[BUGFIX] Draft usergroup access rights are now respected 53/42553/3
authorBart Dubelaar <bartdubelaar@gmail.com>
Fri, 27 Jan 2012 10:28:31 +0000 (11:28 +0100)
committerAndreas Wolf <andreas.wolf@typo3.org>
Thu, 13 Aug 2015 19:28:44 +0000 (21:28 +0200)
Adding usergroup access rights to a page in a draft workspace had no
effect on the preview, the page was still shown in menus. The other way
around didn't work either. Removing access rights would not make the page
available. Previewing wasn't possible at all.

This behavior is fixed. All draft usergroup changes are now respected
when previewing.

Releases: master, 6.2
Resolves: #33436
Change-Id: Ib9a74e98d6ed7457849465fc64685f89ed82fb61
Reviewed-on: http://review.typo3.org/42553
Reviewed-by: Andreas Wolf <andreas.wolf@typo3.org>
Tested-by: Andreas Wolf <andreas.wolf@typo3.org>
typo3/sysext/frontend/Classes/ContentObject/Menu/AbstractMenuContentObject.php
typo3/sysext/frontend/Classes/Page/PageRepository.php
typo3/sysext/frontend/Tests/Unit/Page/PageRepositoryTest.php

index 0212cfd..eb073a4 100644 (file)
@@ -445,10 +445,11 @@ class AbstractMenuContentObject {
                                                                $id = $mount_info['mount_pid'];
                                                        }
                                                        // Get sub-pages:
-                                                       $res = $this->parent_cObj->exec_getQuery('pages', array('pidInList' => $id, 'orderBy' => $altSortField));
+                                                       $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('uid', 'pages', 'pid=' . (int)$id . $this->sys_page->where_hid_del, '', $altSortField);
                                                        while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
+                                                               $row = $this->sys_page->getPage($row['uid']);
                                                                $GLOBALS['TSFE']->sys_page->versionOL('pages', $row, TRUE);
-                                                               if (is_array($row)) {
+                                                               if (!empty($row)) {
                                                                        // Keep mount point?
                                                                        $mount_info = $this->sys_page->getMountPointInfo($row['uid'], $row);
                                                                        // There is a valid mount point.
@@ -466,14 +467,15 @@ class AbstractMenuContentObject {
                                                                                }
                                                                        }
                                                                        // Add external MP params, then the row:
-                                                                       if (is_array($row)) {
+                                                                       if (!empty($row)) {
                                                                                if ($MP) {
                                                                                        $row['_MP_PARAM'] = $MP . ($row['_MP_PARAM'] ? ',' . $row['_MP_PARAM'] : '');
                                                                                }
-                                                                               $temp[$row['uid']] = $this->sys_page->getPageOverlay($row);
+                                                                               $temp[$row['uid']] = $row;
                                                                        }
                                                                }
                                                        }
+                                                       $GLOBALS['TYPO3_DB']->sql_free_result($res);
                                                }
                                                break;
                                        case 'list':
index 249f7f1..d5d81a8 100644 (file)
@@ -227,6 +227,17 @@ class PageRepository {
                if (is_array($this->cache_getPage[$uid][$cacheKey])) {
                        return $this->cache_getPage[$uid][$cacheKey];
                }
+               $workspaceVersion = $this->getWorkspaceVersionOfRecord($this->versioningWorkspaceId, 'pages', $uid);
+               if (is_array($workspaceVersion)) {
+                       $workspaceVersionAccess = $GLOBALS['TYPO3_DB']->exec_SELECTgetSingleRow(
+                               'uid',
+                               'pages',
+                               'uid=' . intval($workspaceVersion['uid']) . $this->where_hid_del . $accessCheck
+                       );
+                       if (is_array($workspaceVersionAccess)) {
+                               $accessCheck = '';
+                       }
+               }
                $result = array();
                $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('*', 'pages', 'uid=' . (int)$uid . $this->where_hid_del . $accessCheck);
                $row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res);
@@ -505,7 +516,36 @@ class PageRepository {
         */
        public function getMenu($uid, $fields = '*', $sortField = 'sorting', $addWhere = '', $checkShortcuts = TRUE) {
                $output = array();
-               $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery($fields, 'pages', 'pid=' . (int)$uid . $this->where_hid_del . $this->where_groupAccess . ' ' . $addWhere, '', $sortField);
+               $query = 'pid=' . (int)$uid . $this->where_hid_del . $this->where_groupAccess . ' ' . $addWhere;
+               if ($this->versioningWorkspaceId != 0) {
+                       $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
+                               'uid',
+                               'pages',
+                               'pid=' . (int)$uid . $this->where_hid_del . ' ' . $addWhere,
+                               '',
+                               $sortField
+                       );
+                       $recordArray = array();
+                       while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
+                               $workspaceRow = $this->getWorkspaceVersionOfRecord($this->versioningWorkspaceId, 'pages', $row['uid']);
+                               $realUid = is_array($workspaceRow) ? $workspaceRow['uid'] : $row['uid'];
+                               $result = $GLOBALS['TYPO3_DB']->exec_SELECTgetSingleRow(
+                                       'uid',
+                                       'pages',
+                                       'uid=' . (int)$realUid . $this->where_hid_del . $this->where_groupAccess . ' ' . $addWhere,
+                                       '',
+                                       $sortField
+                               );
+                               if (is_array($result)) {
+                                       $recordArray[] = $row['uid'];
+                               }
+                       }
+                       $GLOBALS['TYPO3_DB']->sql_free_result($res);
+                       if (!empty($recordArray)) {
+                               $query = 'uid IN (' . implode(',', $recordArray) . ')';
+                       }
+               };
+               $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery($fields, 'pages', $query, '', $sortField);
                while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
                        $this->versionOL('pages', $row, TRUE);
                        if (is_array($row)) {
index 78d1da3..8bd701a 100644 (file)
@@ -30,7 +30,7 @@ class PageRepositoryTest extends \TYPO3\CMS\Core\Tests\UnitTestCase {
         * Sets up this testcase
         */
        public function setUp() {
-               $GLOBALS['TYPO3_DB'] = $this->getMock('TYPO3\\CMS\\Core\\Database\\DatabaseConnection', array('exec_SELECTquery', 'sql_fetch_assoc', 'sql_free_result'));
+               $GLOBALS['TYPO3_DB'] = $this->getMock('TYPO3\\CMS\\Core\\Database\\DatabaseConnection', array('exec_SELECTquery', 'sql_fetch_assoc', 'sql_free_result', 'exec_SELECTgetSingleRow'));
                $this->pageSelectObject = $this->getAccessibleMock('TYPO3\\CMS\\Frontend\\Page\\PageRepository', array('getMultipleGroupsWhereClause'));
                $this->pageSelectObject->expects($this->any())->method('getMultipleGroupsWhereClause')->will($this->returnValue(' AND 1=1'));
        }