Bug #87223

Translated root-page record of BE-User cannot be edited/saved (missing webmount)

Added by Philipp Seiler 5 months ago. Updated 17 days ago.

Status:
Under Review
Priority:
Must have
Assignee:
-
Category:
DataHandler aka TCEmain
Target version:
-
Start date:
2018-12-19
Due date:
% Done:

0%

TYPO3 Version:
9
PHP Version:
Tags:
backend,page,tree,translation,permission,webmount,mount
Complexity:
Is Regression:
Sprint Focus:

Description

  • Use Backend as a non-admin BE-User.
  • This backend user has a root page as the DB-Mount (webmount).
  • This root page has some subpages.
  • The root page is translated into any different language.
  • Translate any subpage.
  • Edit/save any subpage.
  • In \TYPO3\CMS\Core\Authentication\BackendUserAuthentication the method isInWebMount checks if the page being edited is in any allowed webmount.
  • At first, all webmounts from the user permissions are retrieved. Note that ONLY the root language version UIDs of selected webmounts are found!
  • Within that method, BackendUtility::BEgetRootLine returns the rootline up to the root page.
  • If a page of the rootline is within the users lists of webmounts, the record can be edited.

This is OK.

Translated root page cannot be edited/saved

  • Root page is also translated.
  • Edit root page with the BE-User: Attempt to modify record 'Home' (pages:123) without permission. Or non-existing page.
  • Again the method isInWebMount checks if the page can be edited.
  • Again the allowed webmounts of the user are retrieved. Again ONLY the root language version UID of selected webmounts are found!
  • Rootline only returns one element, as we are already on the root page. The returned page is the translated root page!
  • That translated root page however has a different UID than defined in the webmounts! The webmount UID is that of the root language version.
  • Therefore no valid webmount is found.

When checking for permissions, translated pages need to be taken into account!

Workaround

Adjust \TYPO3\CMS\Core\Authentication\BackendUserAuthentication::isInWebMount() so that translated webroots are also selected.

$wM = $this->returnWebmounts();
$rL = BackendUtility::BEgetRootLine($id, ' AND ' . $readPerms);

// Fix bug with UID of translated webmount not taken into account
$wM = $this->addTranslatedWebmounts($wM);

foreach ($rL as $v) {
    if ($v['uid'] && in_array($v['uid'], $wM)) {
        return $v['uid'];
    }
}

Related issues

Related to TYPO3 Core - Bug #87165: \TYPO3\CMS\Core\Authentication\BackendUserAuthentication::isInWebMount does not work for translations of web mounts for non admin users Under Review 2018-12-14
Duplicated by TYPO3 Core - Bug #86575: Missing page access for root-page translations Under Review 2018-10-05
Duplicated by TYPO3 Core - Bug #87985: Permission issue on root page for non-admins on multilanguage environment Under Review 2019-03-22

History

#1 Updated by Philipp Seiler 5 months ago

  • Subject changed from Translated root-page record of BE-User DB-Mount cannot be edited/saved to Translated root-page record of BE-User cannot be edited/saved (missing webmount)

#2 Updated by Philipp Seiler 5 months ago

  • Description updated (diff)

#3 Updated by Philipp Seiler 5 months ago

  • Description updated (diff)

#4 Updated by Daniel Siepmann 4 months ago

  • Duplicated by Bug #86575: Missing page access for root-page translations added

#5 Updated by Philipp Seiler 4 months ago

As per request by a typo3.slack user, here is the addTranslatedWebmounts-Method. Nothing surprising, just get the translated page record.

/**
 * Adds translated pages to the given list of root-language webmount pages.
 * 
 * @param array $webmounts Page UIDs of webmounts in root-language
 * @return array Page UIDs of root-language and translated languages of the page
 */
private function addTranslatedWebmounts(array $webmounts): array {
    if (empty($webmounts)) {
        return $webmounts;
    }

    /* @var $connectionPool \TYPO3\CMS\Core\Database\ConnectionPool */
    $connectionPool = GeneralUtility::makeInstance(ConnectionPool::class);
    $query = $connectionPool->getQueryBuilderForTable('pages');

    $query->resetQueryParts();
    $query->getRestrictions()
    ->removeAll()
    ->add(GeneralUtility::makeInstance(DeletedRestriction::class));

    $translatedWebmounts = $query->select('uid')
    ->from('pages')
    ->where(
        $query->expr()->in('l10n_parent', $webmounts)
    )
    ->execute()
    ->fetchAll(\PDO::FETCH_COLUMN);

    foreach ($translatedWebmounts as $translatedWebmount) {
        if (!in_array($translatedWebmount, $webmounts)) {
            $webmounts[] = $translatedWebmount;
        }
    }

    return $webmounts;
}

#6 Updated by DANIEL Rémy 3 months ago

Hi

I confirm the issue.
Philipp Seiler's patch fixes it.

#7 Updated by Riccardo De Contardi 2 months ago

I write here also the description of the issue #86575 to keep track of it - it contains steps to reproduce the issue:

Description

We are experiencing an issue with missing page access for the translation of a mounted root-page.

Steps to reproduce:
Assumption:
- Blank TYPO3 Project with English as default language and German as foreign language
- A simple page tree with a root page and subpages
- An editor usergroup with the required access rights for 'pages' and the root-page as DB Mount
- The usergroup has all permissions for these pages in the access module

Excepted Result:
- An editor in this usergroup can edit all pages in the default language
- An editor in this usergroup can edit all pages in the foreign language

Actual Result:
- The editor can edit all pages except the translated version of the root-page
Trying to save will result the following error message: "1: Attempt to modify record 'Home' (pages:5) without permission. Or non-existing page."

Setting the following option would solve the problem but i don't think thats a proper solution.

$GLOBALS['TCA']['pages']['ctrl']['security']['ignoreWebMountRestriction'] = true;

#8 Updated by Riccardo De Contardi about 2 months ago

  • Related to Bug #87985: Permission issue on root page for non-admins on multilanguage environment added

#9 Updated by Riccardo De Contardi about 2 months ago

  • Related to deleted (Bug #87985: Permission issue on root page for non-admins on multilanguage environment)

#10 Updated by Riccardo De Contardi about 2 months ago

  • Duplicated by Bug #87985: Permission issue on root page for non-admins on multilanguage environment added

#11 Updated by Gerrit Code Review about 2 months ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/60407

#12 Updated by Riccardo De Contardi 24 days ago

  • Related to Bug #87165: \TYPO3\CMS\Core\Authentication\BackendUserAuthentication::isInWebMount does not work for translations of web mounts for non admin users added

#13 Updated by Gerrit Code Review 17 days ago

Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/59159

Also available in: Atom PDF