Bug #93370
open
Redirects: non-admin users can not revert redirects via popup (although BE notification claims otherwise)
0%
Description
Scenario (TYPO3 Version 10.4.12):
A non-admin user changes the slug of a page, saves the page, the popup appears to revert the change or revert the redirect only.
Click on revert, then the notification "Revert successful - All created redirects have been reverted." appears. But the redirect still exists and is not removed.
This is what I found debugging this behaviour:
in \TYPO3\CMS\Redirects\Controller\RecordHistoryRollbackController::rollBackCorrelation a Changelog of the sys_redirect record is retrieved.
But as all redirects are stored in PID 0, the check for pageAccess in \TYPO3\CMS\Backend\History\RecordHistory::getHistoryDataForRecord (l. 367, $this->hasPageAccess) fails, so an empty changelog is returned and a "false positive" notification is shown that all redirects are reverted.
($id passed to \TYPO3\CMS\Backend\Utility\BackendUtility::readPageAccess is 0, so it returns false for all non-admins).
Updated by Sebastian Peine almost 4 years ago
- Category set to Site Handling, Site Sets & Routing
Updated by Markus Klein almost 4 years ago
- Description updated (diff)
- Status changed from New to Accepted
- Priority changed from Should have to Must have
Updated by Sybille Peters over 3 years ago
- Related to Task #89301: Streamline automatic slug & redirects handling added
Updated by Sybille Peters about 3 years ago
While working on the documentation for EXT:redirects I found a workaround: If you enable access to the sys_redirect table for editors it should be ok.
You can do so safely I think, as they will not have access to the redirects module unless you explicitly give them access to that as well.
This is the documentation (just published today): https://docs.typo3.org/c/typo3/cms-redirects/master/en-us/Setup/Index.html#configure-editor-permission
If this does not work for you - I would appreciate it if you let me know or create a patch - using "Edit on GitHub" on top right of page to suggest a change is fine.
Apart from that I think current behaviour is definitely buggy - if editors should not have permissions for reverting, should they have permissions for creating redirects? And, they get the notice that they can revert but it has no effect.
Updated by Markus Klein about 1 year ago
- Status changed from Accepted to Needs Feedback
Redirects are not stored on PID 0 anymore. So this should not be an issue anymore.