Project

General

Profile

Actions
Copy link

Bug #22860

closed

typolinkLinkAccessRestrictedPages_addParams doesn't work on restricted subpages

Added by Sven Teuber almost 14 years ago. Updated almost 11 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2010-06-10
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.3
PHP Version:
5.2
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

If an access restriction is set with "include subpages", TYPO3 won't add params set in TS template to links that point to any of those subpages.

Set up an example page tree:

- public [ID = 1]
- restricted [ID = 2]
-- page 1 [ID = 3]
--- subpage 1 [ID = 4]

Set page properties of page "restricted" to:
"Access" = some usergroup
"Include subpages" = checked

Set TS template, SETUP:
typolinkLinkAccessRestrictedPages = 1
typolinkLinkAccessRestrictedPages_addParams = &redirect_url=###PAGE_ID###

Now, set a link on page "public" that points to "restricted".
Set a second link that points to "subpage 1".

The link pointing to "restricted" will have the params added correctly:
index.php?id=1&redirect_url=2

The link pointing to "subpage 1" will be wrong:
index.php?id=4

This is due to a check in tslib_fe::checkPageGroupAccess(), which only checks the fe_group-field of the actual page, but does not check the rootline for "include subpages"-restricted pages.

The call is in tslib_cObj::typolink(), Line 6168

tslib_fe::checkPageGroupAccess() should probably check the rootline, too.

(issue imported from #M14690)

Related issues 1 (1 open0 closed)

Related to TYPO3 Core - Bug #15984: menu.showAccessRestrictedPages doesn't replace link for "include subpages"Accepted2006-04-05

Actions
Actions
Copy link
 #1

Updated by Sven Teuber almost 14 years ago

I just noticed that this issue is related to 3129
Unfortunately, I can't set the relationship.

http://bugs.typo3.org/bug_view_page.php?bug_id=3129

Actions
Copy link
 #2

Updated by Sven Teuber almost 14 years ago

Patch submitted in ticket 3129

Actions
Copy link
 #3

Updated by Peter Klein over 13 years ago

The patch doesn't take mounted pages in account when checking.

I tried extending it by adding a MountPoiunt check:

$MP = $GLOBALS['TYPO3_CONF_VARS']['FE']['enable_mount_pids'] ? (string)t3lib_div::_GET('MP') : '';
$rootLine = $this->sys_page->getRootLine($row['uid'],$MP);

But then mounted pages the users can see, get's modified.

I think the problem is mount pages and not the patch.

As I have a page with "access 1" which is set to "Extend to supages" and then another page with "access 2".
Under that page I have mounted the page with "access 1".
The user with "access 2" can see all the pages even if the access on those pages should require "access 1".

But when I install the above patch (with or without my added MP support), then the pages is correctly inaccessible for the user with "access 2"

Actions
Copy link
 #4

Updated by Thomas Löffler over 13 years ago

Same problem in 4.4.6

Actions
Copy link
 #5

Updated by Alexander Opitz almost 11 years ago

  • Category deleted (Communication)
  • Status changed from New to Closed
  • Target version deleted (0)

Relation to #M3129 => #15984 is set.

So closing this issue as the bug will be fixed there.

Actions
Copy link

Also available in: Atom PDF