Bug #106569
closed
Translation of file metadata not possible as editor
100%
Description
When trying to translate the file metadata (like title and alternative) in the filelist module as an editor there is an exception:
The given page record is invalid. Missing uid.
Which is thrown in /var/www/html/vendor/typo3/cms-core/Classes/Authentication/BackendUserAuthentication.php line 328
Seems to be a regression in 13.4.9, customers reported this to me after the update from 13.4.8, so 13.4.8 should be fine.
Garvin confirmed via Slack that main and 13.4.10-dev are affected and that admins work but not editors.
Updated by Stefan Bürk 13 days ago
- Related to Task #106382: Streamline DataHandler permission checks added
Updated by Stefan Bürk 13 days ago
· Edited
Confirmed This is related to the recently DataHandler permission check
streamlining #106382.
For the filelist / list localization issue, there is no page record to retrieve as files/file metadata records always have pid = 0 and there is no record to retrieve for this.
In case of sys_file / sys_file_metadata which are always resides in pid = 0 no page record is retrieved (empty array) and passed down to the permission check methods which honors empty array with missing uid exception. Before that change there was a check to mitigate this when no page record has been determined.
First impression is, that we need to add an empty array check before calling the BE user permission check, but needs some addition look into it.
Maybe we need to take non-page record permission checks in account (be user workspace / live record edit things) .. not sure.
if (!$this->hasPagePermission(Permission::PAGE_SHOW, $pageRecord)) {
$this->log($table, $uid, SystemLogDatabaseAction::LOCALIZE, null, SystemLogErrorClassification::USER_ERROR, 'Attempt to localize record {table}:{uid} without permission', null, ['table' => $table, 'uid' => (int)$uid]);
return false;
}
or
$pagesSchema = $this->tcaSchemaFactory->get('pages');
if (!$pagesSchema->hasCapability(TcaSchemaCapability::RestrictionWebMount) && !$this->BE_USER->isInWebMount($page)) {
return false;
}
Updated by
Updated by André Buchmann 13 days ago
Thanks for reporting. Can confirm this issue with TYPO3 13.4.
Older projects with 12 and 11 do not have this problem.
Do we need an allowlist for tables on pid 0?
Updated by Gerrit Code Review 9 days ago
- Status changed from New to Under Review
Patch set 1 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/89172
Updated by Stefan Bürk 9 days ago
André Buchmann wrote in #note-4:
Do we need an allowlist for tables on pid 0?
No, basically there is a TCA option for this. The point is, that due to the
permission check streamlining the option is not verified first and a empty
array passed to the BE user isInWebmount() method which throws a expection
when no `uid` is passed.
Thanks for reporting. Can confirm this issue with TYPO3 13.4.
Older projects with 12 and 11 do not have this problem.
Yeah, as already mentioned in https://forge.typo3.org/issues/106569#note-2
this is a regression/error introduced with the streamlining onf these checks,
which has only been backported to TYPO3 v13.4.
Updated by Gerrit Code Review 9 days ago
Patch set 2 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/89172
Updated by Gerrit Code Review 4 days ago
Patch set 3 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/89172
Updated by Gerrit Code Review 4 days ago
Patch set 1 for branch 13.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/89225
Updated by Stefan Bürk 4 days ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 1ba7288c4b8897d19844ab1f57971e24f2096b13.