Project

General

Profile

Actions

Bug #93370

open

Redirects: non-admin users can not revert redirects via popup (although BE notification claims otherwise)

Added by Sebastian Peine over 3 years ago. Updated 8 months ago.

Status:
Needs Feedback
Priority:
Must have
Assignee:
-
Category:
Link Handling, Site Handling & Routing
Target version:
-
Start date:
2021-01-26
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
10
PHP Version:
7.4
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Scenario (TYPO3 Version 10.4.12):
A non-admin user changes the slug of a page, saves the page, the popup appears to revert the change or revert the redirect only.
Click on revert, then the notification "Revert successful - All created redirects have been reverted." appears. But the redirect still exists and is not removed.

This is what I found debugging this behaviour:
in \TYPO3\CMS\Redirects\Controller\RecordHistoryRollbackController::rollBackCorrelation a Changelog of the sys_redirect record is retrieved.
But as all redirects are stored in PID 0, the check for pageAccess in \TYPO3\CMS\Backend\History\RecordHistory::getHistoryDataForRecord (l. 367, $this->hasPageAccess) fails, so an empty changelog is returned and a "false positive" notification is shown that all redirects are reverted.
($id passed to \TYPO3\CMS\Backend\Utility\BackendUtility::readPageAccess is 0, so it returns false for all non-admins).


Related issues 1 (1 open0 closed)

Related to TYPO3 Core - Task #89301: Streamline automatic slug & redirects handlingAccepted2019-09-29

Actions
Actions #1

Updated by Sebastian Peine over 3 years ago

  • Category set to Link Handling, Site Handling & Routing
Actions #2

Updated by Markus Klein over 3 years ago

  • Description updated (diff)
  • Status changed from New to Accepted
  • Priority changed from Should have to Must have
Actions #3

Updated by Sybille Peters about 3 years ago

  • Related to Task #89301: Streamline automatic slug & redirects handling added
Actions #4

Updated by Sybille Peters over 2 years ago

While working on the documentation for EXT:redirects I found a workaround: If you enable access to the sys_redirect table for editors it should be ok.

You can do so safely I think, as they will not have access to the redirects module unless you explicitly give them access to that as well.

This is the documentation (just published today): https://docs.typo3.org/c/typo3/cms-redirects/master/en-us/Setup/Index.html#configure-editor-permission

If this does not work for you - I would appreciate it if you let me know or create a patch - using "Edit on GitHub" on top right of page to suggest a change is fine.


Apart from that I think current behaviour is definitely buggy - if editors should not have permissions for reverting, should they have permissions for creating redirects? And, they get the notice that they can revert but it has no effect.

Actions #5

Updated by Markus Klein 8 months ago

  • Status changed from Accepted to Needs Feedback

Redirects are not stored on PID 0 anymore. So this should not be an issue anymore.

Actions

Also available in: Atom PDF