Project

General

Profile

Actions

Bug #94829

closed

Wrong workspace preview of published version if user has no access for live editing

Added by Jessica Jagodzinski almost 3 years ago. Updated over 1 year ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Workspaces
Target version:
-
Start date:
2021-08-12
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
10
PHP Version:
7.4
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

If a user has no permissions to edit live, the user has no possibility to see the live version of an edited page when logged in. The user always sees the workspace version.

Steps to reproduce:
  • create a workspace and a user without "Edit Live" workspace_perms
  • switch to the user
  • edit an existing page
  • open preview of the page
  • use the slider to switch between published and staged version

Related issues 1 (0 open1 closed)

Is duplicate of TYPO3 Core - Bug #93097: Faulty live view in comparison preview for non LIVE-EditorsClosed2020-12-17

Actions
Actions #1

Updated by Lidia Demin over 2 years ago

Can confirm this problem on TYPO3 10.4.22. Might this be related to #96077?

Actions #2

Updated by Oliver Pfaff about 2 years ago

I can confirm this as well for version 11.5.7. Tested on clean and fresh ddev installation. When the Backend User has no access to the live workspace, the published view will be the preview from selected workspace and not from the live version as expected.

Actions #3

Updated by Oliver Pfaff about 2 years ago

I have done some quick debuggin in the fresh 11 version. And i found out where the problem is.

Inside TYPO3\CMS\Workspaces\Middleware\WorkspacePreview.php we try to (Line 122)setTemporaryWorkspace to 0 alias Live/Production when ADMCMD_prev=LIVE is set as get parameter.

But inside TYPO3\CMS\Core\Authentication\BackendUserAuthentication.php and the called Method setTemporaryWorkspace fails the check $this->checkWorkspace($workspaceId); because there this check about the access to live workspace fails:

switch ((string)$wsRec['uid']) {
                    case '0':
                        $retVal = (($this->groupData['workspace_perms'] ?? 0) & 1)
                            ? array_merge($wsRec, ['_ACCESS' => 'online'])
                            : false;
                        break;

so we need some kind of special check/perrmission when ADMCMD_prev=LIVE is set or when this is intended to be like it is(maybe there are some sicurity aspects), the preview view makes no sense and we should see only the workspace view.

Maybe i will find the time to make my own contribution, anyway i hope with this info the issue can be resolved faster.

Actions #4

Updated by Gerrit Code Review about 2 years ago

  • Status changed from New to Under Review

Patch set 1 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/74171

Actions #5

Updated by Nikita Hovratov almost 2 years ago

  • Is duplicate of Bug #93097: Faulty live view in comparison preview for non LIVE-Editors added
Actions #6

Updated by Eric Harrer over 1 year ago

  • Status changed from Under Review to Resolved
Actions #7

Updated by Benni Mack over 1 year ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF