[BUGFIX] Ignore root level restriction on new record 14/47314/2
authorBenjamin Serfhos <serfhos@gmail.com>
Wed, 16 Mar 2016 14:16:05 +0000 (15:16 +0100)
committerAndreas Fernandez <typo3@scripting-base.de>
Fri, 18 Mar 2016 09:57:29 +0000 (10:57 +0100)
When TCA [ctrl][security][ignoreRootLevelRestriction] is enabled, the
root level should be ignored on creation too.

Resolves: #75147
Releases: master,7.6
Change-Id: I55414696838a256d967d410cf523edc031ebe952
Reviewed-on: https://review.typo3.org/47314
Reviewed-by: Andreas Fernandez <typo3@scripting-base.de>
Tested-by: Andreas Fernandez <typo3@scripting-base.de>
typo3/sysext/backend/Classes/Form/FormDataProvider/DatabaseUserPermissionCheck.php
typo3/sysext/backend/Tests/Unit/Form/FormDataProvider/DatabaseUserPermissionCheckTest.php

index 1747ecd..d003461 100644 (file)
@@ -99,12 +99,14 @@ class DatabaseUserPermissionCheck implements FormDataProviderInterface
                         );
                     }
                 }
+            } elseif (BackendUtility::isRootLevelRestrictionIgnored($result['tableName'])) {
+                // Non admin is creating a record on root node for a table that is actively allowed
+                $userHasAccess = true;
+                $userPermissionOnPage = Permission::ALL;
             } else {
-                // Record is added to root node. This was not defined and implicitly *allowed*
-                // with previous access check implementation. It is currently unsure when exactly
-                // this can be triggered, so we'll throw a RuntimeException hinting us about this.
-                throw new \RuntimeException(
-                    'Not implemented. User ' . $backendUser->user['uid'] . ' creats new record ' . $result['tableName'] . ' on root node.',
+                // Non admin has no create permission on root node records
+                $exception = new AccessDeniedRootNodeException(
+                    'No record creation permission for user ' . $backendUser->user['uid'] . ' on page root node',
                     1437745221
                 );
             }
index 8c41527..206a51e 100644 (file)
@@ -175,7 +175,7 @@ class DatabaseUserPermissionCheckTest extends UnitTestCase
     /**
      * @test
      */
-    public function addDataSetsPermissionsToAllIfRootLevelRestrictionForTableIsIgnored()
+    public function addDataSetsPermissionsToAllIfRootLevelRestrictionForTableIsIgnoredForContentEditRecord()
     {
         $input = [
             'tableName' => 'tt_content',
@@ -400,7 +400,28 @@ class DatabaseUserPermissionCheckTest extends UnitTestCase
     /**
      * @test
      */
-    public function addDataThrowsExceptionForNewRecordsOnRootLevelWithoutAdminPermissions()
+    public function addDataSetsPermissionsToAllIfRootLevelRestrictionForTableIsIgnoredForNewContentRecord()
+    {
+        $input = [
+            'tableName' => 'pages',
+            'command' => 'new',
+            'vanillaUid' => 123,
+            'parentPageRow' => null,
+        ];
+        $this->beUserProphecy->isAdmin()->willReturn(false);
+        $this->beUserProphecy->check('tables_modify', $input['tableName'])->willReturn(true);
+        $this->beUserProphecy->recordEditAccessInternals($input['tableName'], Argument::cetera())->willReturn(true);
+        $GLOBALS['TCA'][$input['tableName']]['ctrl']['security']['ignoreRootLevelRestriction'] = true;
+
+        $result = $this->subject->addData($input);
+
+        $this->assertSame(Permission::ALL, $result['userPermissionOnPage']);
+    }
+
+    /**
+     * @test
+     */
+    public function addDataThrowsExceptionForNewRecordsOnRootLevelWithoutPermissions()
     {
         $input = [
             'tableName' => 'pages',
@@ -412,7 +433,7 @@ class DatabaseUserPermissionCheckTest extends UnitTestCase
         $this->beUserProphecy->isAdmin()->willReturn(false);
         $this->beUserProphecy->check('tables_modify', $input['tableName'])->willReturn(true);
 
-        $this->setExpectedException(\RuntimeException::class, $this->anything(), 1437745221);
+        $this->setExpectedException(AccessDeniedRootNodeException::class, $this->anything(), 1437745221);
 
         $this->subject->addData($input);
     }