Bug #83547

previewLinks in Workspaces and broken rootline

Added by Alexander Opitz 5 months ago. Updated 4 months ago.

Status:
Resolved
Priority:
Should have
Category:
Workspaces
Start date:
2018-01-12
Due date:
% Done:

100%

TYPO3 Version:
7
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

What I did

Actually result
TYPO3 Exception
Broken rootline. Could not resolve page with uid XXX

Awaited result

Showing a preview of the site defined in the preview link.
--

While tracing this issue, I found it has pre complex conditions to happen.
  • We need two workspaces, which need to have different "db_mountpoints" defined, without overlapping rootline
  • Switch to workspace one
  • Create a new page
  • Create a previewlink for this new page in the workspace modul.
  • Test previewlink in another browser => Works
  • Switch to workspace two
  • Test previewlink in another browser => Exception

Associated revisions

Revision d7c8f291 (diff)
Added by Alexander Opitz 4 months ago

[BUGFIX] Allow workspace preview inside another rootline

The rootline for page view now depends on the webmounts of the workspace
the preview link was generated on and not the webmounts the beuser, who
generated the preview link, is at the moment of calling the preview
link.

Resolves: #83547
Releases: master, 8.7
Change-Id: I53c8d45260b79c4d5679f00084fe81b502668ee7
Reviewed-on: https://review.typo3.org/55341
Reviewed-by: Mathias Schreiber <>
Tested-by: Mathias Schreiber <>
Tested-by: TYPO3com <>
Reviewed-by: Susanne Moog <>
Tested-by: Susanne Moog <>

Revision 9f05cba0 (diff)
Added by Alexander Opitz 4 months ago

[BUGFIX] Allow workspace preview inside another rootline

The rootline for page view now depends on the webmounts of the workspace
the preview link was generated on and not the webmounts the beuser, who
generated the preview link, is at the moment of calling the preview
link.

Resolves: #83547
Releases: master, 8.7
Change-Id: I53c8d45260b79c4d5679f00084fe81b502668ee7
Reviewed-on: https://review.typo3.org/55613
Tested-by: TYPO3com <>
Reviewed-by: Susanne Moog <>
Tested-by: Susanne Moog <>

History

#1 Updated by Alexander Opitz 5 months ago

The problem is inside

/typo3/sysext/workspaces/Classes/Hook/PreviewHook.php:140 ff

// Either use configured workspace mount (of the workspace) or current page id
if (empty($tempBackendUser->groupData['webmounts'])) {
    $tempBackendUser->groupData['webmounts'] = !empty($workspaceRecord['db_mountpoints']) ? $workspaceRecord['db_mountpoints'] : $pObj->id;
}

The $tempBackendUser->groupData['webmounts'] will contain the webmounts of the BE user who generated this preview link, so if he switched to another workspace with db_mountpoints out of the scope of our page to view, we are off.

But removing this line may lead to a security issue, if the db_mountpoints of the be_user is deeper then the one of the workspace ... he could then see pages out of his scope inside the preview.

We could add, before calling $tempBackendUser->fetchGroupData(); something like

$tempBackendUser->user['workspace_id'] = $workspaceUid;

but the function fetchGroupData() calls workspaceInit() which may lead to workspace change on user record.

Maybe it helps todo before $tempBackendUser->fetchGroupData(); (but it is a bit fragile IMHO):

$tempBackendUser->setTemporaryWorkspace($workspaceUid);
$tempBackendUser->user['workspace_id'] = $workspaceUid;

#2 Updated by Gerrit Code Review 5 months ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/55341

#3 Updated by Gerrit Code Review 4 months ago

Patch set 1 for branch TYPO3_8-7 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/55613

#4 Updated by Gerrit Code Review 4 months ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/55341

#5 Updated by Gerrit Code Review 4 months ago

Patch set 2 for branch TYPO3_8-7 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/55613

#6 Updated by Alexander Opitz 4 months ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100

Also available in: Atom PDF