Project

General

Profile

Actions
Copy link

Bug #99715

closed

non-admin user might access "admin-only" module

Added by Oliver Bartsch almost 2 years ago. Updated almost 2 years ago.

Status:
Closed
Priority:
Should have
Assignee:
Oliver Bartsch
Category:
Miscellaneous
Target version:
-
Start date:
2023-01-25
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
12
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

A non-admin user might be able to access "admin-only" modules in case the users' groupData still contain the module. This however can only happen in case an admin filesystem access manually adjusted the module configuration by changing access to "user", allowed module access for the user / user group and afterwards reverted the change in the module configuration.

Actions
Copy link
 #1

Updated by Gerrit Code Review almost 2 years ago

  • Status changed from New to Under Review

Patch set 1 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77604

Actions
Copy link
 #2

Updated by Oliver Bartsch almost 2 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions
Copy link
 #3

Updated by Benni Mack almost 2 years ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF