typolinkLinkAccessRestrictedPages_addParams doesn't work on restricted subpages
If an access restriction is set with "include subpages", TYPO3 won't add params set in TS template to links that point to any of those subpages.
Set up an example page tree:
- public [ID = 1]
- restricted [ID = 2]
-- page 1 [ID = 3]
--- subpage 1 [ID = 4]
Set page properties of page "restricted" to:
"Access" = some usergroup
"Include subpages" = checked
Set TS template, SETUP:
typolinkLinkAccessRestrictedPages = 1
typolinkLinkAccessRestrictedPages_addParams = &redirect_url=###PAGE_ID###
Now, set a link on page "public" that points to "restricted".
Set a second link that points to "subpage 1".
The link pointing to "restricted" will have the params added correctly:
The link pointing to "subpage 1" will be wrong:
This is due to a check in tslib_fe::checkPageGroupAccess(), which only checks the fe_group-field of the actual page, but does not check the rootline for "include subpages"-restricted pages.
The call is in tslib_cObj::typolink(), Line 6168
tslib_fe::checkPageGroupAccess() should probably check the rootline, too.
(issue imported from #M14690)
Updated by Sven Teuber over 11 years ago
I just noticed that this issue is related to 3129
Unfortunately, I can't set the relationship.
Updated by Peter Klein almost 11 years ago
The patch doesn't take mounted pages in account when checking.
I tried extending it by adding a MountPoiunt check:
$MP = $GLOBALS['TYPO3_CONF_VARS']['FE']['enable_mount_pids'] ? (string)t3lib_div::_GET('MP') : '';
$rootLine = $this->sys_page->getRootLine($row['uid'],$MP);
But then mounted pages the users can see, get's modified.
I think the problem is mount pages and not the patch.
As I have a page with "access 1" which is set to "Extend to supages" and then another page with "access 2".
Under that page I have mounted the page with "access 1".
The user with "access 2" can see all the pages even if the access on those pages should require "access 1".
But when I install the above patch (with or without my added MP support), then the pages is correctly inaccessible for the user with "access 2"