[TYPO3-dev] TCE Datahandler admin-flag not working correctly

Jan Bartels j.bartels at arcor.de
Wed Jan 6 20:27:35 CET 2016 

Hi Jigal,

Am 06.01.2016 um 14:54 schrieb Jigal van Hemert:
> On 05/01/2016 22:09, Jan Bartels wrote:
>> I've just debugged the SysAction for adding/editing BE-Users. See
>> https://forge.typo3.org/issues/72391 for details.
>>
>> I think that the TCE-DataHandler is not working correctly in this
>> use-case. The method ActionTask::saveNewBackendUser() calls the
>> TCE-DataHandler as follows: ...
>>
>> The admin-flag should enable TCEmain to set all DB-fields without any
>> restrictions, but DataHandler::fillInFieldArray() ignores the admin-flag
>> when checking for disabled fields: ...
>>
>> I'd suggest to add an extra condition "|| $this->admin" to this
>> if-statement to ignore any disabled fields that are restricting the
>> original calling BE-user.
>
> $this->exclude_array is set to an empty array if $this->admin evaluates
> to true. $this->data_disableFields is an empty array if you didn't fill
> it yourself.
Right, but $this->exclude_array is initialized in $tce->start() already, 
before the admin-flag is set. Moving this assignment might already help 
(haven't checked so far).

> The problem is that you set $tce->admin, which is actually an internal
> variable (but unfortunately not labelled as such because it originates
> from a long time ago).
Btw: It's not my code, but it is a part of the Typo3-core, that uses the 
shown code-sequence. As I wrote at the beginning, the system extension 
sys_action isn't working correctly because of this issue!

> Inside $tce->start() admin is set to the admin status of the BE user and
> if admin is set, exclude_array is set to an empty array (otherwise to
> the generated exclude list).
> A possible workaround could be to copy the global BE user, set the admin
> property in that user and pass it as BE user to start():
>
> $tce =
> GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\DataHandling\\DataHandler');
>
> $myBeUser =  $GLOBALS['BE_USER'];
> $myBeUser->user['admin'] = 1;
> $tce->stripslashes_values = 0;
> $tce->start($data, array(), $myBeUser);
> $tce->process_datamap();
>
> Now you've given admin permissions to your BE user! [!!! danger zone !!!]
If this is the "official" solution, please correct saveNewBackendUser() 
in /typo3/sysext/sys_action/Classes/ActionTask.php accordingly and 
update issue 72391 on forge afterwards.

Jan

More information about the TYPO3-dev mailing list