Bug #83041

See Admin tools with Editor

Added by Markus Günther over 4 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2017-11-20
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
9
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

I am not sure if this is intended, but it feels wrong.
You can create a new editor without any permissions. Just enter username and password and when you login as this editor you see the admin tools in the menu.

You can not do something, but seeing the menu feels also wrong.
In older TYPO3 versions this was not possible.


Files

#1

Updated by Georg Ringer over 4 years ago

How to reproduce:

1) Use the backend to create an editor
2) use the user module to switch to that user

The problem is in BackendUserAuthentication where $this->getRealUserId() is compared with the maintainer idlist. This will return true when switched to a non admin who should still not see the admin module.

#2

Updated by Gerrit Code Review over 4 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/54941

#3

Updated by Gerrit Code Review over 4 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/54941

#4

Updated by Gerrit Code Review over 4 years ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/54941

#5

Updated by Georg Ringer over 4 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
#6

Updated by Benni Mack almost 4 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF