{"id":33957169,"url":"https://github.com/liquidlight/typo3-elevate-to-admin","last_synced_at":"2025-12-12T20:58:23.688Z","repository":{"id":314475634,"uuid":"1055519139","full_name":"liquidlight/typo3-elevate-to-admin","owner":"liquidlight","description":"Allow users to elevate themselves to admin if they have permission to do so.","archived":false,"fork":false,"pushed_at":"2025-09-28T16:10:58.000Z","size":101,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-10-30T06:28:42.324Z","etag":null,"topics":["php","typo3","typo3-cms-extension","typo3-extension"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/liquidlight.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-09-12T11:39:21.000Z","updated_at":"2025-09-25T19:17:21.000Z","dependencies_parsed_at":"2025-09-12T18:47:39.326Z","dependency_job_id":"9ee73cb6-3e20-456b-9c92-c72ebaad214f","html_url":"https://github.com/liquidlight/typo3-elevate-to-admin","commit_stats":null,"previous_names":["liquidlight/typo3-elevate-to-admin"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/liquidlight/typo3-elevate-to-admin","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/liquidlight%2Ftypo3-elevate-to-admin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/liquidlight%2Ftypo3-elevate-to-admin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/liquidlight%2Ftypo3-elevate-to-admin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/liquidlight%2Ftypo3-elevate-to-admin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/liquidlight","download_url":"https://codeload.github.com/liquidlight/typo3-elevate-to-admin/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/liquidlight%2Ftypo3-elevate-to-admin/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":27691427,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-12-12T02:00:06.775Z","response_time":129,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["php","typo3","typo3-cms-extension","typo3-extension"],"created_at":"2025-12-12T20:58:23.178Z","updated_at":"2025-12-12T20:58:23.678Z","avatar_url":"https://github.com/liquidlight.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Elevate to Admin\n\nA TYPO3 extension that removes permanent admin access and lets users elevate to admin only when needed.\n\nAdmin users log in without admin privileges. Not only does this satisfy cyber security accreditations*, it allows your admin users to use the website as Editors which means they can quickly see any permissions or UI Bugs, issues and errors\n\n## Features\n\n- Meets Cyber Essentials and ISO 27001 requirements*\n- See who is an admin and since when\n- Resets privileges after 10 minutes of inactivity\n- Clears admin privileges after logging out\n- Allows admins to sill log in when backend is locked for editors\n\n## Installation\n\n1. `composer require liquidlight/typo3-elevate-to-admin`\n2. Edit backend users and enable \"Can elevate to admin\" where appropriate (existing admins will have this enabled when they login )\n3. Selected users can use the dropdown in the corner to elevate to admin\n\n![Screenshot of dropdown](./Documentation/Images/drop-down.png)\n\nThe user can exit admin mode by using the same dropdown.\n\n## How It Works\n\n1. **Login as regular user** - Admin users log in without admin privileges\n2. **Work normally** - Browse, edit content, and perform regular tasks\n3. **Elevate when needed** - Click the dropdown to become admin for specific tasks\n4. **Auto-logout** - Admin privileges automatically expire after 10 minutes of inactivity\n\n## Events\n\nThe extension dispatches PSR-14 events that allow you to customize the behaviour:\n\n### BeforeAdminElevationProcessEvent\n\nThis event is dispatched before the admin elevation processing begins. You can use it to skip the elevation process entirely based on custom conditions.\n\n#### Example: Make everyone admin in development mode\n\n```php\n\u003c?php\n\nnamespace MyVendor\\MyExtension\\EventListener;\n\nuse LiquidLight\\ElevateToAdmin\\Event\\BeforeAdminElevationProcessEvent;\nuse LiquidLight\\ElevateToAdmin\\Traits\\AdminElevationTrait;\nuse TYPO3\\CMS\\Core\\Core\\Environment;\n\nfinal class DevModeAdminListener\n{\n    use AdminElevationTrait;\n\n    public function __invoke(BeforeAdminElevationProcessEvent $event): void\n    {\n        if (Environment::getContext()-\u003eisDevelopment()) {\n            $user = $event-\u003egetBackendUser();\n\n            // Make user admin if they can elevate and aren't already admin\n            if ($this-\u003ecanUserElevate($user) \u0026\u0026 !$user-\u003eisAdmin()) {\n                $this-\u003esetAdminElevation((int)$user-\u003euser['uid']);\n            }\n\n            // Skip normal processing since we've handled it\n            $event-\u003eskipProcessing();\n        }\n    }\n}\n```\n\nRegister the event listener in `Configuration/Services.yaml`:\n\n```yaml\nservices:\n  MyVendor\\MyExtension\\EventListener\\DevModeAdminListener:\n    tags:\n      - name: event.listener\n        identifier: 'dev-mode-admin'\n        event: LiquidLight\\ElevateToAdmin\\Event\\BeforeAdminElevationProcessEvent\n```\n\n## Testing\n\nThis extension includes comprehensive unit and functional tests with database integration.\n\n### Unit Tests\n\nUnit tests can be run with\n\n```\ncomposer i\ncomposer test-unit\n```\n\n### Functional Tests\n\nUnit tests can be run with\n\n```\ncomposer i\ncomposer test-functional\n```\n\n---\n\n## * Cybersecurity requirements\n\nPlease check to ensure elevation/re-authentication is acceptable for your require security practices and accreditations. After our research, we have found:\n\n### Cyber Essentials\n\nThe official requirement states \"use separate accounts to perform administrative activities only\" - but this is **ambiguous**. It could mean:\n\n- **Separate user accounts** (strict interpretation)\n- **Separate administrative sessions/activities** (flexible interpretation allowing elevation)\n\n**Problem:** Some certification bodies explicitly state that \"account separation\" is mandatory and that privilege elevation methods don't meet requirements, while others may accept properly implemented elevation.\n\n**Recommendation:** Check with your specific certification body, as interpretations vary.\n\n### ISO 27001:2022\n\n**More flexible approach.** The updated standard \"does not explicitly require a different user ID for privileged access\" and \"emphasises the need to re-authenticate prior to receiving privileged access rights.\"\n\nElevation with re-authentication **is acceptable** if it includes:\n- Proper re-authentication before privilege escalation\n- Session separation and logging\n- Clear audit trails\n\n### Bottom Line\n\n- **Cyber Essentials:** Unclear - depends on your certification body's interpretation\n- **ISO 27001:2022:** Elevation with proper controls is acceptable\n\n### Sources\n\n- **NCSC Cyber Essentials Requirements:** [Official Documentation v3.2](https://www.ncsc.gov.uk/files/cyber-essentials-requirements-for-it-infrastructure-v3-2.pdf)\n- **ISO 27001:2022 Control 8.2:** [Implementation Guidance](https://www.isms.online/iso-27001/annex-a-2022/8-2-use-of-privileged-access-rights-2022/)\n- **Cyber Essentials Overview:** [NCSC Website](https://www.ncsc.gov.uk/cyberessentials/overview)\n\n---\n*Always verify requirements with your certification body before implementation*\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fliquidlight%2Ftypo3-elevate-to-admin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fliquidlight%2Ftypo3-elevate-to-admin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fliquidlight%2Ftypo3-elevate-to-admin/lists"}