[BUGFIX] Only unlock records in BE user log off functionality 45/58145/5
authorBenni Mack <benni@typo3.org>
Mon, 3 Sep 2018 16:53:04 +0000 (18:53 +0200)
committerMarkus Klein <markus.klein@typo3.org>
Mon, 3 Sep 2018 17:53:04 +0000 (19:53 +0200)
commitf250a9c9aade84da5ff85ef3aa63b5228e7b27e0
treedd15cf4fac966ee1cbd994ae48474aa6277b1914
parent062c068ba1c9dcfaf7de1cfb68e854167ae37546
[BUGFIX] Only unlock records in BE user log off functionality

The database table `sys_lockedrecords` should only be cleared via
the BackendUtility when a Backend user is logging off. Currently, this
is also called for Frontend Users, which actually removes everything
from the currently logged-in backend users with the same uid.

As this is very bad code design on many levels (lockRecords for
unlocking, no context for the authentication user object etc), this
should be encapsulated within the BackendUser object directly anyway.

For further abstractions, this could also be a hook or something else,
to be even cleaner.

Resolves: #86113
Releases: master, 8.7
Change-Id: I44d91064edb6ec9ef4c148e48b67bdf22da38869
Reviewed-on: https://review.typo3.org/58145
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php
typo3/sysext/core/Classes/Authentication/BackendUserAuthentication.php