TYPO3 v8 TechnologiesThe API is provided by the system extension core which is always loaded and thus always available. Doctrine-dbal is feature rich. If used properly, queries created with steroids how to use it effectively API are translated to the specific database engine by doctrine without an extension developer taking care of that typo3 dbal tutorial. The facade additionally provides methods to retrieve specific connection objects per configured database connection based on the table that is queried. This enables instance administrators to configure different database engines for different tables while this is transparent for extension developers. A dedicated chapter helps with typical migration questions. With database abstraction dbap built in doctrine-dbal the old and typo3 dbal tutorial extensions dbal and adodb are obsolete.
TYPO3 v8 Technologies | Use TYPO3
Database tables in TYPO3 CMS that can be administrated in the backend come with TCA definitions that specify how single fields and rows of the table should be handled and displayed by the framework. The ctrl section of a tables TCA array specifies optional framework internal handling of soft deletes and language overlays: For instance, if a row in the backend is deleted using the page or list module, many tables are configured to not entirely drop that row from the table, instead a field often deleted is set from zero to one for that row.
Similar mechanics kick in for start- and endtime as well as language and workspace overlays. See the ['ctrl'] chapter in the TCA reference for details on this topic. These mechanics however come with a price tag attached to it: Extension developers dealing with low-level query stuff must take care overlayed or deleted rows are not in the result set of a casual query.
This is where this "automatic restriction" stuff kicks in: It automatically adds WHERE expressions that suppress rows which are marked as deleted or exceeded their "active" life cycle. All that is based on the TCA configuration of the affected table. A developer may ask why she has to go through all this and why this additional stuff is added on a low-level query layer, when "just a simple query" should be fired.
The construct implements some important design goals:. The QueryBuilder allows manipulation of those restrictions while the simplified Connection class does not. If a query deals with multiple tables in a join, restrictions for all affected tables are added. Each restriction looks up in TCA if it should kick in. Multiple restrictions can be grouped in containers which implement the QueryRestrictionContainerInterface. The DefaultRestrictionContainer is always added by Note this is true for all contexts a query is executed in: It does not matter whether a query is created from within a frontend, a backend or a cli call, they all add the DefaultRestrictionContainer if not explicitly told otherwise by an extension developer.
Having this DefaultRestrictionContainer used everywhere is the second iteration of that code construct:. The first variant automatically added restrictions based on context. For instance, a query fired by a call that is executed in the backend did not add the hidden flag, while a query fired from within a frontend call did so.
We quickly figured this ends up in a huge mess: The distinction between frontend, backend and cli is not that sharp in TYPO3 , as example the frontend behaves much more like a backend call if the admin panel is used.
The currently active variant is much easier: It always adds sane defaults everywhere, a developer only has to deal with details if they don't fit. The core team hopes this approach is a good balance between hidden magic, security, transparency and convenience. However, many backend modules still want to show disabled records and remove the starttime and endtime restrictions to allow administration of those records for an editor.
A typical setup from within a backend module:. The DeletedRestriction should be kept in almost all cases. Usually, the only extension that dismiss that flag is the recycler module to list and resurrect deleted records.
This allows extensions to deliver own restrictions. This allows extensions to deliver and use an own set of restrictions for own query statements if needed. Just take care these calls do not end up in production code.
Traditional List Table 2: Base Constants This version, branch and copyright TYPO3 external links String constants Security related constant Operating system identifier Service error constants Global variables Exploring global variables Backend User Object Checking user access Checking access to current backend module Checking access to any backend module Access to tables and fields?
Read access to a page? Is a page inside a DB mount? Selecting readable pages from database? Freedom of implementation 2. The Main Transformation Step 4: The Database Step 5: Rendering the website Step 6: Lines starting with "[" Rules: How to add a custom context menu item Step 1: Item provider registration Step 2: Implementation of the item provider class Step 3: Elements containing values "Value" elements: The construct implements some important design goals: Query creation should be easy to use without forcing a developer thinking too much about those nasty TCA details.
Cope with developer laziness: If the framework would force a developer to always add casual restrictions for each and every query, this is easy to forget.
We're all lazy, are we? If in doubt, it is better to show a little too less than too much. It is much better to deal with a customer who complains some records are not shown than to show too many records.
The former is "just a bug" while the latter can easily escalate to a serious privilege escalation security issue. Handing over restriction details to the framework: Having the restriction expressions done by the framework gives it the opportunity to change details without breaking extension code. This may very well happen in the future and having a happy little upgrade path for such cases in place may become very handy later.
The class construct is created in a way that allows developers to extend or substitute it with own restrictions if that is useful to model the domain in question.
Note Having this DefaultRestrictionContainer used everywhere is the second iteration of that code construct: Determines the current workspace a backend user is working in and adds a couple of restrictions to select only records of that workspace if the table supports workspaced records. Restriction to filter records for fronted workspaces preview. This container is always added if not told otherwise.
This container should be be added by a developer to a query if creating query statements in frontend context or if handling frontend stuff from within cli calls. Nothing needs to be done in those cases. A typical setup from within a backend module: