page, which is the page-record of the current page, $TSFE->id. * * Now, if there is a backend user logged in and he has NO access to this page, * then re-evaluate the id shown! */ class PageResolver implements MiddlewareInterface { /** * Resolve the page ID * * @param ServerRequestInterface $request * @param RequestHandlerInterface $handler * @return ResponseInterface */ public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface { $GLOBALS['TSFE']->siteScript = $request->getAttribute('normalizedParams')->getSiteScript(); $this->checkAlternativeIdMethods($GLOBALS['TSFE']); $GLOBALS['TSFE']->clear_preview(); $GLOBALS['TSFE']->determineId(); // No access? Then remove user & Re-evaluate the page-id if ($GLOBALS['TSFE']->isBackendUserLoggedIn() && !$GLOBALS['BE_USER']->doesUserHaveAccess($GLOBALS['TSFE']->page, Permission::PAGE_SHOW)) { unset($GLOBALS['BE_USER']); $GLOBALS['TSFE']->beUserLogin = false; $this->checkAlternativeIdMethods($GLOBALS['TSFE']); $GLOBALS['TSFE']->clear_preview(); $GLOBALS['TSFE']->determineId(); } // Evaluate the cache hash parameter $GLOBALS['TSFE']->makeCacheHash(); return $handler->handle($request); } /** * Provides ways to bypass the '?id=[xxx]&type=[xx]' format, using either PATH_INFO or Server Rewrites * * Two options: * 1) Use PATH_INFO (also Apache) to extract id and type from that var. Does not require any special modules compiled with apache. (less typical) * 2) Using hook which enables features like those provided from "realurl" extension (AKA "Speaking URLs") */ protected function checkAlternativeIdMethods(TypoScriptFrontendController $tsfe) { // Call post processing function for custom URL methods. $_params = ['pObj' => &$tsfe]; foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tslib/class.tslib_fe.php']['checkAlternativeIdMethods-PostProc'] ?? [] as $_funcRef) { GeneralUtility::callUserFunction($_funcRef, $_params, $tsfe); } } }