restrict editing and creating of sys_categories in TYPO3 to certain category mounts

Question

i need to restrict the creating and editing of sys_category entries to certain category mounts for user oder usergroups.

More precise: a given backend user should be able to create a new category but not anywhere in the category treee but only under a certain category mount. And he should not be able to delete or edit categories which are not under his category mount.

Please note: i don't mean displaying only branches of category trees in other records like news. I do mean creating and editing sys_category records.

Is there a possibility? Thanks!

Answer 1

Register 2 new Hooks:

// Check record while creating categories
$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_tcemain.php']['processDatamapClass'][]
    = \JWeiland\SitePackage\Hooks\CheckCategoryRecords::class;

// Check record while moving categories
$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_tcemain.php']['processCmdmapClass'][]
    = \JWeiland\SitePackage\Hooks\CheckCategoryRecords::class;

Add the file for Hook:

class CheckCategoryRecords
{
    public function processDatamap_beforeStart(DataHandler $dataHandler): void
    {
         $context = GeneralUtility::makeInstance(\TYPO3\CMS\Core\Context\Context::class);
         $groups = $context->getPropertyFromAspect('backend.user', 'groupIds');

        if (
            array_key_exists('sys_category', $dataHandler->datamap) 
            && is_array($dataHandler->datamap['sys_category'])
            && !empty($dataHandler->datamap['sys_category'])
            && !$this->getBackendUserAuthentication()->isAdmin()
        ) {
            // Hook is only valid, if a record is saved and editor has no admin rights
            foreach ($dataHandler->datamap['sys_category'] as $uid => $categoryRecord) {
                if (!isset($categoryRecord['pid'])) {
                    continue;
                }
                //...add further conditions, if needed...

                if (!in_array($groupUidWithCategoryRights, $groups, true)) {
                    // Add further condition, if category is allowed for given parent column

                    // editor is not allowed to add or move categories
                    unset($dataHandler->datamap['sys_category'][$uid]);
                    $dataHandler->log(
                        'sys_category',
                        $uid,
                        1,
                        0,
                        1,
                        'You are not allowed to create or move categories'
                    );
                }
            }
        }
    }
}