Feature #95175

security.ifByRoles-Viewhelper, which allows to check different groups and allowes mixed use of usergruop-IDs and -names

Added by Dieter Porth 3 months ago. Updated about 2 months ago.

Should have
Start date:
Due date:
% Done:


Estimated time:
PHP Version:
Sprint Focus:


Let the code speak.

The ifHasRole-Viewhelper is too limited.

namespace TYPO3\CMS\Fluid\ViewHelpers\Security;

 * This file is part of the TYPO3 CMS project.
 * It is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License, either version 2
 * of the License, or any later version.
 * For the full copyright and license information, please read the
 * LICENSE.txt file that was distributed with this source code.
 * The TYPO3 project - inspiring people to share!

use TYPO3\CMS\Core\Context\Context;
use TYPO3\CMS\Core\Context\UserAspect;
use TYPO3\CMS\Core\Utility\GeneralUtility;
use TYPO3Fluid\Fluid\Core\ViewHelper\AbstractConditionViewHelper;

 * This ViewHelper implements an ifHasRole/else condition for frontend groups.
 * Examples
 * ========
 * Basic usage
 * -----------
 * ::
 *   normal-case
 *    <f:security.switchByRoles roles=" Administrator, 5 " >
 *         <f:then> USER contain to at least one role. </f:then>
 *         <f:else> USER IS UNLOGGED or USER contain none of the usergroups. , The default-limiter is `,`.</f:else>
 *    </f:security.switchByRoles>
 *    anti-normal-case
 *    <f:security.switchByRoles roles="Administrator;5" limiter=";" unlogged="true">
 *         <f:then> USER IS UNLOGGED or USER contain to at least one of the roles. The limiter is `;`. </f:then>
 *         <f:else> USER contain none of the usergroups</f:else>
 *    </f:security.switchByRoles>
class IfByRolesViewHelper extends AbstractConditionViewHelper
    protected const BRANCH_THEN = true;
    protected const BRANCH_ELSE = false;
    protected const ATTR_ROLES = 'roles';
    protected const ATTR_LIMITER = 'limiter';
    protected const ATTR_UNLOGGED = 'unlogged';

    /** Initializes the "roles", ""limiter" and "unlogged"-flag as  argument.
    public function initializeArguments()
        $this->registerArgument(self::ATTR_ROLES, 'string', 'Whitespaces will be trimmed. A limiter(comma) separated list of usergroups, which are represented by name or id. If the user contain to one of the groups, the THEN-branch will shown.');
        $this->registerArgument(self::ATTR_LIMITER, 'string', 'The limiter for your list.', false, ',');
        $this->registerArgument(self::ATTR_UNLOGGED, 'boolean', 'If `false` is set, the ELSE-branch will shown to an unlogged user and the user defined by roles will view the THEN-branch.  If `true` is set, the THEN-branch will shown to an unlogged user and the THEN-branch will shown to user, which contain at least one of the roles. ', false, false);

     * This method decides if the condition is TRUE or FALSE. It can be overridden in extending viewhelpers to adjust functionality.
     * @param array $arguments ViewHelper arguments to evaluate the condition for this ViewHelper, allows for flexiblity in overriding this method.
     * @return bool
    protected static function evaluateCondition($arguments = null)
        /** @var UserAspect $userAspect */
        $userAspect = GeneralUtility::makeInstance(Context::class)->getAspect('frontend.user');
        $roles = $arguments[self::ATTR_ROLES];
        if ((!$userAspect->isLoggedIn()) ||
        ) {
            return (empty($arguments[self::ATTR_ROLES]) ?
                self::BRANCH_ELSE :
        $limiter = ($arguments[self::ATTR_LIMITER] ?? ',');
        $roleList = array_filter(
                explode($limiter, $roles)
        $groupIds = $userAspect->getGroupIds();
        $getGroupNames = $userAspect->getGroupNames();
        $groups = array_merge($groupIds, $getGroupNames);
        if (!empty(array_intersect($groups, $roleList))) {
            return self::BRANCH_THEN;
        return self::BRANCH_ELSE;

Updated by Benni Mack about 2 months ago

  • Target version changed from 11 LTS to Candidate for patchlevel

Also available in: Atom PDF