TYPO3 ACL — Report for Q3/2024

Background and Development Journey

In our initial proposal, we promised to create the ability to define presets that could be integrated into any TYPO3 extension. This feature gained significant attention during the TYPO3 Developers Days 2024, where we presented our idea. The patch, Introduce deployable backend group permission presets, is now under review by Core developers.

Although we initially aimed to deliver this feature by the end of September, our team intensified its efforts to complete a working and reviewable patch well before the feature freeze deadline. Our goal was to ensure that this feature could be merged into version 13 of TYPO3, but in the end it got postponed to version 14.

Collaboration

Working closely with Stefan Bürk and Benni Mack from the TYPO3 Core Team, our patch was accepted. However, given its significant scope and impact, Benni, in collaboration with other Core mergers, made an executive decision to postpone its merge to version 14 of TYPO3, due to extensive changes.

Key Features

In this patch, we delivered a fully functional feature for creating permission presets and documentation. Here’s a breakdown of the key capabilities:

• Permission set in YAML files: The feature allows developers to create permission presets in a YAML file format (PHP was initially considered but was later excluded after feedback from the Core Team). These presets are then scanned, validated, and registered within TYPO3 Core.
• Multiple presets from any extension(s): TYPO3 extensions can offer multiple presets (without any limit). Once validated, these presets are displayed in the UI, allowing editors to quickly apply them to backend user groups.
• Permission setting: This feature significantly simplifies the process for editors, who no longer need to click through multiple options to configure permissions. Instead, they can quickly overlay preset configurations delivered from extensions.

Additional Features — Deployable Permissions

Through discussions at TYPO3 Developers Days, we also realized the potential for this feature to address another frequently requested capability — deployable permissions.

Our patch doesn’t just address the proposed scenario but also extends it to enable developers to create deployable permission sets. These permission sets can be automatically applied during deployments, enhancing flexibility without causing breaking changes.

Future-proofing and Extensibility

In addition to the immediate benefits, this patch lays a foundation for future features and enhancements in ACL management. The new core API we developed is designed to be flexible, allowing third-party developers to easily extend the functionality with minimal effort. For example, developers can:

• Introduce alternative file formats or file schemas.
• Provide custom logic for resolving permissions based on specific project needs.

Conclusion

In summary, this patch introduces a valuable feature for the TYPO3 community, offering both the ability to apply presets from the UI, and implement deployable permissions. It enhances the user experience by making ACL management more efficient and less error-prone. Importantly, users can continue using the previous method for setting up permissions if needed.

Thanks to our collaboration with the Core Team, we’re excited to deliver a solution that will serve TYPO3 developers well.