[BUGFIX] Make category tree filterable for editors with category mounts 38/54138/3
authorChristoph Lehmann <christoph.lehmann@networkteam.com>
Wed, 13 Sep 2017 21:34:45 +0000 (23:34 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Thu, 30 Nov 2017 15:45:36 +0000 (16:45 +0100)
TCEFORM.pages.categories.config.treeConfig.rootUid should filter
the category tree. Non-Admin users with category mounts currently
need every child category of rootUid in their category mounts
since the rootline of rootUid is not checked against the category
mounts.

Resolves: #78274
Releases: master,8.7,7.6
Change-Id: Id02ae69111df7397207939a034ed05797eb160ad
Reviewed-on: https://review.typo3.org/54138
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
typo3/sysext/backend/Classes/Security/CategoryPermissionsAspect.php

index e385d08..bdef965 100644 (file)
@@ -65,6 +65,15 @@ class CategoryPermissionsAspect
 
             if (!empty($categoryMountPoints) && !empty($treeNodeCollection)) {
 
+                // Check the rootline against categoryMountPoints when tree was filtered
+                if ($dataProvider->getRootUid() !== null) {
+                    $uidsInRootline = $this->findUidsInRootline($dataProvider->getRootUid());
+                    if (!empty(array_intersect($categoryMountPoints, $uidsInRootline))) {
+                        // One of the parents was found in categoryMountPoints so all children are secure
+                        return;
+                    }
+                }
+
                 // First, remove all child nodes which must be analysed to be considered as "secure".
                 // The nodes were backed up in variable $treeNodeCollection beforehand.
                 $treeData->removeChildNodes();
@@ -118,4 +127,20 @@ class CategoryPermissionsAspect
         }
         return $result;
     }
+
+    /**
+     * Find parent uids in rootline
+     *
+     * @param integer $uid
+     * @return array
+     */
+    protected function findUidsInRootline($uid) {
+        $row = $GLOBALS['TYPO3_DB']->exec_SELECTgetSingleRow('parent', $this->categoryTableName, 'uid=' . (int)$uid);
+        $parentUids = [];
+        if ($row['parent'] > 0) {
+            $parentUids = $this->findUidsInRootline($row['parent']);
+            $parentUids[] = $row['parent'];
+        }
+        return $parentUids;
+    }
 }