Commit 60f47bbf authored by Alexander Bohndorf's avatar Alexander Bohndorf Committed by Anja Leichsenring
Browse files

[BUGFIX] Always use default language for fetching web mounts

Fixes calculation of the rootline within web mounts for
translated pages to give editors access again.

Resolves: #87165
Resolves: #87223
Resolves: #87985
Resolves: #86575
Releases: master, 9.5
Change-Id: Ib7b026b1ab3961516567de9eec2d4e26cfaaae20
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/59159


Tested-by: Andreas Fernandez's avatarAndreas Fernandez <a.fernandez@scripting-base.de>
Tested-by: André Buchmann's avatarAndré Schließer <andy.schliesser@gmail.com>
Tested-by: Daniel Goerz's avatarDaniel Goerz <daniel.goerz@posteo.de>
Tested-by: default avatarTYPO3com <noreply@typo3.com>
Tested-by: Anja Leichsenring's avatarAnja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Andreas Fernandez's avatarAndreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: André Buchmann's avatarAndré Schließer <andy.schliesser@gmail.com>
Reviewed-by: Daniel Goerz's avatarDaniel Goerz <daniel.goerz@posteo.de>
Reviewed-by: Anja Leichsenring's avatarAnja Leichsenring <aleichsenring@ab-softlab.de>
parent d5a90f0d
......@@ -375,10 +375,21 @@ class BackendUserAuthentication extends AbstractUserAuthentication
}
$id = (int)$id;
// Check if input id is an offline version page in which case we will map id to the online version:
$checkRec = BackendUtility::getRecord('pages', $id, 'pid,t3ver_oid');
$checkRec = BackendUtility::getRecord(
'pages',
$id,
'pid,t3ver_oid,'
. $GLOBALS['TCA']['pages']['ctrl']['transOrigPointerField'] . ','
. $GLOBALS['TCA']['pages']['ctrl']['languageField']
);
if ($checkRec['pid'] == -1) {
$id = (int)$checkRec['t3ver_oid'];
}
// if current rec is a translation then get uid from l10n_parent instead
// because web mounts point to pages in default language and rootline returns uids of default languages
if ((int)$checkRec[$GLOBALS['TCA']['pages']['ctrl']['languageField']] !== 0 && (int)$checkRec[$GLOBALS['TCA']['pages']['ctrl']['transOrigPointerField']] !== 0) {
$id = (int)$checkRec[$GLOBALS['TCA']['pages']['ctrl']['transOrigPointerField']];
}
if (!$readPerms) {
$readPerms = $this->getPagePermsClause(Permission::PAGE_SHOW);
}
......
<?php
declare(strict_types = 1);
namespace TYPO3\CMS\Core\Tests\Functional\Authentication;
/*
* This file is part of the TYPO3 CMS project.
*
* It is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License, either version 2
* of the License, or any later version.
*
* For the full copyright and license information, please read the
* LICENSE.txt file that was distributed with this source code.
*
* The TYPO3 project - inspiring people to share!
*/
use TYPO3\CMS\Core\Authentication\AuthenticationService;
use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
use TYPO3\TestingFramework\Core\Functional\FunctionalTestCase;
/**
* Testcase for class \TYPO3\CMS\Core\Authentication\BackendUserAuthentication
*/
class BackendUserAuthenticationTest extends FunctionalTestCase
{
/**
* The fixture which is used when initializing a backend user
*
* @var string
*/
protected $backendUserFixture = __DIR__ . '/Fixtures/be_users.xml';
/**
* @var AuthenticationService
*/
protected $authenticationService;
/**
* @var BackendUserAuthentication
*/
