Bug #96658
openFrontend preview doesn't work on restricted pages, when any none-live-workspace is selected
0%
Description
The frontend-preview of restricted pages doesn't work, when any none-live-workspace is selected.
An example:
The TYPO3-page 'mytypo3page' (UID=272204) is restricted by the fe_groups-record with UID 4884.
When i click the frontend-preview-button in the TYPO3-backend-module 'page' (in LIVE-Workspace), than TYPO3 is calling the URL https://mytypo3domain.com/mytypo3page?ADMCMD_simUser=4884 and the Preview works.
When i click the frontend-preview-button in the TYPO3-backend-module 'page' (in any NONE-LIVE-Workspace - e.g. my 'test-workspace'), than TYPO3 is calling the URL https://mytypo3domain.com/typo3/workspace/preview-control/?token=[token]&id=272204.
The Response of that URL calls now two URLs:
- /mytypo3page?ADMCMD_prev=LIVE&id=272204
- /mytypo3page?ADMCMD_prev=IGNORE&id=272204
Both of that URL's produces a 403 HTTP-StatusCode - with message 'ID was not an accessible page' in PageErrorHandlerInterface.
When i add the String '&ADMCMD_simUser=4964' on the URL https://mytypo3domain.com/typo3/workspace/preview-control/?token=[token]&id=272204 than the preview works fine.
So, in short:
This (current) URL doesn't work on restricted pages: https://mytypo3domain.com/typo3/workspace/preview-control/?token=[token]&id=272204
This URL does work on restricted pages: https://mytypo3domain.com/typo3/workspace/preview-control/?token=[token]&id=272204&ADMCMD_simUser=4964
Updated by Riccardo De Contardi 2 months ago
I tried the same test on TYPO3 13.2.0-dev and these are my findings:
Prerequisites¶
- TYPO3 installation with a frontend URL like e.g.
https://typo3.main.it.ddev.site:8443/
- a FE Usergroup "feusers" (ID=1)
- a Workspace ("Draft")
Test 1¶
- on LIVE workspace create a page "test-96658" (ID=780 in my case) > URL:
https://typo3.main.it.ddev.site:8443/test-96658
OK - edit it > Tab "Access" > Usergroup Access Rights
[fe_group]
: feusers [1]; save and close - use the preview button on the Page Module
Result:¶
the URL https://typo3.main.it.ddev.site:8443/test-96658?ADMCMD_simUser=1
is called and the page is visible (with the "preview yellow box")
Test 2¶
- Switch to "Draft" workspace
- use the preview button on the Page Module
Result¶
the URL https://typo3.main.it.ddev.site:8443/typo3/workspace/preview-control/?token=[token]&id=780
is called and I see the "workspace split view" with LIVE/Draft slider; the two sides of the "workspace preview" with the slider are <iframes> with the folowing URLS:
(LIVE part): https://typo3.main.it.ddev.site:8443/?ADMCMD_prev=LIVE&id=780
> shows error 403
(Draft part): https://typo3.main.it.ddev.site:8443/?ADMCMD_prev=IGNORE&id=780
> shows error 404
Test 3¶
- Switch to "LIVE" workspace
- Edit the main TypoScript template of the site (on home page) > TS Setup:
config.admPanel = 1
Save and preview the page - use the preview button on the Page Module
- On the bottom Admin Panel bar > Settings > Simulate User Group: select "feuser"; click "Update Settings"; close the preview window
- Switch to "Draft" workspace
- use again the preview button on the Page Module
Result¶
- now the preview works for both sides of the "workspace split view
- you will see TWO bottom Admin Panel bar (for each side of the preview)
I don't know if it is how it is expected to work.
Addendum¶
Please note that even if you revert
config.admPanel = 0, it will continue to work, unless you empty the "simulate User Group" dropdown on the Admin Panel
Updated by Rémy DANIEL about 1 month ago
- Related to Bug #96778: Workspace Preview Links not working when [starttime] in future added