Bug #87223
Updated by Philipp Seiler over 5 years ago
* Use Backend as a non-admin BE-User. * This backend user has a root page as the DB-Mount (webmount). * This root page has some subpages. * The root page is translated into any different language. * Translate any subpage. * Edit/save any subpage. * In _\TYPO3\CMS\Core\Authentication\BackendUserAuthentication_ the method _isInWebMount_ checks if the page being edited is in any allowed webmount. * At first, all webmounts from the user permissions are retrieved. Note that ONLY the root language version UIDs of selected webmounts are found! * Within that method, _BackendUtility::BEgetRootLine_ returns the rootline up to the root page. * If a page of the rootline is within the users lists of webmounts, the record can be edited. *This is OK.* h1. Translated root page cannot be edited/saved * Root page is also translated. * Edit root page with the BE-User: *Attempt to modify record 'Home' (pages:123) without permission. Or non-existing page.* * Again the method _isInWebMount_ checks if the page can be edited. * Again the allowed webmounts of the user are retrieved. Again ONLY the root language version UID of selected webmounts are found! * Rootline only returns one element, as we are already on the root page. The returned page is the translated root page! * That translated root page however has a different UID than defined in the webmounts! The webmount UID is that of the root language version. * Therefore no valid webmount is found. *When checking for permissions, translated pages need to be taken into account!* h1. Workaround Adjust Extend _BackendUserAuthentication_ method _fetchGroupData()_ so that it selects translated webmounts as well. <pre>foreach ($webmounts as $idx => $mountPointUid) { // If the mount ID is NOT found among selected pages, unset it: if ($mountPointUid > 0 && !isset($MProws[$mountPointUid])) { unset($webmounts[$idx]); } } // Select translations of webmounts $queryBuilder->resetQueryParts(); $queryBuilder->getRestrictions() ->removeAll() ->add(GeneralUtility::makeInstance(DeletedRestriction::class)); $translatedWebmounts = $queryBuilder->select('uid') ->from('pages') ->where( $queryBuilder->expr()->in('l10n_parent', $webmounts) ) ->execute() ->fetchAll(\PDO::FETCH_COLUMN); foreach ($translatedWebmounts as $translatedWebmount) { $webmounts[] = $translatedWebmount; } // Implode mounts in the end. $this->groupData['webmounts'] = implode(',', $webmounts);</pre>