Project

General

Profile

Actions
Copy link

Bug #96658

open

Frontend preview doesn't work on restricted pages, when any none-live-workspace is selected

Added by Juergen Kussmann almost 3 years ago. Updated 30 days ago.

Status:
Under Review
Priority:
Should have
Assignee:
-
Category:
Frontend
Target version:
next-patchlevel
Start date:
2022-01-27
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
11
PHP Version:
7.4
Tags:
Complexity:
medium
Is Regression:
Sprint Focus:

Description

The frontend-preview of restricted pages doesn't work, when any none-live-workspace is selected.

An example:
The TYPO3-page 'mytypo3page' (UID=272204) is restricted by the fe_groups-record with UID 4884.

When i click the frontend-preview-button in the TYPO3-backend-module 'page' (in LIVE-Workspace), than TYPO3 is calling the URL https://mytypo3domain.com/mytypo3page?ADMCMD_simUser=4884 and the Preview works.

When i click the frontend-preview-button in the TYPO3-backend-module 'page' (in any NONE-LIVE-Workspace - e.g. my 'test-workspace'), than TYPO3 is calling the URL https://mytypo3domain.com/typo3/workspace/preview-control/?token=[token]&id=272204.
The Response of that URL calls now two URLs:
- /mytypo3page?ADMCMD_prev=LIVE&id=272204
- /mytypo3page?ADMCMD_prev=IGNORE&id=272204
Both of that URL's produces a 403 HTTP-StatusCode - with message 'ID was not an accessible page' in PageErrorHandlerInterface.

When i add the String '&ADMCMD_simUser=4964' on the URL https://mytypo3domain.com/typo3/workspace/preview-control/?token=[token]&id=272204 than the preview works fine.

So, in short:
This (current) URL doesn't work on restricted pages: https://mytypo3domain.com/typo3/workspace/preview-control/?token=[token]&id=272204
This URL does work on restricted pages: https://mytypo3domain.com/typo3/workspace/preview-control/?token=[token]&id=272204&ADMCMD_simUser=4964

Files

workspaces-PreviewController.patch (1.96 KB) workspaces-PreviewController.patch Patch for v11 Philipp Kitzberger, 2024-10-09 21:03

Related issues 2 (2 open0 closed)

Related to TYPO3 Core - Bug #96778: Workspace Preview Links not working when [starttime] in futureUnder Review2022-02-08

Actions
Related to TYPO3 Core - Bug #105567: Frontend preview not working on restricted pages for normal editorsNeeds Feedback2024-11-11

Actions
Actions
Copy link
 #1

Updated by Riccardo De Contardi 7 months ago

I tried the same test on TYPO3 13.2.0-dev and these are my findings:

Prerequisites

  • TYPO3 installation with a frontend URL like e.g. https://typo3.main.it.ddev.site:8443/
  • a FE Usergroup "feusers" (ID=1)
  • a Workspace ("Draft")

Test 1

  1. on LIVE workspace create a page "test-96658" (ID=780 in my case) > URL: https://typo3.main.it.ddev.site:8443/test-96658 OK
  2. edit it > Tab "Access" > Usergroup Access Rights [fe_group]: feusers [1]; save and close
  3. use the preview button on the Page Module

Result:

the URL https://typo3.main.it.ddev.site:8443/test-96658?ADMCMD_simUser=1 is called and the page is visible (with the "preview yellow box")

Test 2

  1. Switch to "Draft" workspace
  2. use the preview button on the Page Module

Result

the URL https://typo3.main.it.ddev.site:8443/typo3/workspace/preview-control/?token=[token]&id=780 is called and I see the "workspace split view" with LIVE/Draft slider; the two sides of the "workspace preview" with the slider are <iframes> with the folowing URLS:

(LIVE part): https://typo3.main.it.ddev.site:8443/?ADMCMD_prev=LIVE&id=780 > shows error 403
(Draft part): https://typo3.main.it.ddev.site:8443/?ADMCMD_prev=IGNORE&id=780 > shows error 404

Test 3

  1. Switch to "LIVE" workspace
  2. Edit the main TypoScript template of the site (on home page) > TS Setup: 
    config.admPanel = 1
    Save and preview the page
  3. use the preview button on the Page Module
  4. On the bottom Admin Panel bar > Settings > Simulate User Group: select "feuser"; click "Update Settings"; close the preview window
  5. Switch to "Draft" workspace
  6. use again the preview button on the Page Module

Result

  • now the preview works for both sides of the "workspace split view
  • you will see TWO bottom Admin Panel bar (for each side of the preview)

I don't know if it is how it is expected to work.

Addendum

Please note that even if you revert 

config.admPanel = 0
, it will continue to work, unless you empty the "simulate User Group" dropdown on the Admin Panel

Actions
Copy link
 #2

Updated by Rémy DANIEL 5 months ago

  • Related to Bug #96778: Workspace Preview Links not working when [starttime] in future added
Actions
Copy link
 #3

Updated by Philipp Kitzberger 3 months ago · Edited

@Riccardo De Contardi, thanks for your analysis!

I don't know if it is how it is expected to work.

My opinion: since it's not necessary to use the "admin panel user group simulation" in your scenario 1, it shouldn't be necessary in a draft workspace either.

Actions
Copy link
 #4

Updated by Philipp Kitzberger 3 months ago

  • Complexity changed from easy to medium

It's working when I manually add the GET parameter ADMCMD_simUser to both preview URLs of the split screen iframes:

Guess that EXT:workspace/Classes/Controller/PreviewController.php should add them when generating $liveUrl and $wsUrl.

Here's a rough fix for 11 and 12:

$permissionClause = $GLOBALS['BE_USER']->getPagePermsClause(\TYPO3\CMS\Core\Type\Bitmask\Permission::PAGE_SHOW);
$pageInfo = BackendUtility::readPageAccess($this->pageId, $permissionClause) ?: [];
$context = clone GeneralUtility::makeInstance(\TYPO3\CMS\Core\Context\Context::class);
$previewParams = BackendUtility::ADMCMD_previewCmds($pageInfo, $context);
$previewParams = GeneralUtility::explodeUrl2Array($previewParams);

...

try {
    ...
    $parameters = $queryParameters + $previewParams;
    ...
    $parameters = $queryParameters + $previewParams;

Unfortunately BackendUtility::ADMCMD_previewCmds() is gone for version 13 and is part of EXT:backend/Classes/Routing/PreviewUriBuilder.php now.

Actions
Copy link
 #5

Updated by Gerrit Code Review about 2 months ago

  • Status changed from New to Under Review

Patch set 1 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/86257

Actions
Copy link
 #6

Updated by Juergen Kussmann about 1 month ago

I'm currently upgrade by system to TYPO3 v12.4.21 - and in this version, the preview works fine - also for restricted pages in "none-live-Workspaces". So, the problem is solved in TYPO3v12. You can close this bug-issue. Thanks for your help.

Actions
Copy link
 #7

Updated by Philipp Kitzberger about 1 month ago

Then we must be working with 2 different scenarios because I can definitely confirm this bug exists for 11, 12 and 13. Hence my bugfix for the current main branch.

Actions
Copy link
 #9

Updated by Philipp Kitzberger about 1 month ago

@Juergen Kussmann, here's a SQL dump of my test scenario covering 4 different cases:

  • Page 1: unprotected in live, protected in draft
  • Page 2: protected in live, unprotected in draft
  • Page 3: protected in live, protected in draft
  • Page 4: protected by group 1 in live, protected by group 2 in draft

Maybe you can check again with these cases too?

SELECT @PID := (MAX(uid)+1) FROM pages;
INSERT INTO `pages` (`uid`, `pid`, `sorting`, `title`, `slug`, `fe_group`, `t3ver_oid`, `t3ver_wsid`, `t3ver_state`, `t3ver_stage`) VALUES
(@PID,192,1,'Workspace test','/workspace-test','0',0,0,0,0),
(@PID+1,@PID,1,'page 1: not yet protected','/workspace-test/page-1-not-yet-protected','',0,0,0,0),
(@PID+2,@PID,2,'page 2: protected','/workspace-test/page-2-protected','1',0,0,0,0),
(@PID+3,@PID,3,'page 3: still protected','/workspace-test/page-3-still-protected','1',0,0,0,0),
(@PID+4,@PID,4,'page 4: protected by group 1','/workspace-test/page-3-still-protected-1','1',0,0,0,0),
(@PID+5,@PID,1,'page 1: now protected','/workspace-test/page-1-not-yet-protected','1',@PID+1,1,0,0),
(@PID+6,@PID,2,'page 2: now unprotected','/workspace-test/page-2-protected','',@PID+2,1,0,0),
(@PID+7,@PID,4,'page 4: protected by group 2','/workspace-test/page-3-still-protected-1','2',@PID+4,1,0,0);

SELECT @UID := (MAX(uid)+1) FROM tt_content;
INSERT INTO `tt_content` (`uid`, `pid`, `CType`, `header`, `bodytext`, `t3ver_oid`, `t3ver_wsid`, `t3ver_state`, `t3ver_stage`) VALUES
(@UID,@PID+2,'text','live content','',0,0,0,0),
(@UID+1,@PID+1,'text','live content','',0,0,0,0),
(@UID+2,@PID+3,'text','live content','',0,0,0,0),
(@UID+3,@PID+4,'text','live content','',0,0,0,0),
(@UID+4,@PID+1,'text','draft content','<p>this page is now protected</p>',@UID+1,1,0,0),
(@UID+5,@PID+2,'text','draft content','<p>this page is now unprotected</p>',@UID,1,0,0),
(@UID+6,@PID+3,'text','draft content','<p>this page is still protected, only its content changed.</p>',@UID+2,1,0,0),
(@UID+7,@PID+4,'text','draft content','<p>this page is still protected, but now a different group has access to it.</p>',@UID+3,1,0,0);
Actions
Copy link
 #10

Updated by Gerrit Code Review about 1 month ago

Patch set 2 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/86257

Actions
Copy link
 #11

Updated by Gerrit Code Review 30 days ago

Patch set 3 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/86257

Actions
Copy link
 #12

Updated by Chris no-lastname-given 10 days ago

  • Related to Bug #105567: Frontend preview not working on restricted pages for normal editors added
Actions
Copy link

Also available in: Atom PDF