protected $subject;
/**
* @throws \Doctrine\DBAL\DBALException
* @throws \TYPO3\TestingFramework\Core\Exception
*/
protected function setUp(): void
{
$GLOBALS['TYPO3_CONF_VARS']['BE']['lockBeUserToDBmounts'] = 1;
$GLOBALS['TYPO3_CONF_VARS']['BE']['cookieName'] = 'be_typo_user';
$GLOBALS['TYPO3_CONF_VARS']['BE']['warning_email_addr'] = '';
$GLOBALS['TYPO3_CONF_VARS']['BE']['lockIP'] = 4;
$GLOBALS['TYPO3_CONF_VARS']['BE']['sessionTimeout'] = 28800;
$this->subject = new BackendUserAuthentication();
parent::setUp();
$this->importDataSet(__DIR__ . '/Fixtures/be_groups.xml');
$this->importDataSet(__DIR__ . '/Fixtures/pages.xml');
$this->setUpBackendUserFromFixture(2);
/** @var $GLOBALS['BE_USER'] BackendUserAuthentication */
$this->subject = $GLOBALS['BE_USER'];
}
/**
* @test
*/
public function getTranslatedPageOnWebMountIsInWebMountForNonAdminUser(): void
{
$result = $this->subject->isInWebMount(2);
$this->assertNotNull($result);
}
}
<?xml version="1.0" encoding="utf-8"?>
<dataset>
<be_groups>
<uid>1</uid>
<pid>0</pid>
<title>editor group</title>
<lockToDomain></lockToDomain>
<workspace_perms>0</workspace_perms>
<db_mountpoints>1</db_mountpoints>
<tstamp>1544454571</tstamp>
<crdate>1542360853</crdate>
<deleted>0</deleted>
<hidden>0</hidden>
<cruser_id>1</cruser_id>
</be_groups>
</dataset>
<?xml version="1.0" encoding="utf-8"?>
<dataset>
<be_users>
<uid>1</uid>
<pid>0</pid>
<tstamp>1366642540</tstamp>
<username>admin</username>
<password>$1$tCrlLajZ$C0sikFQQ3SWaFAZ1Me0Z/1</password> <!-- password -->
<admin>1</admin>
<disable>0</disable>
<starttime>0</starttime>
<endtime>0</endtime>
<options>0</options>
<crdate>1366642540</crdate>
<cruser_id>0</cruser_id>
<workspace_perms>1</workspace_perms>
<disableIPlock>1</disableIPlock>
<deleted>0</deleted>
<TSconfig>NULL</TSconfig>
<lastlogin>1371033743</lastlogin>
<createdByAction>0</createdByAction>
<workspace_id>0</workspace_id>
</be_users>
<be_users>
<uid>2</uid>
<pid>0</pid>
<tstamp>1366642540</tstamp>
<username>editor</username>
<password>$1$tCrlLajZ$C0sikFQQ3SWaFAZ1Me0Z/1</password> <!-- password -->
<admin>0</admin>
<disable>0</disable>
<starttime>0</starttime>
<endtime>0</endtime>
<options>3</options>
<crdate>1366642540</crdate>
<cruser_id>0</cruser_id>
<workspace_perms>1</workspace_perms>
<disableIPlock>1</disableIPlock>
<deleted>0</deleted>
<TSconfig>NULL</TSconfig>
<lastlogin>1371033743</lastlogin>
<createdByAction>0</createdByAction>
<workspace_id>0</workspace_id>
<usergroup>1</usergroup>
</be_users>
</dataset>
<?xml version="1.0" encoding="utf-8"?>
<dataset>
<pages>
<pid>0</pid>
<uid>1</uid>
<sys_language_uid>0</sys_language_uid>
<l10n_parent>0</l10n_parent>
<title>Root page in default language</title>
<perms_userid>1</perms_userid>
<perms_groupid>1</perms_groupid>
<perms_user>31</perms_user>
<perms_group>27</perms_group>
<perms_everybody>0</perms_everybody>
<is_siteroot>1</is_siteroot>
</pages>
<pages>
<pid>0</pid>
<uid>2</uid>
<sys_language_uid>1</sys_language_uid>
<l10n_parent>1</l10n_parent>
<title>Root page translated</title>
<perms_userid>1</perms_userid>
<perms_groupid>1</perms_groupid>
<perms_user>31</perms_user>
<perms_group>27</perms_group>
<perms_everybody>0</perms_everybody>
<is_siteroot>1</is_siteroot>
</pages>
</dataset>
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment