[BUGFIX] Draft usergroup access rights are now respected 19/8719/19
authorBart Dubelaar <bartdubelaar@gmail.com>
Fri, 27 Jan 2012 10:28:31 +0000 (11:28 +0100)
committerAndreas Wolf <andreas.wolf@typo3.org>
Fri, 17 Jul 2015 22:14:11 +0000 (00:14 +0200)
Adding usergroup access rights to a page in a draft workspace had no
effect on the preview, the page was still shown in menus. The other way
around didn't work either. Removing access rights would not make the page
available. Previewing wasn't possible at all.

This behavior is fixed. All draft usergroup changes are now respected
when previewing.

Change-Id: Ib9a74e98d6ed7457849465fc64685f89ed82fb61
Fixes: #33436
Releases: master, 6.2
Reviewed-on: http://review.typo3.org/8719
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Andreas Wolf <andreas.wolf@typo3.org>
Tested-by: Andreas Wolf <andreas.wolf@typo3.org>
typo3/sysext/frontend/Classes/ContentObject/Menu/AbstractMenuContentObject.php
typo3/sysext/frontend/Classes/Page/PageRepository.php
typo3/sysext/frontend/Tests/Unit/Page/PageRepositoryTest.php

index 8b2e7c8..73c0458 100644 (file)
@@ -708,10 +708,11 @@ abstract class AbstractMenuContentObject {
                                $id = $mount_info['mount_pid'];
                        }
                        // Get sub-pages:
-                       $res = $this->parent_cObj->exec_getQuery('pages', array('pidInList' => $id, 'orderBy' => $sortingField));
+                       $res = $this->getDatabaseConnection()->exec_SELECTquery('uid', 'pages', 'pid=' . intval($id) . $this->sys_page->where_hid_del, '', $sortingField);
                        while ($row = $this->getDatabaseConnection()->sql_fetch_assoc($res)) {
+                               $row = $this->sys_page->getPage($row['uid']);
                                $tsfe->sys_page->versionOL('pages', $row, TRUE);
-                               if (is_array($row)) {
+                               if (!empty($row)) {
                                        // Keep mount point?
                                        $mount_info = $this->sys_page->getMountPointInfo($row['uid'], $row);
                                        // There is a valid mount point.
@@ -729,11 +730,11 @@ abstract class AbstractMenuContentObject {
                                                }
                                        }
                                        // Add external MP params, then the row:
-                                       if (isset($row)) {
+                                       if (!empty($row)) {
                                                if ($MP) {
                                                        $row['_MP_PARAM'] = $MP . ($row['_MP_PARAM'] ? ',' . $row['_MP_PARAM'] : '');
                                                }
-                                               $menuItems[$row['uid']] = $this->sys_page->getPageOverlay($row);
+                                               $menuItems[$row['uid']] = $row;
                                        }
                                }
                        }
index a18bf61..bce86e0 100644 (file)
@@ -215,6 +215,17 @@ class PageRepository {
                if (is_array($this->cache_getPage[$uid][$cacheKey])) {
                        return $this->cache_getPage[$uid][$cacheKey];
                }
+               $workspaceVersion = $this->getWorkspaceVersionOfRecord($this->versioningWorkspaceId, 'pages', $uid);
+               if (is_array($workspaceVersion)) {
+                       $workspaceVersionAccess = $GLOBALS['TYPO3_DB']->exec_SELECTgetSingleRow(
+                               'uid',
+                               'pages',
+                               'uid=' . intval($workspaceVersion['uid']) . $this->where_hid_del . $accessCheck
+                       );
+                       if (is_array($workspaceVersionAccess)) {
+                               $accessCheck = '';
+                       }
+               }
                $result = array();
                $res = $this->getDatabaseConnection()->exec_SELECTquery('*', 'pages', 'uid=' . (int)$uid . $this->where_hid_del . $accessCheck);
                $row = $this->getDatabaseConnection()->sql_fetch_assoc($res);
@@ -532,14 +543,36 @@ class PageRepository {
         */
        public function getMenu($uid, $fields = '*', $sortField = 'sorting', $addWhere = '', $checkShortcuts = TRUE) {
                $output = array();
-               $res = $this->getDatabaseConnection()->exec_SELECTquery(
-                       $fields,
-                       'pages',
-                       'pid IN (' . implode(',', $this->getDatabaseConnection()->cleanIntArray((array)$uid)) . ')' . $this->where_hid_del
-                               . $this->where_groupAccess . ' ' . $addWhere,
-                       '',
-                       $sortField
-               );
+               $query = 'pid IN (' . implode(',', $this->getDatabaseConnection()->cleanIntArray((array)$uid)) .
+                       ')' . $this->where_hid_del . $this->where_groupAccess . ' ' . $addWhere;
+               if ($this->versioningWorkspaceId != 0) {
+                       $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
+                               'uid',
+                               'pages',
+                               'pid IN (' . implode(',', $this->getDatabaseConnection()->cleanIntArray((array)$uid)) .
+                               ')' . $this->where_hid_del . ' ' . $addWhere,
+                               '',
+                               $sortField
+                       );
+                       while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
+                       $workspaceRow = $this->getWorkspaceVersionOfRecord($this->versioningWorkspaceId, 'pages', $row['uid']);
+                       $realUid = is_array($workspaceRow) ? $workspaceRow['uid'] : $row['uid'];
+                               $result = $GLOBALS['TYPO3_DB']->exec_SELECTgetSingleRow(
+                                       'uid',
+                                       'pages',
+                                       'uid=' . intval($realUid) . $this->where_hid_del . $this->where_groupAccess . ' ' . $addWhere,
+                                       '',
+                                       $sortField
+                               );
+                               if (is_array($result)) {
+                                       $recordArray[] = $row['uid'];
+                               }
+                       }
+                       if (is_array($recordArray)) {
+                               $query = 'uid IN (' . implode(',', $recordArray) . ')';
+                       }
+               };
+               $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery($fields, 'pages', $query, '', $sortField);
                while (($row = $this->getDatabaseConnection()->sql_fetch_assoc($res))) {
                        $this->versionOL('pages', $row, TRUE);
                        if (is_array($row)) {
index 3da3e46..f1e9380 100644 (file)
@@ -47,7 +47,7 @@ class PageRepositoryTest extends \TYPO3\CMS\Core\Tests\UnitTestCase {
         * Sets up this testcase
         */
        protected function setUp() {
-               $GLOBALS['TYPO3_DB'] = $this->getMock(\TYPO3\CMS\Core\Database\DatabaseConnection::class, array('exec_SELECTquery', 'sql_fetch_assoc', 'sql_free_result'));
+               $GLOBALS['TYPO3_DB'] = $this->getMock(\TYPO3\CMS\Core\Database\DatabaseConnection::class, array('exec_SELECTquery', 'sql_fetch_assoc', 'sql_free_result', 'exec_SELECTgetSingleRow'));
                $this->pageSelectObject = $this->getAccessibleMock(\TYPO3\CMS\Frontend\Page\PageRepository::class, array('getMultipleGroupsWhereClause'));
                $this->pageSelectObject->expects($this->any())->method('getMultipleGroupsWhereClause')->will($this->returnValue(' AND 1=1'));
        }