[BUGFIX] Initialize AdminPanel only if enabled by user

The admin panel can be disabled via the frontend UI by
click. When the admin panel is disabled the initialize
methods should not be called. This has been fixed.

Resolves: #85104
Releases: master
Change-Id: I966b5887b03b4fb8d3f63e9556b00a37384f9dfc
Reviewed-on: https://review.typo3.org/57077


Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>

typo3/sysext/adminpanel/Classes/Middleware/AdminPanelInitiator.php

@@ -43,13 +43,15 @@ class AdminPanelInitiator implements MiddlewareInterface
     public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
     {
         if ($GLOBALS['BE_USER'] instanceof FrontendBackendUserAuthentication) {
-
-            // Initialize admin panel since simulation settings are required here
             $beUser = $GLOBALS['BE_USER'];
             // set legacy config
             $beUser->extAdminConfig = $beUser->getTSConfig()['admPanel.'] ?? [];
             $adminPanelConfiguration = $beUser->extAdminConfig;
-            if (isset($adminPanelConfiguration['enable.'])) {
+            if (isset($adminPanelConfiguration['enable.']) &&
+                ($beUser->uc['TSFE_adminConfig']['display_top'] ?? false) &&
+                ($GLOBALS['TSFE']->config['config']['admPanel'] ?? false)
+            ) {
+                // only initialize if at least one module is enabled.
                 foreach ($adminPanelConfiguration['enable.'] as $value) {
                     if ($value) {
                         $adminPanelController = GeneralUtility::makeInstance(

typo3/sysext/adminpanel/Tests/Unit/Middleware/AdminPanelInitiatorTest.php

+<?php
+declare(strict_types = 1);
+
+namespace TYPO3\CMS\Adminpanel\Tests\Unit\Middleware;
+
+use Prophecy\Argument;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Server\RequestHandlerInterface;
+use TYPO3\CMS\Adminpanel\Controller\MainController;
+use TYPO3\CMS\Adminpanel\Middleware\AdminPanelInitiator;
+use TYPO3\CMS\Adminpanel\View\AdminPanelView;
+use TYPO3\CMS\Backend\FrontendBackendUserAuthentication;
+use TYPO3\CMS\Core\Http\ServerRequest;
+use TYPO3\CMS\Core\Utility\GeneralUtility;
+use TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController;
+use TYPO3\TestingFramework\Core\Unit\UnitTestCase;
+
+class AdminPanelInitiatorTest extends UnitTestCase
+{
+
+    /**
+     * @test
+     */
+    public function processCallsInitialize(): void
+    {
+        $tsConfig = [
+            'admPanel.' => [
+                'enable.' => [
+                    'all',
+                ],
+            ],
+        ];
+        $uc = [
+            'TSFE_adminConfig' => [
+                'display_top' => true
+            ]
+        ];
+        $typoScript = [
+            'config' => [
+                'admPanel' => 1
+            ]
+        ];
+        $userAuthentication = $this->prophesize(FrontendBackendUserAuthentication::class);
+        $userAuthentication->getTSConfig(Argument::any())->willReturn($tsConfig);
+        $userAuthentication->uc = $uc;
+        $GLOBALS['BE_USER'] = $userAuthentication->reveal();
+
+        $tsfe = $this->prophesize(TypoScriptFrontendController::class);
+        $tsfe->config = $typoScript;
+        $GLOBALS['TSFE'] = $tsfe;
+
+        $controller = $this->prophesize(MainController::class);
+        GeneralUtility::setSingletonInstance(MainController::class, $controller->reveal());
+        GeneralUtility::addInstance(AdminPanelView::class, $this->prophesize(AdminPanelView::class)->reveal());
+        $handler = $this->prophesizeHandler();
+        $request = $this->prophesize(ServerRequest::class);
+        // Act
+        $adminPanelInitiator = new AdminPanelInitiator();
+        $adminPanelInitiator->process(
+            $request->reveal(),
+            $handler->reveal()
+        );
+        // Assert
+        $controller->initialize(Argument::any())->shouldHaveBeenCalled();
+    }
+
+    /**
+     * @test
+     */
+    public function processDoesNotCallInitializeIfAdminPanelIsNotEnabledInTypoScript(): void
+    {
+        $tsConfig = [
+            'admPanel.' => [
+                'enable.' => [
+                    'all',
+                ],
+            ],
+        ];
+        $uc = [
+            'TSFE_adminConfig' => [
+                'display_top' => true
+            ]
+        ];
+        $typoScript = [
+            'config' => [
+                'admPanel' => 0
+            ]
+        ];
+        $this->checkAdminPanelDoesNotCallInitialize($tsConfig, $uc, $typoScript);
+    }
+
+    /**
+     * @test
+     */
+    public function processDoesNotCallInitializeIfAdminPanelIsNotEnabledInUC(): void
+    {
+        $tsConfig = [
+            'admPanel.' => [
+                'enable.' => [
+                    'all',
+                ],
+            ],
+        ];
+        $uc = [
+            'TSFE_adminConfig' => [
+                'display_top' => false
+            ]
+        ];
+        $typoScript = [
+            'config' => [
+                'admPanel' => 1
+            ]
+        ];
+        $this->checkAdminPanelDoesNotCallInitialize($tsConfig, $uc, $typoScript);
+    }
+
+    /**
+     * @test
+     */
+    public function processDoesNotCallInitializeIfNoAdminPanelModuleIsEnabled(): void
+    {
+        $tsConfig = [
+            'admPanel.' => [],
+        ];
+        $uc = [
+            'TSFE_adminConfig' => [
+                'display_top' => true
+            ]
+        ];
+        $typoScript = [
+            'config' => [
+                'admPanel' => 1
+            ]
+        ];
+        $this->checkAdminPanelDoesNotCallInitialize($tsConfig, $uc, $typoScript);
+    }
+
+    /**
+     * @param $tsConfig
+     * @param $uc
+     * @param $typoScript
+     */
+    protected function checkAdminPanelDoesNotCallInitialize($tsConfig, $uc, $typoScript): void
+    {
+        $userAuthentication = $this->prophesize(FrontendBackendUserAuthentication::class);
+        $userAuthentication->getTSConfig(Argument::any())->willReturn($tsConfig);
+        $userAuthentication->uc = $uc;
+        $GLOBALS['BE_USER'] = $userAuthentication->reveal();
+
+        $tsfe = $this->prophesize(TypoScriptFrontendController::class);
+        $tsfe->config = $typoScript;
+        $GLOBALS['TSFE'] = $tsfe;
+
+        $controller = $this->prophesize(MainController::class);
+        GeneralUtility::setSingletonInstance(MainController::class, $controller->reveal());
+        $handler = $this->prophesizeHandler();
+        $request = $this->prophesize(ServerRequest::class);
+        // Act
+        $adminPanelInitiator = new AdminPanelInitiator();
+        $adminPanelInitiator->process(
+            $request->reveal(),
+            $handler->reveal()
+        );
+        // Assert
+        $controller->initialize(Argument::any())->shouldNotHaveBeenCalled();
+    }
+
+    /**
+     * @return \Prophecy\Prophecy\ObjectProphecy|\Psr\Http\Server\RequestHandlerInterface
+     */
+    protected function prophesizeHandler()
+    {
+        $handler = $this->prophesize(RequestHandlerInterface::class);
+        $handler
+            ->handle(Argument::any())
+            ->willReturn(
+                $this->prophesize(ResponseInterface::class)->reveal()
+            );
+        return $handler;
+    }
+}