Question: how to add custom filter unrelated to a query parameter

[fsuter]

I have the following scenario: I'm using t3api in a project where some API consumers have more right than others. Each record has a kind of visibility flag, which may indicate either that the record is public or that is has restricted access. Access to the API requires a valid FE user, identified using an API key passed in the HTTP headers.

A FE user may be allowed to access restricted records of any table. So what I'm trying to do is to add a filter that would set a condition on the records depending on the FE user rights: namely, if the user is not allowed to access restricted records, then such records should not be fetched from the repository and returned.

I have tried various strategies without success so far, in part due to the documentation being missing on topics like security. My latest try is to use a custom filter, which I add to the operation by adding a custom operation for collections, extending and overriding \SourceBroker\T3api\OperationHandler\CollectionGetOperationHandler. This nearly works, but my custom filter gets removed by this call (in \SourceBroker\T3api\Domain\Repository\CommonRepository::findFiltered()):

$apiFilters = $this->filterAndSortApiFiltersByQueryParams($apiFilters, $queryParams);

because the flag that I want to check is not a query parameter. I understand the logic of dropping filters that are related to a query parameter when said parameter is not defined, but is there a way to preserve a filter, without relating it to a query parameter?

Or is there another way to achieve what I'm trying to do?

Thanks in advance for any help.

[kszymukowicz]

hi @fsuter

have you read this?
#11

We use t3api on big intranet and we are solving all FE access with enable fields. Works pretty well.

[fsuter]

Thanks for the pointer. I hadn't thought about enable field as I was really set on using a single checkbox rather than having to select a specific group, but it could be a solution.

I think it would still make sense to have filters which do not depend on query parameters.

[kszymukowicz]

Plz do not narrow enablefields to FE groups only :)
You can extend query in any direction with enable fields (so also to support simple checkbox)

Just add your own enablefields
$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_page.php']['addEnableColumns']['some_key'] = ...

[fsuter]

Right, thanks for insisting ;-)

At first I couldn't see how this could fit my scenario, but I got around to it eventually. Works fine now. Thanks for your input.