Show hidden records in the frontend

TYPO3 Questions Extbase
1

Hi all,
I’m trying to implement a preview feature for detail views of an Extbase model.

Using $GLOBALS['BE_USER']->isAdmin(); I’m checking if the user is an admin. An admin should be able to view hidden records in the frontend.

I’ve tried to modify the query settings in my repository, but this doesn’t seem to work. Even as an admin, I get 404’s for hidden records in the frontend. I’ve looked through the source code of georgringer/news and I’m pretty sure I didn’t miss anything.

class ReferenceProjectRepository extends Repository {
    public function findByUid($uid, $includeHidden = true) {
        $query = $this->createQuery();

        $query->getQuerySettings()->setRespectStoragePage(false);
        $query->getQuerySettings()->setRespectSysLanguage(false);

        if ($includeHidden) {
            $query->getQuerySettings()->setIgnoreEnableFields(true);
        }

        return $query->matching(
            $query->logicalAnd(
                $query->equals('uid', $uid),
                $query->equals('deleted', 0)
            )
        )->execute()->getFirst();
    }
}

public function detailAction(string $id = null): ResponseInterface {
    $isAdmin = $GLOBALS['BE_USER']->isAdmin();

    if (is_string($id)) {
        $reference = $this->referenceProjectRepository->findByUid($id, $isAdmin);
    }

    $this->view->assignMultiple([
        'reference' => $reference ?? null,
    ]);

    return $this->htmlResponse();
}

Any help is much appreciated.

2

I’ve noticed this approach is very bad, because the response gets cached.

If an admin is the first person to trigger $GLOBALS['BE_USER']->isAdmin(), isAdmin will be true for all subsequent requests, until the cache is cleared, and non logged in users will be able to see the hidden records.

3

The way I solved this was to

  1. not use the hidden field as a disabled flag in the TCA
  2. not use the default repository methods to query objects, but instead use a custom query, where I manually include/exclude hidden entries based on isAdmin
  3. disable caching for plugin
1 Like