Project

General

Profile

Actions

Bug #95344

open

Backend admins that also have groups assigned see the full page tree AND(!) the mount points

Added by Stefan P over 2 years ago. Updated over 2 years ago.

Status:
Needs Feedback
Priority:
Should have
Assignee:
-
Category:
Pagetree
Target version:
-
Start date:
2021-09-24
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
10
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Steps to reproduce:

  • Create a non-admin backend user with some groups that have do_mountpoints . This user sees these mountpoints. Fine.
  • Now make this user an admin without removing his groups: The user will have the full page tree and the stripped-down page tree from the groups.

If a user is admin the db_mountpoints evaluation should not happen at all (for a clean pagetree and for performance reasons).

Discovered on v9, but probably valid also on later versions.


Related issues 1 (1 open0 closed)

Related to TYPO3 Core - Feature #25381: Option to disable double listing of DB mountsNew2011-03-23

Actions
Actions #1

Updated by Stefan P over 2 years ago

  • TYPO3 Version changed from 9 to 10

still valid on v10

Actions #2

Updated by Stefan P over 2 years ago

  • Subject changed from Backend admins that also have groups assigned see the full page tree and the mount points to Backend admins that also have groups assigned see the full page tree AND(!) the mount points
Actions #3

Updated by Benni Mack over 2 years ago

  • Status changed from New to Needs Feedback

There is an option to do it in the reverse, as this is a "known issue" (let's call it "feature", as some think this is a good idea https://docs.typo3.org/m/typo3/reference-tsconfig/master/en-us/UserTsconfig/Options.html#dontmountadminmounts). So what would you see as expected behaviour?

Actions #4

Updated by Stefan P over 2 years ago

Benni Mack wrote in #note-3:

So what would you see as expected behaviour?

That an admin either sees the root or the mounts from the groups. So that never the mounts and the root are shown alongside .

dontMountAdminMounts option allows the inverse of my suggested change. The correct bahviour IMHO would be (pseudo-code):

if(isAdmin && !dontMountAdminMounts) {
  // render ONLY root - this case is missing currently
} else
  // render ONLY db_mountpoints in any other case (non-admin or dontMountAdminMounts = true)
}

Optionally, add a new setting that allows specifying whether admins see only the mounts, only the root or explicitly both.

Actions #5

Updated by Stefan P over 2 years ago

The place in the core:

// Admin's always have the root mounted
if ($this->isAdmin() && !($this->getTSConfig()['options.']['dontMountAdminMounts'] ?? false)) {
    $this->dataLists['webmount_list'] = '0,' . $this->dataLists['webmount_list'];
}

The original webmount_list should't be appended here, IMHO (or add new setting that allows to specify this explicitly). (also the comment is wrong, obviously admins not always have the root mounted with the TS setting ;))

Actions #6

Updated by Benni Mack over 2 years ago

Hey Stefan,

yes. But then there is another option when editing a user (admin and non-admin), called "Mount from groups" on each user, which allows to disable the inclusion of webmounts from usergroups. Removing the checkbox there does exactly what you suggested?

Actions #7

Updated by Stefan P over 2 years ago

And how can i configure this to be like the following? :)

  • false for all admins (ever, no matter if a user becomes admin later)
  • true for non-admins (ever, no matter if an admin becomes a non-admin later)
  • checkbox always hidden (I don't want to care per-user / per-user-change)

I'm talking about an installation with many-hundreds users where its can happen that a user becomes admin and later a normal user again. We don't want to have to care about assinging/removing user groups/checkboxes on any user-change. In our case we need "admin sees the root (and only the root, always), non-admin sees his personal mounts (and only these, always)"

Actions #8

Updated by Benni Mack over 2 years ago

Stefan P wrote in #note-7:

And how can i configure this to be like the following? :)

  • false for all admins (ever, no matter if a user becomes admin later)
  • true for non-admins (ever, no matter if an admin becomes a non-admin later)
  • checkbox always hidden (I don't want to care per-user / per-user-change)

I'm talking about an installation with many-hundreds users where its can happen that a user becomes admin and later a normal user again. We don't want to have to care about assinging/removing user groups/checkboxes on any user-change. In our case we need "admin sees the root (and only the root, always), non-admin sees his personal mounts (and only these, always)"

OK. A (new) TSconfig option would not help in this case then, I think. What I suggest you can do is:
  • Create an extension with a DataHandler hook, checking if an admin is transformed into a non-admin, and remove the checkboxes, and vice versa when transforming from a non-admin to an admin.
  • In addition, create a CLI command to check the checkboxes for all existing users to set the property accordingly.
Actions #9

Updated by Benni Mack over 2 years ago

  • Related to Feature #25381: Option to disable double listing of DB mounts added
Actions

Also available in: Atom PDF