Bug #86542

Override admin panel settings does nothing

Added by Florian Rival about 2 years ago. Updated 5 months ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
AdminPanel
Target version:
-
Start date:
2018-10-02
Due date:
% Done:

0%

TYPO3 Version:
8
PHP Version:
Tags:
Complexity:
easy
Is Regression:
Sprint Focus:

Description

If you try to set user TSConfig to hide some settings in FE admin panel, that doesn't work.

Example (see attached file) :

admPanel {
enable.preview = 1
override.preview.showFluidDebug = 0
override.preview.simulateDate= 0
}

It seems that this configuration doesn't work :

admPanel.override.[modulename].[propertyname]

I didn't test for panels other than 'preview'.

The code involved is here : \TYPO3\CMS\Frontend\View\AdminPanelView->getPreviewModule
You can see that everything is hard coded ignoring TS Config.

Admin panel.jpg View (23.2 KB) Florian Rival, 2018-10-02 10:57


Related issues

Related to TYPO3 Core - Bug #87895: ViewHelper <f:be.security.ifAuthenticated> does not work for editors Closed 2019-03-13

History

#1 Updated by Florian Rival about 2 years ago

  • Category set to AdminPanel
  • Complexity set to easy

#2 Updated by Susanne Moog about 2 years ago

  • Sprint Focus set to On Location Sprint

#3 Updated by Susanne Moog over 1 year ago

  • Status changed from New to Needs Feedback

As the adminPanel was rewritten in v9 can you check again if it's working ok for you there? Thanks!

#4 Updated by Florian Rival over 1 year ago

Ok the configuration works in version V9.

#5 Updated by Riccardo De Contardi over 1 year ago

Either I am doing something wrong, or for me the issue is still present on 9.5.5 or 10.0.0-dev

admPanel.override.[modulename].[propertyname]

Does not seem to have any effect. I tried with putting the TSConfig code both in the tsconfig field of a be usergroup and of a be user (non-admin).

#6 Updated by Christian Eßl over 1 year ago

Testing with the TSConfig:

admPanel {
 enable.preview = 1
 override.preview.showFluidDebug = 0
 override.preview.simulateDate= 0
}

A few scenarios:
  • pasting this in the page TSConfig and viewing the adminpanel as admin, the settings are ignored
  • pasting this in the admin users TSConfig and viewing the adminpanel as admin, the settings are applied
  • pasting this in the TSConfig of a non-admin beuser and viewing the adminpanel as this user, the settings are ignored

So we have a few problems here:
Apparently the adminpanel currently only loads in User TSConfig, not Page TSConfig. Is this supposed to be the case? Then this statement can be ignored.

Second, when logging in as non-admin user which has activated the adminpanel in TSConfig, it can happen that the adminpanel is not shown at all. This is because in StateUtility::isActivatedForUser() the $GLOBALS['BE_USER'] is empty in this case.
I checked around what could explain this behaviour and found a few lines in the PageResolver middleware:

// No access? Then remove user and re-evaluate the page id
        if ($this->controller->isBackendUserLoggedIn() && !$GLOBALS['BE_USER']->doesUserHaveAccess($this->controller->page, Permission::PAGE_SHOW)) {
            unset($GLOBALS['BE_USER']);
            // Register an empty backend user as aspect
            $this->setBackendUserAspect(GeneralUtility::makeInstance(Context::class), null);
            $this->controller->determineId();
        }

This code checks if the logged in beuser has SHOW permissions on the currently viewed page, if not, the beuser object is unset.
So this means, for the adminpanel to work for non-admin beusers, you would alway have to go to the acces module in the backend and set page access permissions for a group the beuser belongs to. In my opinion, the page access permissions are not related to the adminpanel, so I would handle this as a BUG.

#7 Updated by Riccardo De Contardi about 1 year ago

  • Related to Bug #87895: ViewHelper <f:be.security.ifAuthenticated> does not work for editors added

#8 Updated by Susanne Moog 10 months ago

  • Sprint Focus deleted (On Location Sprint)

#9 Updated by Susanne Moog 10 months ago

@Christian:

- Only userTSConfig is meant to work, not page TS Config
- Only pages where the user has access to in the backend should have the admin panel in the frontend (as this is an enhancement for editors working on pages and includes things like cache clearing and previewing - which is only relevant if you have at least minimal permissions for that page)

As far as I can see it behaves as intended here.

#10 Updated by Susanne Moog 5 months ago

  • Status changed from Needs Feedback to Closed

Closing due to lack of feedback and system behaving as intended (see previous comments).

Also available in: Atom PDF