[BUGFIX] Notify about wrong backend user group setting

An editor can't edit a plugin as long as the page content type "Insert
Plugin" isn't allowed for the backend user group even if the access to
a plugin is defined. This patch adds a notification about missing
configuration to improve usability for integrators.

Releases: master
Resolves: #61559
Change-Id: Id7c56c2514ec4525f731c101e8e6e7dbade274e1
Reviewed-on: http://review.typo3.org/41116


Reviewed-by: Susanne Moog <typo3@susannemoog.de>
Tested-by: Susanne Moog <typo3@susannemoog.de>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>

typo3/sysext/core/Classes/Hooks/BackendUserGroupIntegrityCheck.php

+<?php
+namespace TYPO3\CMS\Core\Hooks;
+
+/*
+ * This file is part of the TYPO3 CMS project.
+ *
+ * It is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License, either version 2
+ * of the License, or any later version.
+ *
+ * For the full copyright and license information, please read the
+ * LICENSE.txt file that was distributed with this source code.
+ *
+ * The TYPO3 project - inspiring people to share!
+ */
+
+use TYPO3\CMS\Backend\Utility\BackendUtility;
+use TYPO3\CMS\Core\DataHandling\DataHandler;
+use TYPO3\CMS\Core\Messaging\FlashMessage;
+use TYPO3\CMS\Core\Messaging\FlashMessageQueue;
+use TYPO3\CMS\Core\Messaging\FlashMessageService;
+use TYPO3\CMS\Core\SingletonInterface;
+use TYPO3\CMS\Core\Utility\GeneralUtility;
+use TYPO3\CMS\Core\Utility\StringUtility;
+use TYPO3\CMS\Lang\LanguageService;
+
+/**
+ * DataHandler hook class to check the integrity of submitted be_groups data
+ */
+class BackendUserGroupIntegrityCheck {
+
+	/**
+	 * @param string $status
+	 * @param string $table
+	 * @param int $id
+	 * @param array $fieldArray
+	 * @param DataHandler $parentObject
+	 */
+	public function processDatamap_afterDatabaseOperations($status, $table, $id, $fieldArray, $parentObject) {
+		if ($table !== 'be_groups' || $GLOBALS['TYPO3_CONF_VARS']['BE']['explicitADmode'] !== 'explicitAllow') {
+			return;
+		}
+
+		$backendUserGroup = BackendUtility::getRecord($table, $id, 'explicit_allowdeny');
+		$explicitAllowDenyFields = GeneralUtility::trimExplode(',', $backendUserGroup['explicit_allowdeny']);
+		foreach ($explicitAllowDenyFields as $value) {
+			if (StringUtility::beginsWith($value, 'tt_content:list_type:')) {
+				if (!in_array('tt_content:CType:list:ALLOW', $explicitAllowDenyFields, TRUE)) {
+					/** @var $flashMessage FlashMessage */
+					$flashMessage = GeneralUtility::makeInstance(
+						FlashMessage::class,
+						$this->getLanguageService()->sl('LLL:EXT:lang/locallang_core.xlf:error.backendUserGroupListTypeError.message'),
+						$this->getLanguageService()->sl('LLL:EXT:lang/locallang_core.xlf:error.backendUserGroupListTypeError.header'),
+						FlashMessage::WARNING,
+						TRUE
+					);
+					/** @var $flashMessageService FlashMessageService */
+					$flashMessageService = GeneralUtility::makeInstance(FlashMessageService::class);
+					/** @var $defaultFlashMessageQueue FlashMessageQueue */
+					$defaultFlashMessageQueue = $flashMessageService->getMessageQueueByIdentifier();
+					$defaultFlashMessageQueue->enqueue($flashMessage);
+				}
+				return;
+			}
+		}
+	}
+
+	/**
+	 * @return LanguageService
+	 */
+	protected function getLanguageService() {
+		return $GLOBALS['LANG'];
+	}
+
+}

typo3/sysext/core/ext_localconf.php

@@ -13,6 +13,7 @@ if (TYPO3_MODE === 'BE' && !(TYPO3_REQUESTTYPE & TYPO3_REQUESTTYPE_INSTALL)) {
 		'addUserPermissionsToStorage'
 	);
 	$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_tcemain.php']['processDatamapClass'][] = 'TYPO3\\CMS\\Core\\Resource\\Security\\FileMetadataPermissionsAspect';
+	$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_tcemain.php']['processDatamapClass'][] = 'TYPO3\\CMS\\Core\\Hooks\\BackendUserGroupIntegrityCheck';
 	$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['typo3/alt_doc.php']['makeEditForm_accessCheck'][] = 'TYPO3\\CMS\\Core\\Resource\\Security\\FileMetadataPermissionsAspect->isAllowedToShowEditForm';
 	$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_tceforms_inline.php']['checkAccess'][] = 'TYPO3\\CMS\\Core\\Resource\\Security\\FileMetadataPermissionsAspect->isAllowedToShowEditForm';
 	$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_tcemain.php']['checkModifyAccessList'][] = 'TYPO3\\CMS\\Core\\Resource\\Security\\FileMetadataPermissionsAspect';

typo3/sysext/lang/locallang_core.xlf

@@ -1143,6 +1143,12 @@ Check also the following points:\n
 			<trans-unit id="error.invalidEmail">
 				<source>"%s" is not a valid e-mail address.</source>
 			</trans-unit>
+			<trans-unit id="error.backendUserGroupListTypeError.header">
+				<source>Possible misconfiguration detected</source>
+			</trans-unit>
+			<trans-unit id="error.backendUserGroupListTypeError.message">
+				<source>Editing of at least one plugin was enabled but editing the page content type "Insert Plugin" is still disallowed. Group members won't be able to edit plugins unless you activate editing for the content type.</source>
+			</trans-unit>
 		</body>
 	</file>
 </xliff>