Bug #56384
closed
Function setSysPageWhereClause() in TypoScriptFrontendController should call enableFields()
0%
Description
In \TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController in function setSysPageWhereClause() in line 1785
$this->sys_page->where_groupAccess = $this->sys_page->getMultipleGroupsWhereClause('pages.fe_group', 'pages');
should be
$this->sys_page->where_groupAccess = $this->sys_page->enableFields('pages');
It's not possible to hook the enableFields function if it's not called.
Updated by Gerrit Code Review over 10 years ago
- Status changed from New to Under Review
Patch set 1 for branch TYPO3_6-1 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/27903
Updated by Markus Hölzle over 10 years ago
Why this is helpful:
For custom user rights you have to hook the enabledFields function. This works for each record type except pages.
This line of code solves this problem, so that even 'pages' using enabledFields().
I think it must be possible to have special user right for the pages.
Updated by Markus Klein over 10 years ago
Hi!
I did a thorough review now of your intention. I fully agree that your request for the hook being called is very valid indeed, but your solution is breaking "everything".
The good news, we might be able to tweak this to get it right.
First, some observations about PageRepository¶
$this->where_hid_deland$this->where_groupAccessare always used by simply concatenating them in exactly this order.- In the
getPage()method there's an option to omit the$this->where_groupAccesspart.
From this we can conclude that $this->where_groupAccess may only contain conditions belonging to group access checks, as the name suggests.
Using enableFields() like you suggested, is plain wrong¶
because this regenerates all the hidden, disabled etc. conditions again and assigns them to $this->where_groupAccess, which breaks observation number two.
But, the init() function + the result of getMultipleGroupsWhereClause() do actually generate the very same query as enableFields() would do, just the query is properly separated into the variables.
But, there's one exception: The behaviour is different if $this->versioningPreview is TRUE and $this->versioningPreview_where_hid_del is not set accordingly.
In getWorkspaceVersionOfRecord() there's also a comment why $this->versioningPreview_where_hid_del is necessary:
// Have to hardcode it for "pages" table since TCA is not loaded at this moment!
Solutions¶
So if you can ensure that TCA is availalbe at this point, you may refactor the code, such that enableFields() can be used within the TypoScriptFrontendController::fetch_the_id() method.
Another option might be to add the hook call also to TypoScriptFrontendController::fetch_the_id() after the call to setSysPageWhereClause()
Updated by Wouter Wolters almost 10 years ago
- Status changed from Under Review to Needs Feedback
Hi,
Is this still an issue in newer versions of TYPO3 CMS (6.2.9)?
If yes, can you provide a newer patch against master by using Gerrit? http://wiki.typo3.org/CWT
Updated by Alexander Opitz over 9 years ago
- Status changed from Needs Feedback to Closed
No feedback within the last 90 days => closing this issue.
If you think that this is the wrong decision or experience this issue again, then please write to the mailing list typo3.teams.bugs with issue number and an explanation or open a new ticket and add a relation to this ticket number.