Project

General

Profile

Actions

Bug #102635

open

\TYPO3\CMS\Extbase\Persistence\Repository->findByUid does not respect defaultQuerySettings

Added by This Mächler 6 months ago. Updated 15 days ago.

Status:
Needs Feedback
Priority:
Should have
Assignee:
-
Category:
Extbase
Target version:
-
Start date:
2023-12-09
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
11
PHP Version:
8.1
Tags:
Repository, Extbase, findByUid, querySettings, defaultQuerySettings
Complexity:
Is Regression:
Sprint Focus:

Description

Settings by

$this->setDefaultQuerySettings( )

in
\TYPO3\CMS\Extbase\Persistence\Repository

will not be respected when calling

\TYPO3\CMS\Extbase\Persistence\Repository->findByUid()

For example with these settings

$this->defaultQuerySettings = $this->createQuery()->getQuerySettings()
    ->setEnableFieldsToBeIgnored(['disabled'])
    ->setIgnoreEnableFields( true );
$this->setDefaultQuerySettings( $this->defaultQuerySettings );

native findByUid will will hidden / disabled records. A custom findByUid fixes this:

public function findByUid($uid)
{
    $query = $this->createQuery();
    $query->matching( $query->equals('uid', $uid) );
    $result = $query->execute();
    return $result->getFirst();
}

Actions #1

Updated by Torben Hansen 15 days ago

  • Status changed from New to Needs Feedback

I would say, this is expected behavior for the findByUid method and should not be changed in extbase, because the method is also used to retrieve objects for mapped action arguments. So if you for example would define default query settings for a repository, which allows to show hidden record, it would now by default be possible to show hidden records in actions, which might result in possible sensitive information disclosure.

So basically, your approach to create a custom function is right to retrieve objects with e.g hidden state, but I would recommend to use a differnt name in order to prevent unwanted side effects.

Actions

Also available in: Atom PDF