Bug #91559

Reverting auto slug update for editors does not work

Added by Chris Müller over 1 year ago. Updated 2 months ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
Link Handling, Site Handling & Routing
Target version:
-
Start date:
2020-06-03
Due date:
% Done:

90%

Estimated time:
TYPO3 Version:
10
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

When reverting a redirect which was created as an editor, a successful notification is shown. However, the redirect record is still available.

As an admin user the redirect record is removed.

This behaviour was observed in TYPO3 10.4.3.


Related issues

Has duplicate TYPO3 Core - Bug #94105: Redirects not revertable by non adminsClosed2021-05-10

Actions
#1

Updated by Guido Schmechel 6 months ago

  • Has duplicate Bug #94105: Redirects not revertable by non admins added
#2

Updated by Riccardo De Contardi 6 months ago

I report here the description of #94105 to keep track of it

Non-admin users are not able to revert the redirect via the blue popup on page save, when the slug is changed and the page saved.

How to reproduce:
Create a page “test123” and save
Change page title to “test345", update the slug and save.
Redirect for keyword “test123” in Source Path should be visible in Redirect Module.
Click “Revert redirects only” in the blue popup
Redirect for keyword “test123” in Source Path should be gone in Redirect Module.
Repeat with any non-admin editor (make sure to grant access to redirect module, list rights for redirect show/edit, and allow all fields in the record itself)
The redirect will not be deleted in the last step.

#3

Updated by Henrik Elsner 5 months ago

  • Priority changed from Should have to Must have

We too have this issue. (with 10.4.17)
And i would declare it as must have as this can highly affect SEO etc.

#4

Updated by Albrecht Köhnlein 5 months ago

The problem seems to be combination of the facts, that all redirects are stored on pid=0 and that non-admins don't have page access to page id 0

I xdebug'ed the problem and came out here: https://github.com/TYPO3/TYPO3.CMS/blob/7aad9f6dea9246a1cc64f1b076e106605db3e04c/typo3/sysext/backend/Classes/History/RecordHistory.php#L273

if (empty($GLOBALS['TCA'][$table]) || !$this->hasTableAccess($table) || !$this->hasPageAccess($table, $uid)) {
    return [];
}

Calling the method $this->hasPageAccess($table, $uid) will return false.

So one (complex) solution could be to not save redirect records on pid=0 but any other page, the editor has access. A simpler solution could be to always skip the access tests for table "sys_redirect"

#5

Updated by Gerrit Code Review 5 months ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/69634

#6

Updated by Gerrit Code Review 5 months ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/69634

#7

Updated by Gerrit Code Review 5 months ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/69634

#8

Updated by Gerrit Code Review 4 months ago

Patch set 1 for branch 10.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/70412

#9

Updated by Albrecht Köhnlein 4 months ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
#10

Updated by Alexander Rotzsch 3 months ago

  • % Done changed from 100 to 90

Testet it with 10.4.20. Patch is applied correctly and all caches were deleted but taking back redirects for non-admins don't work -> redirects are stored.

#11

Updated by Benni Mack 3 months ago

  • Status changed from Resolved to Closed
#12

Updated by Dave Zen 3 months ago

Important: The editor needs modify/write access for the table sys_redirect. This can be changed in the backend user access rights list. Otherwise reverting the redirect won't work.

#13

Updated by Alexander Rotzsch 3 months ago

That solved the problem, thanks!

#14

Updated by Claus Harup 2 months ago

IMO this bug should not be closed; "The editor needs modify/write access for the table sys_redirect" - if these are NOT set why is non admin users able to create them?

Anyhow the messinging is VERY confusing when modify/write is NOT set, because the non admin editor can NOT revert those redirects :-(

Also available in: Atom PDF