Bug #71580

Switch-User feature uses wrong user id for logging

Added by Remo H. over 4 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Backend User Interface
Target version:
Start date:
2015-11-15
Due date:
% Done:

100%

TYPO3 Version:
7
PHP Version:
Tags:
Complexity:
Is Regression:
Yes
Sprint Focus:

Description

Situation: One workspace with a usergroup assigned as editors. Admin is owner. Workspace is freezed for editing.
If the admin saves a content element a flash message is shown that workspace has been frozen (1: [newlog()] All editing in this workspace has been frozen!).
If the editor saves a content element no flash message is shown at all.
There must be a message for all content editors shown that the workspace is frozen. Otherwise content editors are confused.
In TYPO3 6.2 it's not an issue, only in 7 LTS.


Related issues

Related to TYPO3 Core - Bug #17643: Sys_log table doesn't keep Switched User real name in the log Closed 2007-10-02
Related to TYPO3 Core - Bug #77907: Regression: Column order in record history Closed 2016-09-12

Associated revisions

Revision 4f623990 (diff)
Added by Oliver Hader almost 4 years ago

[BUGFIX] Switch-User feature uses wrong user id for logging

Issue #17643 introduced logging for a simulated backend user
(switch-user) and thus logs by using the original admin user.

This is a regression in PageLayoutController::renderQuickEdit
since the used backend user id is different to the persisted
one. Besides that, all actions are performed with the permissions
of the simulated user - thus, logging with a different user seems
to wrong. The sys_log.log_data field (array) is used to transport
the information of the original (admin) user.

This change reverts the initial change of issue #17643 and adds
the initial intention of that issue as addition to the persisted
data in sys_log.log_data. All affected components are adjusted as
well to visualize that a user has been simulated (log view, record
history and lowlevel_cleaner syslog command).

Resolves: #71580
Releases: master, 7.6
Change-Id: If12df60563afd1f0746d43e62f824b20f139df8c
Reviewed-on: https://review.typo3.org/45490
Reviewed-by: Markus Klein <>
Reviewed-by: Christian Kuhn <>
Tested-by: Christian Kuhn <>
Reviewed-by: Frank Naegler <>
Tested-by: Frank Naegler <>

Revision 90f44c54 (diff)
Added by Oliver Hader almost 4 years ago

[BUGFIX] Switch-User feature uses wrong user id for logging

Issue #17643 introduced logging for a simulated backend user
(switch-user) and thus logs by using the original admin user.

This is a regression in PageLayoutController::renderQuickEdit
since the used backend user id is different to the persisted
one. Besides that, all actions are performed with the permissions
of the simulated user - thus, logging with a different user seems
to wrong. The sys_log.log_data field (array) is used to transport
the information of the original (admin) user.

This change reverts the initial change of issue #17643 and adds
the initial intention of that issue as addition to the persisted
data in sys_log.log_data. All affected components are adjusted as
well to visualize that a user has been simulated (log view, record
history and lowlevel_cleaner syslog command).

Resolves: #71580
Releases: master, 7.6
Change-Id: If12df60563afd1f0746d43e62f824b20f139df8c
Reviewed-on: https://review.typo3.org/45489
Reviewed-by: Frank Naegler <>
Tested-by: Frank Naegler <>

History

#1 Updated by Oliver Hader about 4 years ago

  • Status changed from New to Accepted
  • Priority changed from Must have to Should have

Confirmed. It would be even better, if modification elements are not shown at all and the frozen status is visualized always...

#2 Updated by Oliver Hader about 4 years ago

Reason is issue #17643 which uses the original user to log the notification.
This happens only if a user is simulated, not if the user is logged in correctly.

#3 Updated by Oliver Hader about 4 years ago

  • Subject changed from Missing notification when saving content in frozen workspace. to Switch-User feature uses wrong user id for logging

#4 Updated by Oliver Hader about 4 years ago

  • Category changed from Workspaces to Backend User Interface
  • Is Regression changed from No to Yes

The mentioned issue that introduced this misbehavior is partly wrong.
All actions of a simulated user are executed with the permissions of that user.
Using the initial (admin) uid is wrong in that regard and also introduces a regression in the quick-edit mode (PageLayoutController::renderQuickEdit for resolving the NEWid).

#5 Updated by Gerrit Code Review about 4 years ago

  • Status changed from Accepted to Under Review

Patch set 1 for branch TYPO3_7-6 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/45489

#6 Updated by Gerrit Code Review about 4 years ago

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/45490

#7 Updated by Gerrit Code Review about 4 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/45490

#8 Updated by Gerrit Code Review about 4 years ago

Patch set 2 for branch TYPO3_7-6 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/45489

#9 Updated by Gerrit Code Review about 4 years ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/45490

#10 Updated by Oliver Hader almost 4 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100

#11 Updated by Riccardo De Contardi over 2 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF