Project

General

Profile

Actions

Bug #91049

closed

PageResolver has no info about feUserGroup to properly do $site->getRouter()->matchRequest which leads to 404 for records that are fe_group protected

Added by Krystian Szymukowicz over 4 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Frontend
Target version:
Start date:
2020-04-15
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
9
PHP Version:
7.3
Tags:
Complexity:
Is Regression:
Yes
Sprint Focus:

Description

HOW TO REPRODUCE:
1. Setup ext:news
2. Setup routing configuration for ext:news
3. Setup frontend user login and log to website
4. Set some news to be avaliable only for logged users (fe_groups)
5. The news will be visible on list view but when you click single news link you will see 404 error

THE REASON:
The reason is that router matcher can not read record because wrong frontend group are returned by GeneralUtility::makeInstance(Context::class)->getAspect('frontend.user') because user->groupData is not yet filled at this time.

MORE INFO:
In file typo3/sysext/frontend/Classes/Middleware/PageResolver.php at line 111 there is check for:

$pageArguments = $site->getRouter()->matchRequest($request, $previousResult);

Inside this check there is query that use TYPO3\CMS\Core\Database\Query\Restriction\FrontendGroupRestriction. In the constructor of the FrontendGroupRestriction there is
$frontendUserAspect = GeneralUtility::makeInstance(Context::class)->getAspect('frontend.user');

This $frontendUserAspect has method getGroupIds() which use isLoggedIn() which checks for $this->user->groupData['uid'] but on this level there is no yet $this->user->groupData because it will be generated in file typo3/sysext/frontend/Classes/Middleware/PageResolver.php at line 158 $this->controller->determineId()


Related issues 1 (0 open1 closed)

Related to TYPO3 Core - Bug #90989: Lookup of access restricted records throws 404Closed2020-04-09

Actions
Actions

Also available in: Atom PDF