Commit 7ffd8cb0 authored by Benni Mack's avatar Benni Mack
Browse files

[BUGFIX] Re-enable conditions within UserTSconfig

The backend user aspect must be set before BE_USER->fetchGroups is called
and the TypoScript parser needs a proper ConditionMatcher object for the Symfony-based UserTSconfig conditions like [backend.user.isAdmin] to be

Note to future self:
The reason why the original change was reverted was that:
- before workspace-related conditions did not work.
- then workspaces worked, but conditions in userTSconfig bricked partially
- the patch was reverted and left for dead for 1 year as it's a chicken-egg problem

The main issue is that fetchGroup() is doing too much.
- A valid user record exists, but the right workspace haven't been "set" which
  always returns workspace=0 for workspace-related conditions
- So the workspace must be initialized earlier, and not at the end of the fetchGroups()
- workspaceInit() - and some other code within fetchGroups() relies on finished TSconfig (that is the actual chicken-egg problem)

So we'll just set the aspects before, but BEFORE setting the aspects,
we'll evaluate the selected workspace of a user in a "plain" way.

The reason why the backend context aspect now works (again) is because the
context contains a "real" BE user object and fetches the data from the object,
where as the workspace aspect just contains a static property.

Resolves: #90075
Resolves: #86923
Related: #86229
Reverts: #86856
Releases: master, 9.5
Change-Id: I326d92a860a806ff13748cf13ef6b71b7a77089e

Reviewed-by: Susanne Moog's avatarSusanne Moog <>
Reviewed-by: Henning Liebe's avatarHenning Liebe <>
Reviewed-by: default avatarSascha Rademacher <>
Reviewed-by: Frank Nägler's avatarFrank Nägler <>
Reviewed-by: default avatarFelix P. <>
Reviewed-by: Benni Mack's avatarBenni Mack <>
Tested-by: Susanne Moog's avatarSusanne Moog <>
Tested-by: default avatarTYPO3com <>
Tested-by: Frank Nägler's avatarFrank Nägler <>
Tested-by: Benni Mack's avatarBenni Mack <>
parent 41fc71db
......@@ -19,7 +19,6 @@ use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\RequestHandlerInterface;
use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
use TYPO3\CMS\Core\Core\Bootstrap;
use TYPO3\CMS\Core\Localization\LanguageService;
use TYPO3\CMS\Core\Utility\GeneralUtility;
......@@ -61,11 +60,13 @@ class BackendUserAuthenticator extends \TYPO3\CMS\Core\Middleware\BackendUserAut
// might trigger code which relies on it. See: #45625
$GLOBALS['BE_USER'] = GeneralUtility::makeInstance(BackendUserAuthentication::class);
// Initializing workspace by evaluating and setting the workspace, possibly updating it in the user record!
// Register the backend user as aspect
// @todo: once this logic is in this method, the redirect URL should be handled as response here
$GLOBALS['LANG'] = LanguageService::createFromUserPreferences($GLOBALS['BE_USER']);
// Register the backend user as aspect
$response = $handler->handle($request);
......@@ -14,6 +14,7 @@ namespace TYPO3\CMS\Core\Authentication;
* The TYPO3 project - inspiring people to share!
use TYPO3\CMS\Backend\Configuration\TypoScript\ConditionMatching\ConditionMatcher;
use TYPO3\CMS\Backend\Utility\BackendUtility;
use TYPO3\CMS\Core\Cache\CacheManager;
use TYPO3\CMS\Core\Core\Environment;
......@@ -1442,7 +1443,8 @@ = ' . $this->user['email'];
$cache = GeneralUtility::makeInstance(CacheManager::class)->getCache('hash');
if (!($this->userTS = $cache->get($hash))) {
$parseObj = GeneralUtility::makeInstance(TypoScriptParser::class);
$conditionMatcher = GeneralUtility::makeInstance(ConditionMatcher::class);
$parseObj->parse($userTS_text, $conditionMatcher);
$this->userTS = $parseObj->setup;
$cache->set($hash, $this->userTS, ['UserTSconfig'], 0);
// Ensure to update UC later
......@@ -57,10 +57,12 @@ class BackendUserAuthenticator extends \TYPO3\CMS\Core\Middleware\BackendUserAut
// like $GLOBALS['LANG'] for labels in the language of the BE User, the router, and ext_tables.php for all modules
// So things like Frontend Editing and Admin Panel can use this for generating links to the TYPO3 Backend.
if ($GLOBALS['BE_USER'] instanceof FrontendBackendUserAuthentication) {
// Initializing workspace by evaluating and setting the workspace, possibly updating it in the user record!
$GLOBALS['LANG'] = LanguageService::createFromUserPreferences($GLOBALS['BE_USER']);
$response = $handler->handle($request);
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment