Headless CMS (T3DD19)

Transcript

1. Headless CMS Susanne Moog [email protected] @sasunegomo TYPO3 Developer Days 2019

   Artus Kolanowski [email protected]

2. Outline 1. Introduction 2. Use cases 3. Current approaches 4.

   Perspectives for the future 5. Talk

3. Introduction

4. A closer look at the definition ▪ “Headless” is the

   absence of an graphical user interface ▪ Ambitions to decouple the application architecture ▪ Machines take place of the users instead Back End UI Front End Templates Plugins Back End UI API Traditional CMS Headless CMS

5. Explanation attempt(s) for the trend Multiple Channels ▪ Social media

   ▪ Internet of things Flexibility ▪ UI technologies ▪ Stakeholder needs Scalability ▪ Large projects ▪ Long-living projects

6. Jack of all trades? ▪ Higher technical proficiency ▪ Lack

   of visualization ▪ Bigger budgets

7. Use cases

8. Use Cases ▪ SPA/Frontend Frameworks ▪ Omnichannel ▪ 3rd party

   integrations ▪ “Frontend Agency”

9. Current approaches

10. As type / rendering definition

11. As JSON View

12. With PSR-15 middlewares

13. What’s missing? ▪ Convenient Read API / Default Data Models

    ▪ Write API ▪ Access / Rights Management

14. Perspectives for the future

15. Headless operations ▪ Query & Mutation ▪ Introspection ▪ Context

    awareness

16. Persistence Initiative ▪ Handling localization, workspaces and permissions combined is

    complex ▪ Unified persistence layer is missing ▪ Lack of a generic permission layer

17. Persistence Layer ▪ Unified data schema definition ▪ GraphQL as

    query language ▪ Context as part of a query

18. GraphQL Query { tt_content( filter: "pid = 123 and CType

    = `image`", order: "header ascending" ) { header image { # sys_file_reference [0..*] title uid_local { # sys_file [1] identifier } } } }

19. Entity Reader use TYPO3\CMS\GraphQL; $entityReader = new EntityReader(); $result =

    $entityReader->execute( '...', # GraphQL Query new Context([ 'language' => new LanguageAspect(2, null, LanguageAspect::OVERLAYS_ON) ]) );

20. Permission Layer ▪ Policy-based access control ▪ Define and overwrite

    policies through YAML ▪ Expression language for policy targeting ▪ Multiple combining algorithms ▪ Decision related actions

21. Policy Definition TYPO3: CMS: Policy: description: 'Root policy set.' algorithm:

    highestPriority policies: Admin: target: 'hasAuthority("backend.role", "ADMIN")' description: 'Administrator policy' priority: 100 rules: [ {effect: permit} ]

22. Policy Decision use TYPO3\CMS\Security\Policy\PolicyDecision; use TYPO3\CMS\Security\Policy\PolicyDecisionPoint; $policyDecisionPoint = new PolicyDecisionPoint();

    $policyDecision = $policyDecisionPoint->authorize([ 'resource' => ..., # e.g. `be_users` 'action' => ..., # e.g. `read` ]); if ($policyDecision->isApplicable() && $policyDecision->getValue() === PolicyDecision::PERMIT ) { ... }

23. Talk

24. Sources ▪ https://trends.google.com/trends/explore?dat e=all&q=headless%20cms ▪ https://github.com/typo3-initiatives/graphql ▪ https://github.com/typo3-initiatives/security

25. Sources / Further Reading ▪ https://usetypo3.com/json-view.html ▪ https://extensions.typo3.org/extension/slim_ty po3/ ▪

    https://usetypo3.com/psr15-middleware-in-typ o3.html ▪ https://typo3.org/community/teams/typo3-de velopment/initiatives/persistence/

26. Thank you!