Bug #97803
open
User has no page mount but gets the whole page tree
Added by Bernhard Eckl almost 2 years ago.
Updated 10 months ago.
Description
I created a new user and assigned a default group which assigns modules and config settings but no page in the db mounts. When I switch to the user I can see all pages in the pagetree (wrong behaviour, no page should be seen). If I assign the user or its group a page db mount only that page is shown (correct behaviour).
Related issues
1 (1 open — 0 closed)
had this recently also in TYPO3 >= 11.5.9
I have performed the following test with TYPO3 9, 10, 11, 12, 13:
Prerequisites¶
- fresh TYPO3 installation
- some pages on the pageTree, a starting home page and a couple of subpages
- an "editors" BE group
- an "editor" BE user
Test procedure¶
1. Access module > ensure that all the pages belong to the "Editors" group (owner can be your admin user)
2. [Root] > list view > edit "editors" BE Group and
2.1 Tab "Access List" > add everything
2.2 Tab "Mounts and Workspaces" > DO NOT ADD a DB Mount
2.3 Save & close
3. [Root] > list view > edit "editor" BE User and
3.1 Tab "Access List" > add everything
3.2 Tab "Mounts and Workspaces" > DO NOT ADD a DB Mount and check "Mount from groups" > DB Mount
3.3 Save & Close
- Switch to "Editor"
- Click on page module Page module
Test Results¶
| TYPO3 Version |
Pagetree |
Interaction with the pagetree (i.e. clicking on a page) |
| 9.5.31 |
the pagetree is totally absent |
no interaction is possible, an error card is shown on the right side of the interface with the text "Page tree error
Got unexpected response from the server. Please check logs for details." |
| 10.4.37 |
the pagetree is visible and shows the pages belonging to the group |
The backend crashes with the error message:
Whoops, looks like something went wrong.
(1/1) #1289917924 RuntimeException
You don't have access to this page
in /Sites/typo3.10.test.composer.it/public/typo3/sysext/backend/Classes/Http/RouteDispatcher.php line 157 |
| 11.5.30 |
the pagetree is visible and shows the pages belonging to the group |
it shows an error page with the message:
503
Oops, an error occurred!
You don't have access to this page |
| 12.4.4 and 13.0.0-dev |
the pagetree is visible and shows the pages belonging to the group |
The backend crashes with the error message:
Whoops, looks like something went wrong.
(1/1) #1289917924 RuntimeException
You don't have access to this page
in /var/www/html/vendor/typo3/cms-backend/Classes/Middleware/BackendModuleValidator.php line 184 |
- Related to Feature #77990: Visible Access Check for BE-Users and their given DB-Mounts added
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by