search

IchHabRecht / begroups_roles

TYPO3-Extension to use backend user groups as switchable roles
GNU General Public License v2.0
6 stars 5 forks source link

Incompatibility with be_acl #9

Open baschny opened 6 years ago

baschny commented 6 years ago

Having begroups_roles and be_acl installed together makes the permissions not load correctly when switching roles (resulting in the editor getting "permission denied" when performing certain actions, i.e. saving a record.

I also reported this for be_acl here: https://forge.typo3.org/issues/83784

Maybe there is a way to make both extensions "collaborate" around this issue?

JanBartels commented 6 years ago

See my comments on Forge.

IchHabRecht commented 6 years ago

Hi @baschny,

Would you mind to explain what I need to do to reproduce your problem?

@JanBartels by reading the issue (without knowledge of the extension) I got the feeling, that your cache identifier may be wrong.

JanBartels commented 6 years ago

The cache identifier is built from the BE-user's uid and the requested permissions. What do you suggest? Shall the usergroup_cached_list be included in the identifier to solve this issue?

baschny commented 6 years ago

@IchHabRecht reproduce:

  1. Install both extensions (begroups_roles and be_acl).

  2. Use the option to not allow the user to access "All Groups".

  3. Create two groups with conflicting permissions (different allowed page trees), make them both roles for an user.

  4. Clear the cache and login with the user and make sure one of the groups is applied.

  5. Check the file cache if the group permissions were stored in cache (var/Cache/Data/tx_*be_acl*...).

  6. Switch to the other group and try to save some record. You will get an permission error deplayed, as TYPO3 tries to check the permissions to save some record on that PID.

Note: Make sure you don't have "redis" PHP extension installed, because in this case be_acl "auto-configures" the caching to use redis backend (with no configured options) and thus the cache will not apply (see https://github.com/JanBartels/be_acl/blob/master/ext_localconf.php#L33-L36).

Disable the Cache (or make it transient) and try again:

$GLOBALS['TYPO3_CONF_VARS']['SYS']['caching']['cacheConfigurations']['tx_be_acl_timestamp']['backend'] =
    'TYPO3\\CMS\\Core\\Cache\\Backend\\TransientMemoryBackend';
$GLOBALS['TYPO3_CONF_VARS']['SYS']['caching']['cacheConfigurations']['tx_be_acl_permissions']['backend'] =
    'TYPO3\\CMS\\Core\\Cache\\Backend\\TransientMemoryBackend';