Commit 448ad365 authored by Ingo Fabbri's avatar Ingo Fabbri Committed by Oliver Bartsch
Browse files

[BUGFIX] Prevent workspace access checks for dummy user

The backend usergroup compare view requires to fetch the
group data of the groups to compare. Since this operation
depends on a user array, UserInformationService creates
such dummy user.

Since #93233 the dummy user array also contains a workspace
id `-99`.

To successfully overcome workspace access-checks, set
the admin-flag for this fake-user. Use workspace uid 0,
to avoid any database operations on workspace access
checks. Workspace 0 additionally prevents the log-message,
which led to the exception message described at #93894.

Resolves: #93894
Related: #93233
Releases: master, 11.5
Change-Id: Ieb5da95082cb6dfd5c030fbd04d735863d587510
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/70056

Tested-by: core-ci's avatarcore-ci <typo3@b13.com>
Tested-by: Jochen's avatarJochen <rothjochen@gmail.com>
Tested-by: Nikita Hovratov's avatarNikita Hovratov <nikita.h@live.de>
Tested-by: Oliver Bartsch's avatarOliver Bartsch <bo@cedev.de>
Reviewed-by: Jochen's avatarJochen <rothjochen@gmail.com>
Reviewed-by: Nikita Hovratov's avatarNikita Hovratov <nikita.h@live.de>
Reviewed-by: Oliver Bartsch's avatarOliver Bartsch <bo@cedev.de>
parent f75945cc
Pipeline #19660 passed with stages
in 41 minutes and 41 seconds
......@@ -57,12 +57,18 @@ class UserInformationService
$user->enablecolumns = [
'deleted' => true,
];
// Setup dummy user to allow fetching all group data
// @see \TYPO3\CMS\Core\Authentication\BackendUserAuthentication::fetchGroups
$user->user = [
'uid' => PHP_INT_MAX,
'options' => 3,
'workspace_id' => -99,
// The below admin flag is required to prevent workspace access checks,
// triggered by workspaceInit() in fetchGroupData(). Those would fail
// due to insufficient permissions of the dummy user and therefore might
// result in generating superfluous log entries.
'admin' => 1,
'workspace_id' => 0,
'realName' => 'fakeUser',
'email' => 'fake.user@typo3.org',
'TSconfig' => '',
......
<div class="table-fit">
<table class="table table-striped table-hover">
<table id="typo3-backend-user-group-list" class="table table-striped table-hover">
<thead>
<tr>
<th class="col-icon"></th>
......
......@@ -70,4 +70,32 @@ class CompareUserCest
$I->waitForElementVisible('#EditDocumentController');
$I->canSee('Edit Backend user "' . $usernameFirstCompare . '" on root level');
}
/**
* @param ApplicationTester $I
*/
public function accessingBackendUserCompareViewWorks(ApplicationTester $I): void
{
$I->amGoingTo('Switch to user group listing');
$I->see('Backend User Listing', 'h1');
$I->selectOption('.t3-js-jumpMenuBox', 'Backend user groups');
$I->see('Backend User Group Listing', 'h1');
$I->amGoingTo('Add three groups to compare');
$I->click('#typo3-backend-user-group-list > tbody > tr:nth-child(1) > td.col-control > div:nth-child(3) > a');
$I->waitForElementVisible('table#typo3-backend-user-group-list');
$I->click('#typo3-backend-user-group-list > tbody > tr:nth-child(2) > td.col-control > div:nth-child(3) > a');
$I->waitForElementVisible('table#typo3-backend-user-group-list');
$I->click('#typo3-backend-user-group-list > tbody > tr:nth-child(3) > td.col-control > div:nth-child(3) > a');
$I->amGoingTo('Access the user group compare view');
$I->waitForElementVisible('table#typo3-backend-user-list-compare', 20);
$I->canSeeNumberOfElements('#typo3-backend-user-list-compare tbody tr', 3);
$I->click('Compare backend usergroups');
$I->amGoingTo('Check compare view is loaded with the correct number of groups');
$I->see('Compare backend usergroups', 'h1');
// We expect four header columns, since the first one is used for the row labels
$I->canSeeNumberOfElements('#tx_beuser_compare > thead > tr > th', 4);
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment