From 40d0c292659906c18dc1b047aa0b44b4a05c43bb Mon Sep 17 00:00:00 2001
From: Susanne Moog <susanne.moog@typo3.org>
Date: Mon, 28 May 2018 22:29:19 +0200
Subject: [PATCH] [BUGFIX] Initialize AdminPanel only if enabled by user
The admin panel can be disabled via the frontend UI by
click. When the admin panel is disabled the initialize
methods should not be called. This has been fixed.
Resolves: #85104
Releases: master
Change-Id: I966b5887b03b4fb8d3f63e9556b00a37384f9dfc
Reviewed-on: https://review.typo3.org/57077
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
---
.../Middleware/AdminPanelInitiator.php | 8 +-
.../Middleware/AdminPanelInitiatorTest.php | 181 ++++++++++++++++++
2 files changed, 186 insertions(+), 3 deletions(-)
create mode 100644 typo3/sysext/adminpanel/Tests/Unit/Middleware/AdminPanelInitiatorTest.php
diff --git a/typo3/sysext/adminpanel/Classes/Middleware/AdminPanelInitiator.php b/typo3/sysext/adminpanel/Classes/Middleware/AdminPanelInitiator.php
index e4ee084c951f..0a4270468f7b 100644
--- a/typo3/sysext/adminpanel/Classes/Middleware/AdminPanelInitiator.php
+++ b/typo3/sysext/adminpanel/Classes/Middleware/AdminPanelInitiator.php
@@ -43,13 +43,15 @@ class AdminPanelInitiator implements MiddlewareInterface
public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
{
if ($GLOBALS['BE_USER'] instanceof FrontendBackendUserAuthentication) {
-
- // Initialize admin panel since simulation settings are required here
$beUser = $GLOBALS['BE_USER'];
// set legacy config
$beUser->extAdminConfig = $beUser->getTSConfig()['admPanel.'] ?? [];
$adminPanelConfiguration = $beUser->extAdminConfig;
- if (isset($adminPanelConfiguration['enable.'])) {
+ if (isset($adminPanelConfiguration['enable.']) &&
+ ($beUser->uc['TSFE_adminConfig']['display_top'] ?? false) &&
+ ($GLOBALS['TSFE']->config['config']['admPanel'] ?? false)
+ ) {
+ // only initialize if at least one module is enabled.
foreach ($adminPanelConfiguration['enable.'] as $value) {
if ($value) {
$adminPanelController = GeneralUtility::makeInstance(
diff --git a/typo3/sysext/adminpanel/Tests/Unit/Middleware/AdminPanelInitiatorTest.php b/typo3/sysext/adminpanel/Tests/Unit/Middleware/AdminPanelInitiatorTest.php
new file mode 100644
index 000000000000..e0436c9d95b2
--- /dev/null
+++ b/typo3/sysext/adminpanel/Tests/Unit/Middleware/AdminPanelInitiatorTest.php
@@ -0,0 +1,181 @@
+<?php
+declare(strict_types = 1);
+
+namespace TYPO3\CMS\Adminpanel\Tests\Unit\Middleware;
+
+use Prophecy\Argument;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Server\RequestHandlerInterface;
+use TYPO3\CMS\Adminpanel\Controller\MainController;
+use TYPO3\CMS\Adminpanel\Middleware\AdminPanelInitiator;
+use TYPO3\CMS\Adminpanel\View\AdminPanelView;
+use TYPO3\CMS\Backend\FrontendBackendUserAuthentication;
+use TYPO3\CMS\Core\Http\ServerRequest;
+use TYPO3\CMS\Core\Utility\GeneralUtility;
+use TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController;
+use TYPO3\TestingFramework\Core\Unit\UnitTestCase;
+
+class AdminPanelInitiatorTest extends UnitTestCase
+{
+
+ /**
+ * @test
+ */
+ public function processCallsInitialize(): void
+ {
+ $tsConfig = [
+ 'admPanel.' => [
+ 'enable.' => [
+ 'all',
+ ],
+ ],
+ ];
+ $uc = [
+ 'TSFE_adminConfig' => [
+ 'display_top' => true
+ ]
+ ];
+ $typoScript = [
+ 'config' => [
+ 'admPanel' => 1
+ ]
+ ];
+ $userAuthentication = $this->prophesize(FrontendBackendUserAuthentication::class);
+ $userAuthentication->getTSConfig(Argument::any())->willReturn($tsConfig);
+ $userAuthentication->uc = $uc;
+ $GLOBALS['BE_USER'] = $userAuthentication->reveal();
+
+ $tsfe = $this->prophesize(TypoScriptFrontendController::class);
+ $tsfe->config = $typoScript;
+ $GLOBALS['TSFE'] = $tsfe;
+
+ $controller = $this->prophesize(MainController::class);
+ GeneralUtility::setSingletonInstance(MainController::class, $controller->reveal());
+ GeneralUtility::addInstance(AdminPanelView::class, $this->prophesize(AdminPanelView::class)->reveal());
+ $handler = $this->prophesizeHandler();
+ $request = $this->prophesize(ServerRequest::class);
+ // Act
+ $adminPanelInitiator = new AdminPanelInitiator();
+ $adminPanelInitiator->process(
+ $request->reveal(),
+ $handler->reveal()
+ );
+ // Assert
+ $controller->initialize(Argument::any())->shouldHaveBeenCalled();
+ }
+
+ /**
+ * @test
+ */
+ public function processDoesNotCallInitializeIfAdminPanelIsNotEnabledInTypoScript(): void
+ {
+ $tsConfig = [
+ 'admPanel.' => [
+ 'enable.' => [
+ 'all',
+ ],
+ ],
+ ];
+ $uc = [
+ 'TSFE_adminConfig' => [
+ 'display_top' => true
+ ]
+ ];
+ $typoScript = [
+ 'config' => [
+ 'admPanel' => 0
+ ]
+ ];
+ $this->checkAdminPanelDoesNotCallInitialize($tsConfig, $uc, $typoScript);
+ }
+
+ /**
+ * @test
+ */
+ public function processDoesNotCallInitializeIfAdminPanelIsNotEnabledInUC(): void
+ {
+ $tsConfig = [
+ 'admPanel.' => [
+ 'enable.' => [
+ 'all',
+ ],
+ ],
+ ];
+ $uc = [
+ 'TSFE_adminConfig' => [
+ 'display_top' => false
+ ]
+ ];
+ $typoScript = [
+ 'config' => [
+ 'admPanel' => 1
+ ]
+ ];
+ $this->checkAdminPanelDoesNotCallInitialize($tsConfig, $uc, $typoScript);
+ }
+
+ /**
+ * @test
+ */
+ public function processDoesNotCallInitializeIfNoAdminPanelModuleIsEnabled(): void
+ {
+ $tsConfig = [
+ 'admPanel.' => [],
+ ];
+ $uc = [
+ 'TSFE_adminConfig' => [
+ 'display_top' => true
+ ]
+ ];
+ $typoScript = [
+ 'config' => [
+ 'admPanel' => 1
+ ]
+ ];
+ $this->checkAdminPanelDoesNotCallInitialize($tsConfig, $uc, $typoScript);
+ }
+
+ /**
+ * @param $tsConfig
+ * @param $uc
+ * @param $typoScript
+ */
+ protected function checkAdminPanelDoesNotCallInitialize($tsConfig, $uc, $typoScript): void
+ {
+ $userAuthentication = $this->prophesize(FrontendBackendUserAuthentication::class);
+ $userAuthentication->getTSConfig(Argument::any())->willReturn($tsConfig);
+ $userAuthentication->uc = $uc;
+ $GLOBALS['BE_USER'] = $userAuthentication->reveal();
+
+ $tsfe = $this->prophesize(TypoScriptFrontendController::class);
+ $tsfe->config = $typoScript;
+ $GLOBALS['TSFE'] = $tsfe;
+
+ $controller = $this->prophesize(MainController::class);
+ GeneralUtility::setSingletonInstance(MainController::class, $controller->reveal());
+ $handler = $this->prophesizeHandler();
+ $request = $this->prophesize(ServerRequest::class);
+ // Act
+ $adminPanelInitiator = new AdminPanelInitiator();
+ $adminPanelInitiator->process(
+ $request->reveal(),
+ $handler->reveal()
+ );
+ // Assert
+ $controller->initialize(Argument::any())->shouldNotHaveBeenCalled();
+ }
+
+ /**
+ * @return \Prophecy\Prophecy\ObjectProphecy|\Psr\Http\Server\RequestHandlerInterface
+ */
+ protected function prophesizeHandler()
+ {
+ $handler = $this->prophesize(RequestHandlerInterface::class);
+ $handler
+ ->handle(Argument::any())
+ ->willReturn(
+ $this->prophesize(ResponseInterface::class)->reveal()
+ );
+ return $handler;
+ }
+}
--
GitLab