[BUGFIX] Initialize AdminPanel only if enabled by user 77/57077/3
authorSusanne Moog <susanne.moog@typo3.org>
Mon, 28 May 2018 20:29:19 +0000 (22:29 +0200)
committerChristian Kuhn <lolli@schwarzbu.ch>
Tue, 29 May 2018 23:16:31 +0000 (01:16 +0200)
The admin panel can be disabled via the frontend UI by
click. When the admin panel is disabled the initialize
methods should not be called. This has been fixed.

Resolves: #85104
Releases: master
Change-Id: I966b5887b03b4fb8d3f63e9556b00a37384f9dfc
Reviewed-on: https://review.typo3.org/57077
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
typo3/sysext/adminpanel/Classes/Middleware/AdminPanelInitiator.php
typo3/sysext/adminpanel/Tests/Unit/Middleware/AdminPanelInitiatorTest.php [new file with mode: 0644]

index e4ee084..0a42704 100644 (file)
@@ -43,13 +43,15 @@ class AdminPanelInitiator implements MiddlewareInterface
     public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
     {
         if ($GLOBALS['BE_USER'] instanceof FrontendBackendUserAuthentication) {
-
-            // Initialize admin panel since simulation settings are required here
             $beUser = $GLOBALS['BE_USER'];
             // set legacy config
             $beUser->extAdminConfig = $beUser->getTSConfig()['admPanel.'] ?? [];
             $adminPanelConfiguration = $beUser->extAdminConfig;
-            if (isset($adminPanelConfiguration['enable.'])) {
+            if (isset($adminPanelConfiguration['enable.']) &&
+                ($beUser->uc['TSFE_adminConfig']['display_top'] ?? false) &&
+                ($GLOBALS['TSFE']->config['config']['admPanel'] ?? false)
+            ) {
+                // only initialize if at least one module is enabled.
                 foreach ($adminPanelConfiguration['enable.'] as $value) {
                     if ($value) {
                         $adminPanelController = GeneralUtility::makeInstance(
diff --git a/typo3/sysext/adminpanel/Tests/Unit/Middleware/AdminPanelInitiatorTest.php b/typo3/sysext/adminpanel/Tests/Unit/Middleware/AdminPanelInitiatorTest.php
new file mode 100644 (file)
index 0000000..e0436c9
--- /dev/null
@@ -0,0 +1,181 @@
+<?php
+declare(strict_types = 1);
+
+namespace TYPO3\CMS\Adminpanel\Tests\Unit\Middleware;
+
+use Prophecy\Argument;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Server\RequestHandlerInterface;
+use TYPO3\CMS\Adminpanel\Controller\MainController;
+use TYPO3\CMS\Adminpanel\Middleware\AdminPanelInitiator;
+use TYPO3\CMS\Adminpanel\View\AdminPanelView;
+use TYPO3\CMS\Backend\FrontendBackendUserAuthentication;
+use TYPO3\CMS\Core\Http\ServerRequest;
+use TYPO3\CMS\Core\Utility\GeneralUtility;
+use TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController;
+use TYPO3\TestingFramework\Core\Unit\UnitTestCase;
+
+class AdminPanelInitiatorTest extends UnitTestCase
+{
+
+    /**
+     * @test
+     */
+    public function processCallsInitialize(): void
+    {
+        $tsConfig = [
+            'admPanel.' => [
+                'enable.' => [
+                    'all',
+                ],
+            ],
+        ];
+        $uc = [
+            'TSFE_adminConfig' => [
+                'display_top' => true
+            ]
+        ];
+        $typoScript = [
+            'config' => [
+                'admPanel' => 1
+            ]
+        ];
+        $userAuthentication = $this->prophesize(FrontendBackendUserAuthentication::class);
+        $userAuthentication->getTSConfig(Argument::any())->willReturn($tsConfig);
+        $userAuthentication->uc = $uc;
+        $GLOBALS['BE_USER'] = $userAuthentication->reveal();
+
+        $tsfe = $this->prophesize(TypoScriptFrontendController::class);
+        $tsfe->config = $typoScript;
+        $GLOBALS['TSFE'] = $tsfe;
+
+        $controller = $this->prophesize(MainController::class);
+        GeneralUtility::setSingletonInstance(MainController::class, $controller->reveal());
