Bug #93714

Editors can't restore page records in Recycler

Added by Patrick Broens 7 months ago. Updated 7 months ago.

Status:
New
Priority:
Must have
Assignee:
-
Category:
Recycler
Target version:
Start date:
2021-03-12
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
10
PHP Version:
7.3
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

As an admin you are able to restore page records with Recycler, as an editor you can't.

The following needs to be true, which is the default configuration:
$GLOBALS['TYPO3_CONF_VARS']['BE']['lockBeUserToDBmounts'] = true;

The problem is the Recycler is checking the page access for the backend user, unsetting $GLOBALS['TCA']['pages']['ctrl']['delete'] temporarily to get the deleted pages. This does not work. The rootline is calculated using BackendUtility::BEgetRootLine() with the deleted page as a starting point for the calculation. BackendUtility::BEgetRootLine() and BackendUtility::getPageForRootline() are using runtime cache. The runtime cache in BackendUtility::getPageForRootline() is being filled with a query statement (including deleted restriction) before checking the page access AND before unsetting $GLOBALS['TCA']['pages']['ctrl']['delete'] . The same statement is used within the Recycler (including deleted restriction) which will always make the deleted page inaccessible.

To track this bug down follow:
TYPO3\CMS\Recycler\Domain\Model\DeletedRecords::checkRecordAccess()
TYPO3\CMS\Recycler\Utility\RecyclerUtility::checkAccess()
TYPO3\CMS\Core\Authentication\BackendUserAuthentication::calcPerms()
TYPO3\CMS\Core\Authentication\BackendUserAuthentication::isInWebMount()
TYPO3\CMS\Backend\Utility\BackendUtility::BEgetRootLine()
TYPO3\CMS\Backend\Utility\BackendUtility::getPageForRootline()

#1

Updated by Patrick Broens 7 months ago

How to reproduce:

  • Make a root page
  • Switch to an editor which proper access
  • Make a subpage of this root page
  • Delete the subpage
  • Make a content element in the root page
  • Delete the content element
  • Go to the Recycler module and click the root page
  • The subpage is not in the list to restore

The deleted content element is needed to reproduce, since this will store the query statement ('getPageForRootlineStatement-' . $statementCacheIdent) in the runtime cache before the access to the deleted pages is calculated.

In my case deleted tt_content records were fetched before page records.

Also available in: Atom PDF