Community Budget Idea Report: ACL Improvements

Categories: Development, Community, Association, TYPO3 CMS Created by Marcin Sągol
Right-pointing arrow shape made with paper clips on yellow background.
Photo: Ben Robbins / Unsplash
In mid-March, we applied the final touches to the ACL Improvements initiative, which was chosen as a Community Budget Idea for Q1 2024. Here is a summary of the work completed in the recent weeks and what we have delivered.

From Research to Documentation and Coding – The Initiative Lifecycle

Our first step was to conduct the research on best practices for setting permissions in TYPO3. Based on this research, which included analyzing survey results from the community, we have created a draft of a technical document where all the valuable information was written down. For detailed insights into the survey results, see our earlier post: Initial Phase of the ACL Enhancement Initiative

Our second step was to enhance the TYPO3 installation process by adding an option to create default backend user groups. Our goal is that these groups will come with pre-configured permission presets and will be ready for immediate use following the installation.

Converting Technical Drafts into Official Documentation

Our draft on best practices for setting and managing permissions in TYPO3 was shared on talk.typo3.org for public discourse, aiming to collect further community feedback to improve its quality and value. 

In adherence to best practices, this document outlined:

  • Broad recommendations for establishing user-specific accounts, enhancing security measures, and arranging file mounts for straightforward access via backend groups.
  • Strategies for structuring, naming, and organizing backend user groups with a focus on roles and permissions.
  • Example configurations for both small, single-site projects and more complex multi-site setups.
  • Discussions on managing group inheritance and ensuring permission consistency across different environments.

Unfortunately, beyond a few general comments in Slack, we didn't get any responses or feedback on the draft. We didn’t want our technical documentation to exist in a form that was not easily accessible and could be forgotten easily. So we made the decision to incorporate it into the official TYPO3 documentation, placing it within the Getting Started tutorials.

We have prepared a series of patches for the official TYPO3 Documentation, introducing a new Permissions Management section in the Getting Started guide. This section incorporates the crucial elements from our initial document. We believe it will be a valuable resource, simplifying and standardizing the initial steps of setting permissions for everyone.

A critical aspect of updating the documentation was our close collaboration with the TYPO3 Documentation team, who provided substantial support, suggestions, and feedback. We extend our deepest gratitude to team members Lina Wolf, Sarah McCarthy, Gavin Hicking, and Chris Müller for their invaluable reviews, feedback, and guidance on the content's structure and formatting. High five!

We are open to any necessary further adjustments. As more developers familiarize themselves with this material, we expect its evolution and enhancement over time.

Exploring the New Way for Implementation of Permissions Preset for Backend Users

New Option During Installation

Configuring permissions for backend users can often be a lengthy task, particularly for individuals keen on testing TYPO3 and discovering its features. To streamline this aspect, we've improved the installation's last stage by introducing an option to establish default backend groups. This option allows for the easy assignment of users to these groups later on. Simply ticking a checkbox marked Create default backend user groups will automatically set up two predefined groups: Editor and Advanced Editor, each with preset permissions tailored to their respective roles.

New Command To Create User Groups

Along with adding a new option to the GUI, we've implemented a new command, setup:begroups:default, that facilitates the formation of these groups beyond the initial installation. This command is designed with two modes, interactive and non-interactive, providing flexibility to create either one or both groups as needed. The command's operation is simple and user-friendly:

# execute command in interactive mode
typo3 setup:begroups:default

Which backend user groups do you want to create? [default: Both]
  [0] Editor
  [1] Advanced Editor
  [2] Both
  [3] None
 > Both

[OK] Backend user group(s) created: Editor, Advanced Editor

# execute command in non-interactive mode
typo3 setup:begroups:default --no-interaction --groups Both
typo3 setup:begroups:default --no-interaction --groups Editor
typo3 setup:begroups:default --no-interaction --groups "Advanced Editor"

[OK] Backend user group(s) created: Advanced Editor

# view the help instructions
typo3 setup:begroups:default --help

The patch itself was discussed on Gerrit and went through several iterations until it got its final shape. I would like to say thank you to all the TYPO3 Core developers who took their time to help improve it by reviewing, commenting and even making changes in the code. High five to Gavin Hicking, Stefan Bürk, Benni Mack, Andreas Kienast, Oliver Bartsch, and Nikita Hovratov.

Those changes have been merged into the TYPO3 Core already and there is a chance that they will be a part of the version 13.1 release.

Further Work and Plans for More Improvements

When we initially submitted our proposal for the Community Budget Ideas 2024 Q1, we outlined a broad perspective on changes we believed would benefit TYPO3 users. Following community feedback, I have formed all the concepts and ideas into a simple diagram, which groups them and shows the dependencies.

Three-Phase Improvement Plan 

The diagram features blue rectangles indicating areas already addressed during our work on ACL Improvements in Q1. This work included creating static permissions presets for default backend user groups, updating the installer, introducing a new command for creating these groups, and compiling best practices for ACL management into the official TYPO3 documentation.

Looking ahead, we aim to enhance UI/UX aspects, as shown by green rectangles at the diagram’s bottom. We’ve proposed these improvements for the Community Budget Ideas 2024 Q2 and encourage votes from those who find the idea beneficial.

For Q3, we plan to propose the implementation of deployable permission sets, allowing permissions presets through custom extensions, and the introduction of a general notification center in TYPO3. This center would, for example, alert users to new access setting options, affecting the diagram’s right side.

Summary

We believe these plans will significantly enhance TYPO3's ACL management, making it more user-friendly, efficient, and less time-consuming. Please support our Q2 proposal and the forthcoming Q3 initiative in the Community Budget Ideas 2024.

Additional contributors for this article
  • Copy Editor : Felicity Brand
  • Content Publisher : Mathias Bolt Lesniak