Commit 997b1c10 authored by Mona Muzaffar's avatar Mona Muzaffar Committed by Morton Jonuschat
Browse files

[BUGFIX] Disable install tool access in switch user mode

During switch user mode the install tool modules are never visible.

Resolves: #82517
Releases: master
Change-Id: Ie367cb7f0208a7414ada38d40f8cdd3ab287da52

Tested-by: default avatarTYPO3com <>
Reviewed-by: default avatarJan Stockfisch <>
Tested-by: default avatarJan Stockfisch <>
Reviewed-by: default avatarSascha Rademacher <>
Tested-by: default avatarSascha Rademacher <>
Reviewed-by: default avatarMorton Jonuschat <>
Tested-by: default avatarMorton Jonuschat <>
parent 46cc4bcc
......@@ -462,9 +462,9 @@ class BackendUserAuthentication extends AbstractUserAuthentication
if (GeneralUtility::getApplicationContext()->isDevelopment() && $this->isAdmin()) {
return true;
$allowedAdmins = $GLOBALS['TYPO3_CONF_VARS']['SYS']['systemMaintainers'] ?? [];
if (!empty($allowedAdmins)) {
return in_array((int)$this->user['uid'], $allowedAdmins, true);
$systemMaintainers = $GLOBALS['TYPO3_CONF_VARS']['SYS']['systemMaintainers'] ?? [];
if (!empty($systemMaintainers)) {
return in_array($this->getRealUserId(), $systemMaintainers, true);
// No system maintainers set up yet, so any admin is allowed to access the modules
// but explicitly no system maintainers allowed (empty string in TYPO3_CONF_VARS).
......@@ -476,6 +476,15 @@ class BackendUserAuthentication extends AbstractUserAuthentication
return $this->isAdmin();
* If a user has actually logged in and switched to a different user (admins can use the SU switch user method)
* the real UID is sometimes needed (when checking for permissions for example).
protected function getRealUserId(): int
return (int)($GLOBALS['BE_USER']->user['ses_backuserid'] ?: $this->user['uid']);
* Returns a WHERE-clause for the pages-table where user permissions according to input argument, $perms, is validated.
* $perms is the "mask" used to select. Fx. if $perms is 1 then you'll get all pages that a user can actually see!
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment