Project

General

Profile

Actions

Bug #83041

closed

See Admin tools with Editor

Added by Markus Günther about 7 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2017-11-20
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
9
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

I am not sure if this is intended, but it feels wrong.
You can create a new editor without any permissions. Just enter username and password and when you login as this editor you see the admin tools in the menu.

You can not do something, but seeing the menu feels also wrong.
In older TYPO3 versions this was not possible.


Files

Actions #1

Updated by Georg Ringer about 7 years ago

How to reproduce:

1) Use the backend to create an editor
2) use the user module to switch to that user

The problem is in BackendUserAuthentication where $this->getRealUserId() is compared with the maintainer idlist. This will return true when switched to a non admin who should still not see the admin module.

Actions #2

Updated by Gerrit Code Review almost 7 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/54941

Actions #3

Updated by Gerrit Code Review almost 7 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/54941

Actions #4

Updated by Gerrit Code Review almost 7 years ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/54941

Actions #5

Updated by Georg Ringer almost 7 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions #6

Updated by Benni Mack about 6 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF