CoreCommunity ExtensionsIncubatorDistributionsTYPO3 4.5 ProjectsTYPO3 4.6 ProjectsTYPO3 4.7 ProjectsTYPO3 6.0 ProjectsTYPO3 6.1 ProjectsTYPO3 6.2 Projects (+)

Bug #38897

Loading TCA from ext_tables.php caused backend login failed

Added by Daniel Hürtgen 11 months ago. Updated 6 months ago.

Status:Resolved Start date:2012-07-12
Priority:Should have Due date:
Assignee:Mario Matzulla % Done:

100%
Category:ExtensionIntegration Spent time: -
Target version:1.5.2
Votes: 3 (View)

Description

I'm extending your extensions tca by loading the tca in my own extensions ext_tables.php.
If done, i can't login in the backend with activated rsa security, because your tca.php created its own t3lib_beUserAuth object, before it's done by the core.

$limitCalendarsToUidWhere = '';
$limitViewOnlyToPidsWhere = '';
$wizzardSuggestDefaults = Array();
if (TYPO3_MODE=="BE") {
    if($_GET['id']>0){
        $pageTSConf = t3lib_befunc::getPagesTSconfig($_GET['id']);
    }else if($_POST['popViewId']>0){
        $pageTSConf = t3lib_befunc::getPagesTSconfig($_POST['popViewId']);
    }
    if(!is_object($GLOBALS['BE_USER']))  {
        define('TYPO3_PROCEED_IF_NO_USER', true);  //patch for crawler
        $GLOBALS['BE_USER'] = t3lib_div::makeInstance('t3lib_beUserAuth');    // New backend user object
        $GLOBALS['BE_USER']->start();            // Object is initialized
        $GLOBALS['BE_USER']->backendCheckLogin();    // Checking if there's a user logged in
        define('TYPO3_PROCEED_IF_NO_USER', false); 
    }
    $be_userCategories = t3lib_div::trimExplode(',',$GLOBALS['BE_USER']->user['tx_cal_category'],1);
    $be_userCalendars = t3lib_div::trimExplode(',',$GLOBALS['BE_USER']->user['tx_cal_calendar'],1);
    $be_userCalendars[] = 0;
    $enableAccessControl = false;

    if($GLOBALS['BE_USER']->user['tx_cal_enable_accesscontroll']){
        $enableAccessControl = true;
    }
    if (is_object($GLOBALS['BE_USER']) && is_array($GLOBALS['BE_USER']->userGroups)) {
        foreach ($GLOBALS['BE_USER']->userGroups as $gid => $group) {
            if($group['tx_cal_enable_accesscontroll']){
                $enableAccessControl = true;
                if ($group['tx_cal_category']) {
                    $be_userCategories[] = $group['tx_cal_category'];
                }
                if ($group['tx_cal_calendar']) {
                    $be_userCalendars[] = $group['tx_cal_calendar'];
                }
            }
        }
    }
    if($enableAccessControl){
        $limitCalendarsToUidWhere = ' AND tx_cal_calendar.uid IN ('.implode(',',$be_userCalendars).')';
    }
    if(is_object($GLOBALS['BE_USER'])){

        $GLOBALS['BE_USER']->fetchGroupData();
        $pids = $GLOBALS['BE_USER']->userTS['options.']['tx_cal_controller.']['limitViewOnlyToPids'];
        if($pids != ''){
            $limitViewOnlyToPidsWhere = '.pid IN ('.$pids.')';
            $wizzardSuggestDefaults['pidList'] = $pids;
        }
    }
}

Is there a need to do stuff like this? I can't see where you used this vars, so i commented it out in my clone.

So my question:
Is it only a bug and we need this feature or is it possible to waste out this codeblock completlly?

Related issues

related to Calendar Base - Bug #43380: Brocken BE Login Closed 2012-11-28

Associated revisions

Revision 67896
Added by Mario Matzulla 6 months ago

fixed Bug #38897: Loading TCA from ext_tables.php caused backend login failed (thx to Franz Koch)

Revision 67896
Added by Mario Matzulla 6 months ago

fixed Bug #38897: Loading TCA from ext_tables.php caused backend login failed (thx to Franz Koch)

History

#1
Updated by Thomas Kowtsch 9 months ago

  • Priority changed from Must have to Should have
  • Target version changed from 1594 to 2.0.0

In general, this behaviour is needed at some places where cal needs to use functions in FE (esp. for FE-Edit) that are currently defined only for backend user objects. None of these are really required to have a BE user logged in, but thats the way TYPO3 core delivers these functions and at the moment, we don't want to duplicate these functions into our own code.

#2
Updated by Klaus Bossert 9 months ago

I guess me and some other guy ran into the same problem trying to add own fields:

http://lists.typo3.org/pipermail/typo3-project-calendar/2012-June/000615.html
http://lists.typo3.org/pipermail/typo3-project-calendar/2012-September/000657.html

It seems to me that this behaviour effectively prevents cal to be extended at all in TYPO3 v4.7. Is there any chance to get the priority increased and the target version lowered again? Or any kind of workaround?

#3
Updated by Daniel Hürtgen 8 months ago

Klaus Bossert wrote:

I guess me and some other guy ran into the same problem trying to add own fields:

http://lists.typo3.org/pipermail/typo3-project-calendar/2012-June/000615.html http://lists.typo3.org/pipermail/typo3-project-calendar/2012-September/000657.html

It seems to me that this behaviour effectively prevents cal to be extended at all in TYPO3 v4.7. Is there any chance to get the priority increased and the target version lowered again? Or any kind of workaround?

The issue is not directly caused by the core, the problem is, if you have activated rsa authentication, the authentication runs twice, but the rsa signing key would be ony available once and is deleted after first successfull authentication.

Currently there is no best practice to avoid these problem. If you don't use functions from be_users, you can safely do the same, i did, comment out this code block.

#4
Updated by Franz Koch 6 months ago

boy, this bug just cost me 5 hours to debug. Please fix this ASAP as everybody upgrading to 4.7 will have this issue. Just move the logic to TCAprocFuncs or use core hooks instead of doing this within the TCA.

Also, 90% of the stuff doesn't even have to be in there or isn't used at all ($limitCalendarsToUidWhere, $enableAccessControl, $be_userCategories, $be_userCalendars) - so just drop that stuff.

The only thing that really needs to be in there is $wizzardSuggestDefaults - but I don't think it's necessary for this feature to work that a fake BE_USER has to be created, so the whole construct could be condensed to this and make everybody happy:

if (TYPO3_MODE=="BE") {
    if($_GET['id']>0){
        $pageTSConf = t3lib_befunc::getPagesTSconfig($_GET['id']);
    }else if($_POST['popViewId']>0){
        $pageTSConf = t3lib_befunc::getPagesTSconfig($_POST['popViewId']);
    }

    if(is_object($GLOBALS['BE_USER'])){
        $GLOBALS['BE_USER']->fetchGroupData();
        $pids = $GLOBALS['BE_USER']->userTS['options.']['tx_cal_controller.']['limitViewOnlyToPids'];
        if($pids != ''){
            $limitViewOnlyToPidsWhere = '.pid IN ('.$pids.')';
            $wizzardSuggestDefaults['pidList'] = $pids;
        }
    }
}

#5
Updated by Mario Matzulla 6 months ago

  • Status changed from New to Accepted
  • Assignee set to Mario Matzulla
  • Target version changed from 2.0.0 to 1.5.2

#6
Updated by Mario Matzulla 6 months ago

  • Status changed from Accepted to Resolved
  • % Done changed from 0 to 100

Applied in changeset r67896.

Also available in: Atom PDF