Growing Talent in the Job Market Desert
A spotlight on bridging education and business at open source events.
The general scope of the initiative meeting was focused on integrating GraphQL API into TYPO3 core. Preliminary an internal API — used by developers — shall be established to allow retrieving structured data. Due to possible additional dimensions like languages and workspaces this API must resolve proper relations according to the given context.
To expose that API as a public web interface (e.g. to be used by modern client frameworks like Angular, VueJS or React) additional aspects have to be considered — most important to be named is a permission layer to control access of data exposed to the public. Current ideas are based on Symfony‘s “security-acl” package to grant or deny access on various concepts like table, field, folders, files, etc.
During the implementation process of inferencing semantics and implicit behavior of $TCA properties, participants identified the demand of structuring current $TCA much better — aspects related to schema (storage), processing (validation) and representation (rendering in user-interface) are target to be separated further.
TYPO3's mechanisms for storing relationships supports three different types — comma-separated values (CSV) stored at the originator, foreign keys stored at the referenced subject and many-to-many relations stored in a specific intermediate table (MM).
In the worst case scenarios CSV storage only contains identifiers without storing their concept — thus, the according relationship can only be determined by evaluating the current $TCA settings and is not robust to adjustments. JSON data-types became available with MySQL 5.7 and would allow storing specific information as well as being used in database JOINs as well. Doctrine DBAL already supports these data-types — however there is no cross-database implementation of statements like JSON_CONTAINS to be used in QueryBuilder.
The possibility to determine permissions on a per-table or per-table-field level currently is only available for backend users and backend user groups. To broaden the application scope and expose a semi-public endpoint to GraphQL, it is required to ensure that only defined information can be retrieved. Thus, the permission concepts need to be decoupled from backend users and any user record in general. Composer package „symfony/security-acl“ provides a flexible concept, based on access-control-lists (ACL), for dynamically managing those requirements concerning permission handling.
Resolving multiple content dimensions like languages and workspaces requires detailed knowledge about the implementation — especially when it comes to resolving relationships — it has been mentioned earlier already that these can be persisted as comma-separated values, foreign keys and using an intermediate table. Correct information can only be retrieved by following the principles of retrieving „default values“ and overlaying them for each according context (language and/or workspace). To remove query complexity and possibly allow direct queries — e.g. using JOINs — the semantical meaning of workspace placeholders shall be reevaluated again.
All in all the participants were able to define next steps for the persistence initiative, shape the concepts to be used and developed a preliminary roadmap. Want to be part of it? Get in touch.
A spotlight on bridging education and business at open source events.
The TYPO3 Association Board and Business Control Committee invited the community to a meeting on 2 June 2022. It was an open forum to inform, answer…
The TYPO3 Demo is a publicly available site that demonstrates TYPO3 features. The QA Best Practices initiative working on providing quality assurance…
Lina Wolf has recently stepped up as the team’s new Co-Lead. She joined the Documentation Team after the Developer Days in 2019, but her first meeting…
The versions 11.5.12 and 10.4.30 of the TYPO3 Enterprise Content Management System have just been released.
The versions 11.5.11 and 10.4.29 of the TYPO3 Enterprise Content Management System have just been released.