Commit 59b0ac83 authored by Alexander Stehlik's avatar Alexander Stehlik Committed by Daniel Goerz
Browse files

[BUGFIX] Always allow dividers in TCA auth mode check

This brings back the optgroups in the CType and list_type fields
for normal editors.

Additionally some tests for checkAuthMode are added.

Releases: master, 9.5
Resolves: #89707
Change-Id: Ib3e6dbf3598ad767910161225a31ad2db939b3d6
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/62342


Tested-by: default avatarTYPO3com <noreply@typo3.com>
Tested-by: Susanne Moog's avatarSusanne Moog <look@susi.dev>
Tested-by: Daniel Goerz's avatarDaniel Goerz <daniel.goerz@posteo.de>
Reviewed-by: Susanne Moog's avatarSusanne Moog <look@susi.dev>
Reviewed-by: Daniel Goerz's avatarDaniel Goerz <daniel.goerz@posteo.de>
parent 7128b45f
......@@ -658,6 +658,10 @@ class BackendUserAuthentication extends AbstractUserAuthentication
if ((string)$value === '') {
return true;
}
// Allow dividers:
if ($value === '--div--') {
return true;
}
// Certain characters are not allowed in the value
if (preg_match('/[:|,]/', $value)) {
return false;
......
......@@ -15,6 +15,7 @@ namespace TYPO3\CMS\Core\Tests\Unit\Authentication;
* The TYPO3 project - inspiring people to share!
*/
use PHPUnit\Framework\MockObject\MockObject;
use Prophecy\Argument;
use Prophecy\Prophecy\ObjectProphecy;
use Psr\Log\NullLogger;
......@@ -780,4 +781,78 @@ class BackendUserAuthenticationTest extends UnitTestCase
self::assertEquals($expected, $subject->getPagePermsClause($perms));
}
/**
* @test
* @dataProvider checkAuthModeReturnsExpectedValueDataProvider
* @param string $theValue
* @param string $authMode
* @param bool $expectedResult
*/
public function checkAuthModeReturnsExpectedValue(string $theValue, string $authMode, bool $expectedResult)
{
/** @var BackendUserAuthentication|MockObject $subject */
$subject = $this->getMockBuilder(BackendUserAuthentication::class)
->disableOriginalConstructor()
->onlyMethods(['isAdmin'])
->getMock();
$subject
->expects(self::any())
->method('isAdmin')
->willReturn(false);
$subject->groupData['explicit_allowdeny'] =
'dummytable:dummyfield:explicitly_allowed_value:ALLOW,'
. 'dummytable:dummyfield:explicitly_denied_value:DENY';
$result = $subject->checkAuthMode('dummytable', 'dummyfield', $theValue, $authMode);
self::assertEquals($expectedResult, $result);
}
public function checkAuthModeReturnsExpectedValueDataProvider(): array
{
return [
'explicit allow, not allowed value' => [
'non_allowed_field',
'explicitAllow',
false,
],
'explicit allow, allowed value' => [
'explicitly_allowed_value',
'explicitAllow',
true,
],
'explicit deny, not denied value' => [
'non_denied_field',
'explicitDeny',
true,
],
'explicit deny, denied value' => [
'explicitly_denied_value',
'explicitDeny',
false,
],
'invalid value colon' => [
'containing:invalid:chars',
'does not matter',
false,
],
'invalid value comma' => [
'containing,invalid,chars',
'does not matter',
false,
],
'blank value' => [
'',
'does not matter',
true,
],
'divider' => [
'--div--',
'explicitAllow',
true,
],
];
}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment