Bug #97803
open
User has no page mount but gets the whole page tree
0%
Description
I created a new user and assigned a default group which assigns modules and config settings but no page in the db mounts. When I switch to the user I can see all pages in the pagetree (wrong behaviour, no page should be seen). If I assign the user or its group a page db mount only that page is shown (correct behaviour).
Updated by Hartmut Steglich almost 2 years ago
had this recently also in TYPO3 >= 11.5.9
Updated by Riccardo De Contardi 9 months ago
I have performed the following test with TYPO3 9, 10, 11, 12, 13:
Prerequisites¶
- fresh TYPO3 installation
- some pages on the pageTree, a starting home page and a couple of subpages
- an "editors" BE group
- an "editor" BE user
Test procedure¶
1. Access module > ensure that all the pages belong to the "Editors" group (owner can be your admin user)
2. [Root] > list view > edit "editors" BE Group and
2.1 Tab "Access List" > add everything
2.2 Tab "Mounts and Workspaces" > DO NOT ADD a DB Mount
2.3 Save & close
3. [Root] > list view > edit "editor" BE User and
3.1 Tab "Access List" > add everything
3.2 Tab "Mounts and Workspaces" > DO NOT ADD a DB Mount and check "Mount from groups" > DB Mount
3.3 Save & Close
- Switch to "Editor"
- Click on page module Page module
Test Results¶
| TYPO3 Version | Pagetree | Interaction with the pagetree (i.e. clicking on a page) |
|---|---|---|
| 9.5.31 | the pagetree is totally absent | no interaction is possible, an error card is shown on the right side of the interface with the text "Page tree error Got unexpected response from the server. Please check logs for details." |
| 10.4.37 | the pagetree is visible and shows the pages belonging to the group | The backend crashes with the error message: Whoops, looks like something went wrong. (1/1) #1289917924 RuntimeException You don't have access to this page in /Sites/typo3.10.test.composer.it/public/typo3/sysext/backend/Classes/Http/RouteDispatcher.php line 157 |
| 11.5.30 | the pagetree is visible and shows the pages belonging to the group | it shows an error page with the message: 503 Oops, an error occurred! You don't have access to this page |
| 12.4.4 and 13.0.0-dev | the pagetree is visible and shows the pages belonging to the group | The backend crashes with the error message: Whoops, looks like something went wrong. (1/1) #1289917924 RuntimeException You don't have access to this page in /var/www/html/vendor/typo3/cms-backend/Classes/Middleware/BackendModuleValidator.php line 184 |
Updated by Annett Jähnichen 9 months ago
- Related to Feature #77990: Visible Access Check for BE-Users and their given DB-Mounts added