[TYPO3-core] RFC #3129: Bug: tslib_fe::checkPageGroupAccess() does not check rootLine for extendToSubpages

S. Teuber teuber at stibes.de
Thu Jun 10 23:01:57 CEST 2010 

This is an SVN patch request.

Type: Bugfix

Bugtracker references:
http://bugs.typo3.org/view.php?id=3129

Branches:
trunk


Problem:
tslib_fe::checkPageGroupAccess() is supposed to check if a supplied user
group has access to a given page. However, it only checks the given page's
fe_group-field, so it will return true only if the given group is entered
directly in the given page's "Access"-field. If a page is restricted as  
part
of a subtree to another page (with the "include subpages"-option in the
page properties of a parent page), checkPageGroupAccess() misses this
restriction because it does not traverse the rootLine.


Solution:
The issue can be solved by walking up the rootLine if the given page has
no fe_group, looking for a parent page that has fe_group and  
"extendToSubpages"
option set. If such a restricted parent page is found, the group check is
made on that page's properties.


Notes:
Issue & fix can be tested by building a small example page tree and setting
two links. Set up an example page tree:

- public [ID = 1]
- restricted [ID = 2]
  -- page 1 [ID = 3]
   --- subpage 1 [ID = 4]

Set up an feuser group somewhere.

Set page properties of page "restricted" to:
"Access" = feuser group
"Include subpages" = checked

Set TS template, SETUP:
typolinkLinkAccessRestrictedPages = 1
typolinkLinkAccessRestrictedPages_addParams = &redirect_url=###PAGE_ID###

Now, set a link on page "public" that points to "restricted".
Set a second link that points to "subpage 1".

The link pointing to "restricted" will have the params added correctly:
index.php?id=1&redirect_url=2

The link pointing to "subpage 1" will be wrong:
index.php?id=4

After patching, it will be correct:
index.php?id=1&redirect_url=4


Cheers,

Sven Teuber
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 3129.diff
Type: application/octet-stream
Size: 905 bytes
Desc: not available
URL: <http://lists.typo3.org/pipermail/typo3-team-core/attachments/20100610/0e340c06/attachment.obj>

More information about the TYPO3-team-core mailing list