Bug #41419
closed
User in custom stage could not use it
100%
Description
Hi,
we have updated from 4.4 to 4.5 to 4.6 to 4.7. And had custom workspaces with reviewers in it. These where converted to custom stages with the reviewers in it.
BUT these users could not send the content from this stage back or to the next stage "ready to publish".
I found this is because in the database table sys_workspace is already the field reviewers. With the old users in it.
In class.t3lib_userauthgroup.php in the function workspaceCheckStageForCurrent() this call
$stat = $this->checkWorkspaceCurrent();
is getting a wrong value:
$stat['_ACCESS'] = 'reviewer'
(because of the db table field...)
Updated by Steffen Gebert over 11 years ago
- Priority changed from Must have to Should have
- Target version deleted (
4.7.5)
Thanks for your your report, Martin!
I'm not so deep into workspaces - as you found the problem, do you also know a possible solution?
If yes, it would be great, if you could create a patch and push it into the review workflow, see http://wiki.typo3.org/Contribution_Walkthrough_Tutorials
Thanks
Steffen
Updated by Christian Lange over 11 years ago
I can confirm this bug. If you clear the column reviewers in the sys_workspace table the custom stages works fine.
Updated by Michael Stucki over 10 years ago
- Category changed from Bugs to Workspaces
Updated by Michael Stucki over 10 years ago
- Project changed from 624 to TYPO3 Core
- Category changed from Workspaces to Workspaces
Updated by
Updated by Olivier SC over 8 years ago
This bug come from a part of code that use old database field "reviewers" (from previous workspace structure before TYPO3 v4.5) of "sys_workspace" table.
/typo3/sysext/core/Classes/Authentication/BackendUserAuthentication.php
function checkWorkspace(...)
// Checking if he is reviewer user:
if (GeneralUtility::inList($wsRec['reviewers'], 'be_users_' . $this->user['uid'])) {
return array_merge($wsRec, array('_ACCESS' => 'reviewer'));
}
// Checking if he is reviewer through a user group of his:
foreach ($this->userGroupsUID as $groupUid) {
if (GeneralUtility::inList($wsRec['reviewers'], 'be_groups_' . $groupUid)) {
return array_merge($wsRec, array('_ACCESS' => 'reviewer'));
}
}
$wsRec['reviewers'] is the field "reviewers" of the table "sys_workspace", and was used long time ago (before v4.5) to store the list of users selected for review.
The 4.5 migration didn't empty this field while creating the new workspace "custom stage".
This field doesn't have a valid TCA declaration, but still in sql declaration, and couldn't be updated (without use of phpmyadmin or equivalent).
The result of "_ACCESS" is checked in function workspaceCheckStageForCurrent(...) for custom stage :
if ($workspaceRec['custom_stages'] > 0 && $stage !== 0 && $stage !== -10) {
// Get custom stage record
$workspaceStageRec = BackendUtility::getRecord('sys_workspace_stage', $stage);
// Check if the user is responsible for the current stage
if (
$stat['_ACCESS'] === 'owner'
|| $stat['_ACCESS'] === 'member'
&& GeneralUtility::inList($workspaceStageRec['responsible_persons'], 'be_users_' . $this->user['uid'])
) {
return true;
}
[...]
}
For users already listed in old field "reviewers", they are flagged $stat['_ACCESS'] ="reviewer", so they are not allowed to manage custom stage (only owner or member responsible of custom stage are allowed here)
The text "reviewer" is also used in various places of the code (in workspace notification, in some sql query, in dataset for testing).
I think all those parts of code can be removed.
Updated by Gerrit Code Review over 4 years ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/61643
Updated by Gerrit Code Review over 4 years ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/61643
Updated by Benni Mack over 4 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset b150cfa368ca45bc1769b25305f0c2407c6881b0.