[BUGFIX] Only unlock records in BE user log off functionality 48/58148/3
authorBenni Mack <benni@typo3.org>
Mon, 3 Sep 2018 16:53:04 +0000 (18:53 +0200)
committerMarkus Klein <markus.klein@typo3.org>
Mon, 3 Sep 2018 21:35:36 +0000 (23:35 +0200)
commitba913231dbdc90a678cd8a41037743dbbbba4149
tree0fcad867354a47bc8d4105b0ed788d14727a8cb0
parent90352bb0ed9f8d300ac5c4f27d9b7f51619b24ce
[BUGFIX] Only unlock records in BE user log off functionality

The database table `sys_lockedrecords` should only be cleared via
the BackendUtility when a Backend user is logging off. Currently, this
is also called for Frontend Users, which actually removes everything
from the currently logged-in backend users with the same uid.

As this is very bad code design on many levels (lockRecords for
unlocking, no context for the authentication user object etc), this
should be encapsulated within the BackendUser object directly anyway.

For further abstractions, this could also be a hook or something else,
to be even cleaner.

Resolves: #86113
Releases: master, 8.7
Change-Id: I44d91064edb6ec9ef4c148e48b67bdf22da38869
Reviewed-on: https://review.typo3.org/58148
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php
typo3/sysext/core/Classes/Authentication/BackendUserAuthentication.php