TYPO3 Core

I tried the same test on TYPO3 13.2.0-dev and these are my findings:

Prerequisites¶

• TYPO3 installation with a frontend URL like e.g. https://typo3.main.it.ddev.site:8443/
• a FE Usergroup "feusers" (ID=1)
• a Workspace ("Draft")

Test 1¶

1. on LIVE workspace create a page "test-96658" (ID=780 in my case) > URL: https://typo3.main.it.ddev.site:8443/test-96658 OK
2. edit it > Tab "Access" > Usergroup Access Rights [fe_group]: feusers [1]; save and close
3. use the preview button on the Page Module

Result:¶

the URL https://typo3.main.it.ddev.site:8443/test-96658?ADMCMD_simUser=1 is called and the page is visible (with the "preview yellow box")

Test 2¶

1. Switch to "Draft" workspace
2. use the preview button on the Page Module

Result¶

the URL https://typo3.main.it.ddev.site:8443/typo3/workspace/preview-control/?token=[token]&id=780 is called and I see the "workspace split view" with LIVE/Draft slider; the two sides of the "workspace preview" with the slider are <iframes> with the folowing URLS:

(LIVE part): https://typo3.main.it.ddev.site:8443/?ADMCMD_prev=LIVE&id=780 > shows error 403
(Draft part): https://typo3.main.it.ddev.site:8443/?ADMCMD_prev=IGNORE&id=780 > shows error 404

Test 3¶

1. Switch to "LIVE" workspace
2. Edit the main TypoScript template of the site (on home page) > TS Setup:

   config.admPanel = 1
   

   Save and preview the page
3. use the preview button on the Page Module
4. On the bottom Admin Panel bar > Settings > Simulate User Group: select "feuser"; click "Update Settings"; close the preview window
5. Switch to "Draft" workspace
6. use again the preview button on the Page Module

Result¶

• now the preview works for both sides of the "workspace split view
• you will see TWO bottom Admin Panel bar (for each side of the preview)

I don't know if it is how it is expected to work.

Addendum¶

Please note that even if you revert

config.admPanel = 0

@Riccardo De Contardi, thanks for your analysis!

I don't know if it is how it is expected to work.

My opinion: since it's not necessary to use the "admin panel user group simulation" in your scenario 1, it shouldn't be necessary in a draft workspace either.

I'm currently upgrade by system to TYPO3 v12.4.21 - and in this version, the preview works fine - also for restricted pages in "none-live-Workspaces". So, the problem is solved in TYPO3v12. You can close this bug-issue. Thanks for your help.

Then we must be working with 2 different scenarios because I can definitely confirm this bug exists for 11, 12 and 13. Hence my bugfix for the current main branch.

@Juergen Kussmann, here's a SQL dump of my test scenario covering 4 different cases:

• Page 1: unprotected in live, protected in draft
• Page 2: protected in live, unprotected in draft
• Page 3: protected in live, protected in draft
• Page 4: protected by group 1 in live, protected by group 2 in draft

Maybe you can check again with these cases too?

SELECT @PID := (MAX(uid)+1) FROM pages;
INSERT INTO `pages` (`uid`, `pid`, `sorting`, `title`, `slug`, `fe_group`, `t3ver_oid`, `t3ver_wsid`, `t3ver_state`, `t3ver_stage`) VALUES
(@PID,192,1,'Workspace test','/workspace-test','0',0,0,0,0),
(@PID+1,@PID,1,'page 1: not yet protected','/workspace-test/page-1-not-yet-protected','',0,0,0,0),
(@PID+2,@PID,2,'page 2: protected','/workspace-test/page-2-protected','1',0,0,0,0),
(@PID+3,@PID,3,'page 3: still protected','/workspace-test/page-3-still-protected','1',0,0,0,0),
(@PID+4,@PID,4,'page 4: protected by group 1','/workspace-test/page-3-still-protected-1','1',0,0,0,0),
(@PID+5,@PID,1,'page 1: now protected','/workspace-test/page-1-not-yet-protected','1',@PID+1,1,0,0),
(@PID+6,@PID,2,'page 2: now unprotected','/workspace-test/page-2-protected','',@PID+2,1,0,0),
(@PID+7,@PID,4,'page 4: protected by group 2','/workspace-test/page-3-still-protected-1','2',@PID+4,1,0,0);

SELECT @UID := (MAX(uid)+1) FROM tt_content;
INSERT INTO `tt_content` (`uid`, `pid`, `CType`, `header`, `bodytext`, `t3ver_oid`, `t3ver_wsid`, `t3ver_state`, `t3ver_stage`) VALUES
(@UID,@PID+2,'text','live content','',0,0,0,0),
(@UID+1,@PID+1,'text','live content','',0,0,0,0),
(@UID+2,@PID+3,'text','live content','',0,0,0,0),
(@UID+3,@PID+4,'text','live content','',0,0,0,0),
(@UID+4,@PID+1,'text','draft content','<p>this page is now protected</p>',@UID+1,1,0,0),
(@UID+5,@PID+2,'text','draft content','<p>this page is now unprotected</p>',@UID,1,0,0),
(@UID+6,@PID+3,'text','draft content','<p>this page is still protected, only its content changed.</p>',@UID+2,1,0,0),
(@UID+7,@PID+4,'text','draft content','<p>this page is still protected, but now a different group has access to it.</p>',@UID+3,1,0,0);

Patch set 2 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/86257

Patch set 3 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/86257