Bug #41419: User in custom stage could not use it - TYPO3 Core - TYPO3 Forge

Custom queries

Accessibility
Easy tasks
Forge Triage
JavaScript issues
JavaScript Issues (w/o Epics/Stories)
My open issues
No feedback within 90 days
Open Bugs
Open issues of 10
Recently modified
Regressions
Stabilization Issues
Usability or UX

Actions

Copy link

Bug #41419

closed

User in custom stage could not use it

Added by Martin Kästner about 12 years ago. Updated almost 5 years ago.

Status:

Closed

Priority:

Should have

Assignee:

Category:

Workspaces

Target version:

Start date:

2012-09-27

Due date:

% Done:

100%

Estimated time:

TYPO3 Version:

4.7

PHP Version:

5.3

Tags:

Complexity:

Is Regression:

Sprint Focus:

Description

Hi,

we have updated from 4.4 to 4.5 to 4.6 to 4.7. And had custom workspaces with reviewers in it. These where converted to custom stages with the reviewers in it.

BUT these users could not send the content from this stage back or to the next stage "ready to publish".

I found this is because in the database table sys_workspace is already the field reviewers. With the old users in it.

In class.t3lib_userauthgroup.php in the function workspaceCheckStageForCurrent() this call
$stat = $this->checkWorkspaceCurrent();
is getting a wrong value:
$stat['_ACCESS'] = 'reviewer'
(because of the db table field...)

History
Notes
Property changes
Associated revisions

Actions

Copy link

Updated by Steffen Gebert about 12 years ago

Priority changed from Must have to Should have
Target version deleted (~~4.7.5~~)

Thanks for your your report, Martin!

I'm not so deep into workspaces - as you found the problem, do you also know a possible solution?

If yes, it would be great, if you could create a patch and push it into the review workflow, see http://wiki.typo3.org/Contribution_Walkthrough_Tutorials

Thanks
Steffen

Actions

Copy link

Updated by Christian Lange almost 12 years ago

I can confirm this bug. If you clear the column reviewers in the sys_workspace table the custom stages works fine.

Actions

Copy link

Updated by Michael Stucki almost 11 years ago

Category changed from Bugs to Workspaces

Actions

Copy link

Updated by Michael Stucki almost 11 years ago

Project changed from 624 to TYPO3 Core
Category changed from Workspaces to Workspaces

Actions

Copy link

Updated by Mathias Schreiber almost 10 years ago

Target version set to 7.5

Actions

Copy link

Updated by Benni Mack about 9 years ago

Target version changed from 7.5 to 7 LTS

Actions

Copy link

Updated by Mathias Schreiber about 9 years ago

Target version deleted (~~7 LTS~~)

Actions

Copy link

Updated by Olivier SC almost 9 years ago

This bug come from a part of code that use old database field "reviewers" (from previous workspace structure before TYPO3 v4.5) of "sys_workspace" table.
/typo3/sysext/core/Classes/Authentication/BackendUserAuthentication.php
function checkWorkspace(...)

// Checking if he is reviewer user:
if (GeneralUtility::inList($wsRec['reviewers'], 'be_users_' . $this->user['uid'])) {
    return array_merge($wsRec, array('_ACCESS' => 'reviewer'));
}
// Checking if he is reviewer through a user group of his:
foreach ($this->userGroupsUID as $groupUid) {
    if (GeneralUtility::inList($wsRec['reviewers'], 'be_groups_' . $groupUid)) {
        return array_merge($wsRec, array('_ACCESS' => 'reviewer'));
    }
}

$wsRec['reviewers'] is the field "reviewers" of the table "sys_workspace", and was used long time ago (before v4.5) to store the list of users selected for review.
The 4.5 migration didn't empty this field while creating the new workspace "custom stage".
This field doesn't have a valid TCA declaration, but still in sql declaration, and couldn't be updated (without use of phpmyadmin or equivalent).

The result of "_ACCESS" is checked in function workspaceCheckStageForCurrent(...) for custom stage :

if ($workspaceRec['custom_stages'] > 0 && $stage !== 0 && $stage !== -10) {
    // Get custom stage record
    $workspaceStageRec = BackendUtility::getRecord('sys_workspace_stage', $stage);
    // Check if the user is responsible for the current stage
    if (
        $stat['_ACCESS'] === 'owner'
        || $stat['_ACCESS'] === 'member'
        && GeneralUtility::inList($workspaceStageRec['responsible_persons'], 'be_users_' . $this->user['uid'])
    ) {
        return true;
    }
    [...]
}

For users already listed in old field "reviewers", they are flagged $stat['_ACCESS'] ="reviewer", so they are not allowed to manage custom stage (only owner or member responsible of custom stage are allowed here)

The text "reviewer" is also used in various places of the code (in workspace notification, in some sql query, in dataset for testing).
I think all those parts of code can be removed.

Actions

Copy link

Updated by Gerrit Code Review about 5 years ago

Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/61643

Actions

Copy link

#10

Updated by Gerrit Code Review about 5 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/61643

Actions

Copy link

#11