Bug #23412

admPanel configuration by TSconfig is buggy

Added by Michael Buergi almost 12 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2010-08-20
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.4
PHP Version:
5.2
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

Hi

we have done quite some debugging concerning the adminPanel configuration and found some bugs. a patch is supplied.

thanks for your answer.
Mike

part 1: analysis

On our website, we use some front-end preview and edit features offered by typo3.

We do not want the adminPanel to show, therefore we use some TSconfig in the back end user group to configure the adminPanel settings.

In an attempt to clean up our TS, we discovered some weird stuff regarding the configuration of the adminPanel.

here is some of our original TS:

admPanel {
hide = 1

enable.preview = 1
override.preview = 1
override.preview.showHiddenPages = 0
module.preview.showHiddenPages = 0
override.preview.showHiddenRecords = 1
module.preview.showHiddenRecords = 1
override.preview.simulateUserGroup = 7
}

it has the following effects:
- adminPanel is hidden > ok
adminPanel preview is activated > ok
hidden pages are shown > not ok!
hidden records are shown > ok
simulated user group: 7 > ok
simulated timestamp: 1 -> not ok!

by fiddling with these values, we discovered the following:
- the module.preview.* settings are dead
- the override.preview.* settings are all ignored as long as we used "override.preview = 1"

we had no clue, what "override.preview = 1" was supposed to mean.

when we removed it, we saw the following:
- the preview was not working, any more
- the override.preview.* settings had no effect

it was time to look at the source:

we discovered the method tslib_AdminPanel::extGetFeAdminValue():
- it seems to supply most preview/feedit functions with the current values.
- it contains many hard-coded exceptions (mainly regarding the edit module)
- the override settings can only override if they have a value that evaluates to true! as a consequence, "override.preview.showHiddenPages = 0" will be ignored.
- "override.preview = 1" is interpreted as a default setting for all override.preview.* settings! that is the reason why our preview simulated a timestamp of "1".
- when "override.preview = 1" is not set in the TSconfig and the adminPanel is not shown and opened, the preview is not shown. why?

unfortunately, the edit module doesn't use this function:
tx_feedit_editpanel::editPanelLinkWrap_doWrap gets its values directly from the user submitted values of the adminPanel and is therefore not configurable by TSconfig.

part 2: conclusion

we identified the following bugs:
- "override.preview = 1" being required to activate the preview if the adminPanel is hidden. ()
- override.
settings can only override if they evaluate to true (*)
- some admPanel modules getting their values by circumventing tslib_AdminPanel::extGetFeAdminValue(). this applies to the settings: override.edit.editFormsOnPage and override.edit.editNoPopup. they simply have no effect!
- back-end users were able to see content that they had no front-end or back-end access to, just by simulating a user group in the adminPanel or by supplying an url parameter like:
&TSFE_ADMIN_PANEL%5Bpreview_simulateUserGroup%5D=1,2,3,4,5,6,7
- ADMCMD_simUser only uses the first group id if a list is given. p.e. ADMCMD_simUser=1,2 ignores group 2!

we identified the following problems:
- admPanel TS documentation not being in sync with the actual code.
- two different flavors of preview. one by selecting the view action in the context menu of a page and the preview function of the Web > View module. the latter uses the ADMCMD_simUser and ADMCMD_simTime url parameters.

we have supplied a patch that addresses the above bugs marked by a star (*)

after applying the patch, we are able to use the following TSconfig:

admPanel {
// don't show adminPanel
hide = 1

// hide all adminPanel modules by default
enable.all= 0
// activate preview module
enable.preview = 1
// don't show hidden pages in nav menus
override.preview.showHiddenPages = 0
// show hidden content elements
override.preview.showHiddenRecords = 1
// simulate user group
override.preview.simulateUserGroup = 7
}

the override.preview.* settings are now working as expected, as our preview now shows hidden records but no hidden pages.

(issue imported from #M15511)


Files

typo3-v443dev-rev8632.patch (2.39 KB) typo3-v443dev-rev8632.patch Administrator Admin, 2010-08-20 16:51
bug_15511.patch (2.52 KB) bug_15511.patch Administrator Admin, 2010-10-06 11:18

Related issues

Related to TYPO3 Core - Feature #61095: feedit - Bring back editNoPopup?Closed2014-08-20

Actions
#1

Updated by Michael Buergi over 11 years ago

I'm about the post this patch to the core mailing list. added a new patch file that uses a file path that is relative to the typo3 root folder.

#2

Updated by Björn Pedersen over 11 years ago

This seems to be one possible solution to my bug: http://bugs.typo3.org/view.php?id=15418

#3

Updated by Michael Buergi over 11 years ago

Yes, I think so.

#4

Updated by Susanne Moog over 11 years ago

Just a note:

The "module" settings were AFAIK never meant to work with the "preview" functionality only - as documented - with the "edit" functions.

#5

Updated by Christian Buelter almost 9 years ago

  • Target version deleted (0)

Referring to http://docs.typo3.org/typo3cms/TSconfigReference/UserTsconfig/admPanel/Index.html the "override" options should also work with the "preview" section.

Also, my experience is that the override functions in the edit section do not work, eg I cannot disable the "forms on page" option with

admPanel.override.edit.editFormsOnPage = 0

I only can disable the whole edit section with

admPanel.enable.edit = 1

Tested on TYPO3 6.1.1

#6

Updated by Mathias Schreiber over 7 years ago

  • Description updated (diff)
  • Category deleted (Communication)
  • Target version set to 7.2 (Frontend)
  • Is Regression set to No
#7

Updated by Benni Mack almost 7 years ago

  • Target version changed from 7.2 (Frontend) to 7.4 (Backend)
#8

Updated by Daniel Goerz almost 7 years ago

Hi,
please check again if the issue still exists since we merged https://review.typo3.org/#/c/40922/.

#9

Updated by Wouter Wolters almost 7 years ago

  • Status changed from New to Needs Feedback
#10

Updated by Susanne Moog almost 7 years ago

  • Target version changed from 7.4 (Backend) to 7.5
#11

Updated by Benni Mack over 6 years ago

  • Target version deleted (7.5)
#12

Updated by Alexander Opitz over 6 years ago

  • Status changed from Needs Feedback to Closed

No feedback within the last 90 days => closing this issue.

If you think that this is the wrong decision or experience this issue again, then please write to the mailing list typo3.teams.bugs with issue number and an explanation or open a new ticket and add a relation to this ticket number.

Also available in: Atom PDF