Project

General

Profile

Actions

Task #56611

closed

Epic #55070: Workpackages

Epic #55066: WP: Security enhancements

Story #56431: Use new wizard registration and remove wizard entry points

new reference error with non-admin user

Added by Philipp Wrann over 10 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
Backend API
Target version:
Start date:
2014-03-06
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
6.2
PHP Version:
5.3
Tags:
Complexity:
easy
Sprint Focus:

Description

When logging in with a non-admin user and trying to create a reference results in the error attached to this issue
i made sure all file permissions are checked for the group.

I am allready in production, please fix asap.

As admin user everything works as expected


Files

screen.jpg (169 KB) screen.jpg Philipp Wrann, 2014-03-06 15:11
Actions #1

Updated by Philipp Wrann over 10 years ago

You dont have the possibility to allow the module
wizard_element_browser

to a group

So its not possible to enable the element browser except for admin users

trace

1)
$moduleUrl = BackendUtility::getModuleUrl('wizard_element_browser') . '&mode=';

2)
if (!$GLOBALS['BE_USER']->check('modules', $moduleName)) {
return FALSE;
}

3)
if (isset($this->groupData[$type])) {
if ($this->isAdmin() || GeneralUtility::inList($this->groupData[$type], $value)) {
return TRUE;
}
}
return FALSE;

Either you dont return false if the key is no actual module OR you add the wizard_element_browser to the modList, i wouldnt do that, you allready have so much to configure for backend users to be actual able to do SOMEthing.

####
BTW:
when adding wizard_element_browser to the list of allowed modules (be_groups::groupsMods) you can workaround this bug.

Actions #2

Updated by Markus Klein over 10 years ago

  • Category changed from File Abstraction Layer (FAL) to Backend API
  • Status changed from New to Accepted
  • Complexity changed from no-brainer to easy
  • Is Regression changed from No to Yes
Actions #3

Updated by Gerrit Code Review over 10 years ago

  • Status changed from Accepted to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/28118

Actions #4

Updated by Gerrit Code Review over 10 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/28118

Actions #5

Updated by Helmut Hummel over 10 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions #6

Updated by Helmut Hummel over 10 years ago

  • Parent task set to #56431
Actions #7

Updated by Benni Mack about 6 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF