TYPO3 Core

I report here the description of #94105 to keep track of it

Non-admin users are not able to revert the redirect via the blue popup on page save, when the slug is changed and the page saved.

How to reproduce:
Create a page “test123” and save
Change page title to “test345", update the slug and save.
Redirect for keyword “test123” in Source Path should be visible in Redirect Module.
Click “Revert redirects only” in the blue popup
Redirect for keyword “test123” in Source Path should be gone in Redirect Module.
Repeat with any non-admin editor (make sure to grant access to redirect module, list rights for redirect show/edit, and allow all fields in the record itself)
The redirect will not be deleted in the last step.

The problem seems to be combination of the facts, that all redirects are stored on pid=0 and that non-admins don't have page access to page id 0

I xdebug'ed the problem and came out here: https://github.com/TYPO3/TYPO3.CMS/blob/7aad9f6dea9246a1cc64f1b076e106605db3e04c/typo3/sysext/backend/Classes/History/RecordHistory.php#L273

if (empty($GLOBALS['TCA'][$table]) || !$this->hasTableAccess($table) || !$this->hasPageAccess($table, $uid)) {
    return [];
}

Calling the method $this->hasPageAccess($table, $uid) will return false.

So one (complex) solution could be to not save redirect records on pid=0 but any other page, the editor has access. A simpler solution could be to always skip the access tests for table "sys_redirect"

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/69634

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/69634

Patch set 1 for branch 10.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/70412

Important: The editor needs modify/write access for the table sys_redirect. This can be changed in the backend user access rights list. Otherwise reverting the redirect won't work.

That solved the problem, thanks!

IMO this bug should not be closed; "The editor needs modify/write access for the table sys_redirect" - if these are NOT set why is non admin users able to create them?

Anyhow the messinging is VERY confusing when modify/write is NOT set, because the non admin editor can NOT revert those redirects :-(

Claus Harup wrote in #note-14:

IMO this bug should not be closed; (...) if these are NOT set why is non admin users able to create them?

This bug was about reverting, so I think closing this ticket was correct. But of course, you have a valid point with asking why users without permission for "sys_redirects" are allowed to create them. In my opinion, this is worth its own ticket.