType

string TYPO3\CMS\Core\Authentication\BackendUserAuthentication::$loginType = 'BE'

Login type, used for services.

Definition at line 224 of file BackendUserAuthentication.php.

◆ $uc_default

array TYPO3\CMS\Core\Authentication\BackendUserAuthentication::$uc_default
Initial value:
= array(
'moduleData' => [],
'emailMeAtLogin' => 0,
'titleLen' => 50,
'edit_docModuleUpload' => '1',
)

User Config Default values: The array may contain other fields for configuration. For this, see "setup" extension and "TSconfig" document (User TSconfig, "setup.[xxx]....") Reserved keys for other storage of session data: moduleData moduleSessionID

should only be used from within TYPO3 Core

Definition at line 212 of file BackendUserAuthentication.php.

◆ $user_table

string TYPO3\CMS\Core\Authentication\BackendUserAuthentication::$user_table = 'be_users'

Table in database with user data

Definition at line 138 of file BackendUserAuthentication.php.

◆ $usergroup_column

string TYPO3\CMS\Core\Authentication\BackendUserAuthentication::$usergroup_column = 'usergroup'

Should be set to the usergroup-column (id-list) in the user-record

Definition at line 68 of file BackendUserAuthentication.php.

◆ $usergroup_table

string TYPO3\CMS\Core\Authentication\BackendUserAuthentication::$usergroup_table = 'be_groups'

The name of the group-table

Definition at line 73 of file BackendUserAuthentication.php.

◆ $userGroupsUID

array TYPO3\CMS\Core\Authentication\BackendUserAuthentication::$userGroupsUID = array( )

This array holds the uid's of the groups in the listed order

Definition at line 93 of file BackendUserAuthentication.php.

◆ $userid_column

string TYPO3\CMS\Core\Authentication\BackendUserAuthentication::$userid_column = 'uid'

Column for user-id

Definition at line 153 of file BackendUserAuthentication.php.

◆ $userident_column

string TYPO3\CMS\Core\Authentication\BackendUserAuthentication::$userident_column = 'password'

Column for password

Definition at line 148 of file BackendUserAuthentication.php.

◆ $username_column

string TYPO3\CMS\Core\Authentication\BackendUserAuthentication::$username_column = 'username'

Column for login-name

Definition at line 143 of file BackendUserAuthentication.php.

◆ $userTsConfig

UserTsConfig TYPO3\CMS\Core\Authentication\BackendUserAuthentication::$userTsConfig = null
protected

Definition at line 108 of file BackendUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\BackendUserAuthentication\getUserTsConfig().

◆ $userTSUpdated

bool TYPO3\CMS\Core\Authentication\BackendUserAuthentication::$userTSUpdated = false
protected

True if the user TSconfig was parsed and needs to be cached.

Todo:
‪: Should vanish, see todo below.

Definition at line 114 of file BackendUserAuthentication.php.

◆ $workspace

int TYPO3\CMS\Core\Authentication\BackendUserAuthentication::$workspace = -99

User workspace. -99 is ERROR (none available) 0 is online >0 is custom workspaces

Definition at line 101 of file BackendUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\BackendUserAuthentication\setWorkspace(), and TYPO3\CMS\Core\Authentication\BackendUserAuthentication\workspaceInit().

◆ $workspaceRec

array TYPO3\CMS\Core\Authentication\BackendUserAuthentication::$workspaceRec = array( )

Custom workspace record if any

Definition at line 106 of file BackendUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\BackendUserAuthentication\workspaceCheckStageForCurrent().

◆ $writeAttemptLog

bool TYPO3\CMS\Core\Authentication\BackendUserAuthentication::$writeAttemptLog = true

If the writelog() functions is called if a login-attempt has be tried without success

Definition at line 196 of file BackendUserAuthentication.php.

◆ $writeStdLog

bool TYPO3\CMS\Core\Authentication\BackendUserAuthentication::$writeStdLog = true

Decides if the writelog() function is called at login and logout

Definition at line 191 of file BackendUserAuthentication.php.

◆ ROLE_SYSTEMMAINTAINER

const TYPO3\CMS\Core\Authentication\BackendUserAuthentication::ROLE_SYSTEMMAINTAINER = 'systemMaintainer'

Definition at line 63 of file BackendUserAuthentication.php.

Referenced by TYPO3\CMS\Backend\Module\ModuleProvider\accessGranted().