+        GeneralUtility::addInstance(AdminPanelView::class, $this->prophesize(AdminPanelView::class)->reveal());
+        $handler = $this->prophesizeHandler();
+        $request = $this->prophesize(ServerRequest::class);
+        // Act
+        $adminPanelInitiator = new AdminPanelInitiator();
+        $adminPanelInitiator->process(
+            $request->reveal(),
+            $handler->reveal()
+        );
+        // Assert
+        $controller->initialize(Argument::any())->shouldHaveBeenCalled();
+    }
+
+    /**
+     * @test
+     */
+    public function processDoesNotCallInitializeIfAdminPanelIsNotEnabledInTypoScript(): void
+    {
+        $tsConfig = [
+            'admPanel.' => [
+                'enable.' => [
+                    'all',
+                ],
+            ],
+        ];
+        $uc = [
+            'TSFE_adminConfig' => [
+                'display_top' => true
+            ]
+        ];
+        $typoScript = [
+            'config' => [
+                'admPanel' => 0
+            ]
+        ];
+        $this->checkAdminPanelDoesNotCallInitialize($tsConfig, $uc, $typoScript);
+    }
+
+    /**
+     * @test
+     */
+    public function processDoesNotCallInitializeIfAdminPanelIsNotEnabledInUC(): void
+    {
+        $tsConfig = [
+            'admPanel.' => [
+                'enable.' => [
+                    'all',
+                ],
+            ],
+        ];
+        $uc = [
+            'TSFE_adminConfig' => [
+                'display_top' => false
+            ]
+        ];
+        $typoScript = [
+            'config' => [
+                'admPanel' => 1
+            ]
+        ];
+        $this->checkAdminPanelDoesNotCallInitialize($tsConfig, $uc, $typoScript);
+    }
+
+    /**
+     * @test
+     */
+    public function processDoesNotCallInitializeIfNoAdminPanelModuleIsEnabled(): void
+    {
+        $tsConfig = [
+            'admPanel.' => [],
+        ];
+        $uc = [
+            'TSFE_adminConfig' => [
+                'display_top' => true
+            ]
+        ];
+        $typoScript = [
+            'config' => [
+                'admPanel' => 1
+            ]
+        ];
+        $this->checkAdminPanelDoesNotCallInitialize($tsConfig, $uc, $typoScript);
+    }
+
+    /**
+     * @param $tsConfig
+     * @param $uc
+     * @param $typoScript
+     */
+    protected function checkAdminPanelDoesNotCallInitialize($tsConfig, $uc, $typoScript): void
+    {
+        $userAuthentication = $this->prophesize(FrontendBackendUserAuthentication::class);
+        $userAuthentication->getTSConfig(Argument::any())->willReturn($tsConfig);
+        $userAuthentication->uc = $uc;
+        $GLOBALS['BE_USER'] = $userAuthentication->reveal();
+
+        $tsfe = $this->prophesize(TypoScriptFrontendController::class);
+        $tsfe->config = $typoScript;
+        $GLOBALS['TSFE'] = $tsfe;
+
+        $controller = $this->prophesize(MainController::class);
+        GeneralUtility::setSingletonInstance(MainController::class, $controller->reveal());
+        $handler = $this->prophesizeHandler();
+        $request = $this->prophesize(ServerRequest::class);
+        // Act
+        $adminPanelInitiator = new AdminPanelInitiator();
+        $adminPanelInitiator->process(
+            $request->reveal(),
+            $handler->reveal()
+        );
+        // Assert
+        $controller->initialize(Argument::any())->shouldNotHaveBeenCalled();
+    }
+
+    /**
+     * @return \Prophecy\Prophecy\ObjectProphecy|\Psr\Http\Server\RequestHandlerInterface
+     */
+    protected function prophesizeHandler()
+    {
+        $handler = $this->prophesize(RequestHandlerInterface::class);
+        $handler
+            ->handle(Argument::any())
+            ->willReturn(
+                $this->prophesize(ResponseInterface::class)->reveal()
+            );
+        return $handler;
+    }
+}