Bug #102635
closed
\TYPO3\CMS\Extbase\Persistence\Repository->findByUid does not respect defaultQuerySettings
0%
Description
Settings by
$this->setDefaultQuerySettings( )
in
\TYPO3\CMS\Extbase\Persistence\Repository
will not be respected when calling
\TYPO3\CMS\Extbase\Persistence\Repository->findByUid()
For example with these settings
$this->defaultQuerySettings = $this->createQuery()->getQuerySettings()
->setEnableFieldsToBeIgnored(['disabled'])
->setIgnoreEnableFields( true );
$this->setDefaultQuerySettings( $this->defaultQuerySettings );
native findByUid will will hidden / disabled records. A custom findByUid fixes this:
public function findByUid($uid)
{
$query = $this->createQuery();
$query->matching( $query->equals('uid', $uid) );
$result = $query->execute();
return $result->getFirst();
}
Updated by Torben Hansen 6 months ago
- Status changed from New to Needs Feedback
I would say, this is expected behavior for the findByUid method and should not be changed in extbase, because the method is also used to retrieve objects for mapped action arguments. So if you for example would define default query settings for a repository, which allows to show hidden record, it would now by default be possible to show hidden records in actions, which might result in possible sensitive information disclosure.
So basically, your approach to create a custom function is right to retrieve objects with e.g hidden state, but I would recommend to use a differnt name in order to prevent unwanted side effects.
Updated by Benni Mack 2 days ago
- Status changed from Needs Feedback to Closed
Agreeing with Torben, I will close this issue. It's exactly as expected in Core.