[TYPO3-core] RFC 5588: Typolink cannot be created if FE user is logged in with access restrictions
Martin Kutschker
martin.kutschker-n0spam at no5pam-blackbox.net
Sat May 12 16:20:53 CEST 2007
Oliver Hader schrieb:
> Hi Franz,
>
> Franz Holzinger wrote:
>> Here is the patch file.
>>
>>> This is a SVN patch request.
>>> Problem:
>>> If a FE user has logged in and wants to send a link inside of an
>>> invitation email, which is not visible to logged in users, no pid will
>>> be added to this link.
>>> Solution:
>>> Add the $conf parameter also to lower level URL functions. Add a new
>>> $conf['disableGroupAccessCheck'] to disable the group check for an
>>> allowed page.
>>> Comments:
>>> I see no other solution to this. This page link is needed for the
>>> INVITE feature of sr_feuser_register where the invited person must
>>> click to accept the invitation. The creation page should be hidden
>>> from logged in users, because it disturbs him only. However it should
>>> be able to send it inside of an email.
>>> Reference:
>>> http://bugs.typo3.org/view.php?id=5588
>>> Branches:
>>> Trunk
>>> Greets,
>>> Franz
>
> I don't think that this is a good idea. getTypoLink() is used as
> builder/wrapper to create the $conf array for typolink(). Providing a
> own $conf array and overwriting it by getTypoLink() might lead to
> confusion in encapsulation. Why don't you use typoLink()/typoLink_URL()
> directly in sr_feuser_register?
And I think the name could be typolink.linkAccessRestrictedPages to be
in sync with config.typolinkLinkAccessRestrictedPages.
Masi
PS: But do we really need such a dangerous feature? Instead of disabling
the group check, the link generation could be run as "anonyomous user"
(group -1) to get the desired effect for Franz.
More information about the TYPO3-team-core
mailing list