Bug #83041
closed
See Admin tools with Editor
100%
Description
I am not sure if this is intended, but it feels wrong.
You can create a new editor without any permissions. Just enter username and password and when you login as this editor you see the admin tools in the menu.
You can not do something, but seeing the menu feels also wrong.
In older TYPO3 versions this was not possible.
Files
Updated by Georg Ringer about 7 years ago
How to reproduce:
1) Use the backend to create an editor
2) use the user module to switch to that user
The problem is in BackendUserAuthentication where $this->getRealUserId() is compared with the maintainer idlist. This will return true when switched to a non admin who should still not see the admin module.
Updated by Gerrit Code Review almost 7 years ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/54941
Updated by Gerrit Code Review almost 7 years ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/54941
Updated by Gerrit Code Review almost 7 years ago
Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/54941
Updated by Georg Ringer almost 7 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 3d4d9d013f2fa62527bce3f08ee6b2b2c721df89.
Updated by 