[TYPO3-core] RFC: Feature #13164: CLI processes cannot be executed when adminOnly mode is enabled

[Dmitry Dulepov]

Hi!

On 2010-01-13 16:56:39 +0200, Oliver Hader said:
> Solution:
> Add a new state for the adminOnly configuration that allows CLI
> processes to bypass the adminOnly check. Thus, there are the following
> settings for adminOnly:
> -1: Lock backend and install tool
> 0: Default - No lock at all
> 1: Only admin users can log into the backend
> 2: Only admin users can log into the backend, but CLI processes using
> regular backend users are allowed

Or we can just allow cli users always. For example:

--- t3lib/class.t3lib_beuserauth.php	2008-05-24 21:53:58.000000000 +0300
+++ t3lib/class.t3lib_beuserauth.php	2010-01-13 17:18:08.000000000 +0200
@@ -194,7 +194,7 @@
 		} else {	// ...and if that's the case, call these functions
 			$this->fetchGroupData();	//	The groups are fetched and ready for 
permission checking in this initialization.	Tables.php must be read 
before this because stuff like the modules has impact in this
 			if ($this->checkLockToIP())	{
-				if (!$GLOBALS['TYPO3_CONF_VARS']['BE']['adminOnly'] || $this->isAdmin())	{
+				if (!$GLOBALS['TYPO3_CONF_VARS']['BE']['adminOnly'] || 
$this->isAdmin() || strncasecmp($this->user['username'], '_cli_', 5) == 
0)	{
 					$this->backendSetUC();		// Setting the UC array. It's needed with 
fetchGroupData first, due to default/overriding of values.
 					$this->emailAtLogin();		// email at login - if option set.
 				} else {

This is not tested, just an idea. I am not sure what I like more: just 
allowing _cli_ users or adding a set of states. Just allowing can be 
easier.

-- 
Dmitry Dulepov
"Trust me, I am a doctor!" (c) Gregory House, M.D.