Commit 4f8edc26 authored by Benni Mack's avatar Benni Mack
Browse files

[TASK] Avoid additional query in TSFE for BE User Sections

This is a nice one: One of the most underrated features
(pages within Backend User Sections), is checked
within TSFE, if a logged-in backend user has access
to the current page.

This change uses the current "TSFE->page" record
to do the check and avoids 1 additional SQL query.

Resolves: #96934
Releases: main
Change-Id: I3e1c1000ab290e5c6cbcb38b512b7caf4eac5bc2
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/73569

Tested-by: core-ci's avatarcore-ci <typo3@b13.com>
Tested-by: Oliver Bartsch's avatarOliver Bartsch <bo@cedev.de>
Tested-by: Stefan Bürk's avatarStefan Bürk <stefan@buerk.tech>
Tested-by: Benni Mack's avatarBenni Mack <benni@typo3.org>
Reviewed-by: Oliver Bartsch's avatarOliver Bartsch <bo@cedev.de>
Reviewed-by: Stefan Bürk's avatarStefan Bürk <stefan@buerk.tech>
Reviewed-by: Benni Mack's avatarBenni Mack <benni@typo3.org>
parent 2a8a4a7c
......@@ -1084,16 +1084,14 @@ class TypoScriptFrontendController implements LoggerAwareInterface
* record field 'extendToSubpages' to 1 in case of hidden, starttime,
* endtime or fe_group restrictions.
*
* Additionally this method checks for backend user sections in root line
* and if found evaluates if a backend user is logged in and has access.
* Additionally, this method checks for backend user sections in root line
* and if found, evaluates if a backend user is logged in and has access.
*
* Recyclers are also checked and trigger page not found if found in root
* line.
*
* @todo Find a better name, i.e. checkVisibilityByRootLine
* @todo Invert boolean return value. Return true if visible.
*
* @return bool
*/
protected function checkRootlineForIncludeSection(): bool
{
......@@ -1110,29 +1108,9 @@ class TypoScriptFrontendController implements LoggerAwareInterface
if ((int)$this->rootLine[$a]['doktype'] === PageRepository::DOKTYPE_BE_USER_SECTION) {
// If there is a backend user logged in, check if they have read access to the page:
if ($this->isBackendUserLoggedIn()) {
$queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)
->getQueryBuilderForTable('pages');
$queryBuilder
->getRestrictions()
->removeAll();
$row = $queryBuilder
->select('uid')
->from('pages')
->where(
$queryBuilder->expr()->eq(
'uid',
$queryBuilder->createNamedParameter($this->id, \PDO::PARAM_INT)
),
$this->getBackendUser()->getPagePermsClause(Permission::PAGE_SHOW)
)
->executeQuery()
->fetchAssociative();
// versionOL()?
if (!$row) {
// If there was no page selected, the user apparently did not have read access to the current PAGE (not position in rootline) and we set the remove-flag...
// If there was no page selected, the user apparently did not have read access to the
// current page (not position in rootline) and we set the remove-flag...
if (!$this->getBackendUser()->doesUserHaveAccess($this->page, Permission::PAGE_SHOW)) {
$removeTheRestFlag = true;
}
} else {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment