josefglatz / bureaucratic
Basics for professional TYPO3 projects
Installs: 1 325
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 2
Forks: 0
Open Issues: 2
Type:typo3-cms-extension
Requires
- php: >=8.1
- ext-ctype: *
- ext-pdo: *
- josefglatz/httpseverywhere: *
- typo3/cms-core: ^11.5 || ^12.4
Replaces
- typo3-ter/bureaucratic: dev-main
This package is auto-updated.
Last update: 2024-06-27 15:27:00 UTC
README
josefglatz/bureaucratic – basics for professional TYPO3 projects
Part of professional_aspects
Overview
- adopt backend related database fields for backend users
- adopt tt_content database fields for a better list module overview
- adopt User TsConfig to improve file/folder structure
- add a http to https redirect middleware in the frontend
- add many backend users related commands to notify or delete backend user records
Backend
Required fields for backend users
- realName (trim, required)
- email (trim, required, email, unique)
What the hell?
| Reason | Implemented | Description | Implementation |
|---|---|---|---|
| Security | yes | Requiring realName and email fields motivates adding one backend user per real human | TCA/Overrides, by requiring email address and name |
| Security | yes | Limit sharing bad passwords across multiple persons/teams/departments on customer side by | TCA/Overrides, by requiring email address |
| Security | Write custom commands to check for not used TYPO3 backend users | ||
| Security | Write custom commands to delete TYPO3 backend users which are not used for a while | ||
| Security | Implement custom commands to delete TYPO3 backend users based on deny lists | ||
| Reporting | Write custom commands to inform team members of not used backend editors | ||
| Base for TYPO3 core features | Forgot password functionality → reduces support cases | ||
| Base for TYPO3 core features | Check for unique email addresses for backend users → solid base for forgot password functionality (use email subaddressing for multiple test accounts for one email account) | ||
| Backend UX | Better UX in backend views history, or record info modals → real name is shown | ||
| Backend UX | Improve UX by adding profile image for each real human editor or use ext:gravatar for automatic profile images | ||
| Reflects real life | Better overview of you much persons are really working as editors on the project | ||
| More realistic backend stats | See who is really editing content in an TYPO3 instance. Base for building some custom user statistics. Imagine writing some statistics for the TYPO3 backend dashboard module. |
Required fields for tt_content
- header (trim, required)
What the hell?
| Reason | Implemented | Description |
|---|---|---|
| Backend UX | yes | Requiring tt_content.header makes records with "title" [No title] in list view belongs to the past |
| Backend UX | yes | tt_content.header with tt_content.header_layout set to "Hidden" 0 still allows disabled/hidden titles in the website frontend |
Disabled backend functionality
- No direct uploads in backend forms. An editor have to upload files within the TYPO3 filelist module
What the hell?
Direct upload forms in backend forms motivates lazy backend editors to not structure their assets (files) in a folder structure. There are possibilities to add folders in the upload UI but most of the users do not use such features.
Frontend
Required packages
josefglatz/httpseverywhere( TYPO3 Middleware to force https as a last fallback)
CLI Commands
CLI commands for backend users
This package comes with a bunch of schedulable CLI commands for managing and informing backend user records:
Multi Factor Authentication related
typo3 bureaucratic:backend:notify-users-without-mfa(and their need to activate it)typo3 bureaucratic:backend:disable-users-without-activated-mfa
Managing inactive records (except some specific)
typo3 bureaucratic:backend:notify-not-loggedin-userstypo3 bureaucratic:backend:notify-admin-about-not-loggedin-userstypo3 bureaucratic:backend:notify-customer-about-not-loggedin-userstypo3 bureaucratic:backend:notify-customer-about-disabled-users
Delete longlasting disabled users
Command: typo3 bureaucratic:backend:delete-longlasting-disabled-users
- argument to delete disabled records not modified since n days
- argument to add where clause by usergroup id or exact usergroup column value
- option to execute command in dry-run mode to list all affected records
- report email of deleted records to specific email recipient(s)
- notification email to affected user records
- with support of bcc recipients
- exclude test users via env variable
Examples
typo3 bureaucratic:backend:delete-longlasting-disabled-users
Managing misc records
typo3 bureaucratic:backend:list-test-userstypo3 bureaucratic:backend:validate-users-email-address