The Website-Base offers the opportunity to make page contents, like premium features that should only be accessible by registered users, available exclusively for specific user groups with only minor efforts.
The features for the registration and login of frontend users are described on this page.
The access rights for front-end users can be configured for singular pages or entire page areas with just a few clicks inside the back-end. Singular user groups can either be denied or explicitly given access. Doing the later automatically excludes other user groups from accessing the site area. This way you can provide exclusive access to any area only for registered users, for example.
To define these access restrictions for an entire section of the website, you don't need to make these configurations on every single page. Only the top page of the section needs to be configured.
All of these settings can also be made for individual content items. If a user without the appropriate access rights visits the page containing the element, it will simply not be displayed. With this functionality you can also hide any notification asking visitors to log in when they already are logged in.
Access-resctricted pages and content items are marked with an icon in the backend to help distinguishing them. For such content elements, a bar is also added to the page overview that shows which user groups have access to the element.
All files stored in the fileadmin directory of the TYPO3 backend can be easily retrieved from the URL of the web page by calling the location of the respective file as a URL path such as "/fileadmin/folder/picture.png". This is actually how image files are retrieved when a user opens it with a right-click on the image.
Of course, if you want to make sensitive files available to users with specific usage rights, such as only logged-in employees of a company, this behavior is a security risk. Therefore, a special folder for protected downloads has been added to the website base. All files stored in this folder or subfolders therein can be linked like any other file in the backend and are then available as usual in the front end.
However, if you attempt to invoke the file path from the URL, only an error is displayed in the browser, saying that the access was denied. In the front end, the real file path is also replaced by a randomly generated, temporary path on the server so that the correct path can not be determined.
With this feature, files can be made available in secured page areas for download without any possibility for unauthorized users to access them.