Bug #22860

typolinkLinkAccessRestrictedPages_addParams doesn't work on restricted subpages

Added by Sven Teuber over 11 years ago. Updated over 8 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2010-06-10
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.3
PHP Version:
5.2
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

If an access restriction is set with "include subpages", TYPO3 won't add params set in TS template to links that point to any of those subpages.

Set up an example page tree:

- public [ID = 1]
- restricted [ID = 2]
-- page 1 [ID = 3]
--- subpage 1 [ID = 4]

Set page properties of page "restricted" to:
"Access" = some usergroup
"Include subpages" = checked

Set TS template, SETUP:
typolinkLinkAccessRestrictedPages = 1
typolinkLinkAccessRestrictedPages_addParams = &redirect_url=###PAGE_ID###

Now, set a link on page "public" that points to "restricted".
Set a second link that points to "subpage 1".

The link pointing to "restricted" will have the params added correctly:
index.php?id=1&redirect_url=2

The link pointing to "subpage 1" will be wrong:
index.php?id=4

This is due to a check in tslib_fe::checkPageGroupAccess(), which only checks the fe_group-field of the actual page, but does not check the rootline for "include subpages"-restricted pages.

The call is in tslib_cObj::typolink(), Line 6168

tslib_fe::checkPageGroupAccess() should probably check the rootline, too.

(issue imported from #M14690)


Related issues

Related to TYPO3 Core - Bug #15984: menu.showAccessRestrictedPages doesn't replace link for "include subpages"Accepted2006-04-05

Actions
#1

Updated by Sven Teuber over 11 years ago

I just noticed that this issue is related to 3129
Unfortunately, I can't set the relationship.

http://bugs.typo3.org/bug_view_page.php?bug_id=3129

#2

Updated by Sven Teuber over 11 years ago

Patch submitted in ticket 3129

#3

Updated by Peter Klein almost 11 years ago

The patch doesn't take mounted pages in account when checking.

I tried extending it by adding a MountPoiunt check:

$MP = $GLOBALS['TYPO3_CONF_VARS']['FE']['enable_mount_pids'] ? (string)t3lib_div::_GET('MP') : '';
$rootLine = $this->sys_page->getRootLine($row['uid'],$MP);

But then mounted pages the users can see, get's modified.

I think the problem is mount pages and not the patch.

As I have a page with "access 1" which is set to "Extend to supages" and then another page with "access 2".
Under that page I have mounted the page with "access 1".
The user with "access 2" can see all the pages even if the access on those pages should require "access 1".

But when I install the above patch (with or without my added MP support), then the pages is correctly inaccessible for the user with "access 2"

#4

Updated by Thomas Löffler almost 11 years ago

Same problem in 4.4.6

#5

Updated by Alexander Opitz over 8 years ago

  • Category deleted (Communication)
  • Status changed from New to Closed
  • Target version deleted (0)

Relation to #M3129 => #15984 is set.

So closing this issue as the bug will be fixed there.

Also available in: Atom PDF