Commit 53a4e7f8 authored by Georg Ringer's avatar Georg Ringer Committed by Andreas Fernandez
Browse files

[BUGFIX] Add guard clause while checking if user is system maintainer

System maintainers must be admin users which should be checked with a
guard clause. This avoids showing the modules to editors whose id is in
the list of system maintainers.

Resolves: #82616
Releases: master, 9.5
Change-Id: I84cd20d2b84eaa0182c27943ffdcde005980a426
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/63832


Tested-by: default avatarTYPO3com <noreply@typo3.com>
Tested-by: default avatarAlexander Schnitzler <git@alexanderschnitzler.de>
Tested-by: Andreas Fernandez's avatarAndreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: default avatarAlexander Schnitzler <git@alexanderschnitzler.de>
Reviewed-by: Oliver Klee's avatarOliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Andreas Fernandez's avatarAndreas Fernandez <a.fernandez@scripting-base.de>
parent 6de65411
......@@ -476,10 +476,14 @@ class BackendUserAuthentication extends AbstractUserAuthentication
*/
public function isSystemMaintainer(): bool
{
if (!$this->isAdmin()) {
return false;
}
if ((int)$GLOBALS['BE_USER']->user['ses_backuserid'] !== 0) {
return false;
}
if (Environment::getContext()->isDevelopment() && $this->isAdmin()) {
if (Environment::getContext()->isDevelopment()) {
return true;
}
$systemMaintainers = $GLOBALS['TYPO3_CONF_VARS']['SYS']['systemMaintainers'] ?? [];
......@@ -494,7 +498,7 @@ class BackendUserAuthentication extends AbstractUserAuthentication
&& empty($GLOBALS['TYPO3_CONF_VARS']['SYS']['systemMaintainers'])) {
return false;
}
return $this->isAdmin();
return true;
}
/**
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment