From 59b0ac836f1fbe3a316c477bceb10f36e8059508 Mon Sep 17 00:00:00 2001
From: Alexander Stehlik <alexander.stehlik@gmail.com>
Date: Mon, 18 Nov 2019 20:10:01 +0100
Subject: [PATCH] [BUGFIX] Always allow dividers in TCA auth mode check
This brings back the optgroups in the CType and list_type fields
for normal editors.
Additionally some tests for checkAuthMode are added.
Releases: master, 9.5
Resolves: #89707
Change-Id: Ib3e6dbf3598ad767910161225a31ad2db939b3d6
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/62342
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Susanne Moog <look@susi.dev>
Tested-by: Daniel Goerz <daniel.goerz@posteo.de>
Reviewed-by: Susanne Moog <look@susi.dev>
Reviewed-by: Daniel Goerz <daniel.goerz@posteo.de>
---
.../BackendUserAuthentication.php | 4 +
.../BackendUserAuthenticationTest.php | 75 +++++++++++++++++++
2 files changed, 79 insertions(+)
diff --git a/typo3/sysext/core/Classes/Authentication/BackendUserAuthentication.php b/typo3/sysext/core/Classes/Authentication/BackendUserAuthentication.php
index 48910292cd20..5829287553d0 100644
--- a/typo3/sysext/core/Classes/Authentication/BackendUserAuthentication.php
+++ b/typo3/sysext/core/Classes/Authentication/BackendUserAuthentication.php
@@ -658,6 +658,10 @@ class BackendUserAuthentication extends AbstractUserAuthentication
if ((string)$value === '') {
return true;
}
+ // Allow dividers:
+ if ($value === '--div--') {
+ return true;
+ }
// Certain characters are not allowed in the value
if (preg_match('/[:|,]/', $value)) {
return false;
diff --git a/typo3/sysext/core/Tests/Unit/Authentication/BackendUserAuthenticationTest.php b/typo3/sysext/core/Tests/Unit/Authentication/BackendUserAuthenticationTest.php
index 843b5922f20e..b4c42a3b957c 100644
--- a/typo3/sysext/core/Tests/Unit/Authentication/BackendUserAuthenticationTest.php
+++ b/typo3/sysext/core/Tests/Unit/Authentication/BackendUserAuthenticationTest.php
@@ -15,6 +15,7 @@ namespace TYPO3\CMS\Core\Tests\Unit\Authentication;
* The TYPO3 project - inspiring people to share!
*/
+use PHPUnit\Framework\MockObject\MockObject;
use Prophecy\Argument;
use Prophecy\Prophecy\ObjectProphecy;
use Psr\Log\NullLogger;
@@ -780,4 +781,78 @@ class BackendUserAuthenticationTest extends UnitTestCase
self::assertEquals($expected, $subject->getPagePermsClause($perms));
}
+
+ /**
+ * @test
+ * @dataProvider checkAuthModeReturnsExpectedValueDataProvider
+ * @param string $theValue
+ * @param string $authMode
+ * @param bool $expectedResult
+ */
+ public function checkAuthModeReturnsExpectedValue(string $theValue, string $authMode, bool $expectedResult)
+ {
+ /** @var BackendUserAuthentication|MockObject $subject */
+ $subject = $this->getMockBuilder(BackendUserAuthentication::class)
+ ->disableOriginalConstructor()
+ ->onlyMethods(['isAdmin'])
+ ->getMock();
+
+ $subject
+ ->expects(self::any())
+ ->method('isAdmin')
+ ->willReturn(false);
+
+ $subject->groupData['explicit_allowdeny'] =
+ 'dummytable:dummyfield:explicitly_allowed_value:ALLOW,'
+ . 'dummytable:dummyfield:explicitly_denied_value:DENY';
+
+ $result = $subject->checkAuthMode('dummytable', 'dummyfield', $theValue, $authMode);
+ self::assertEquals($expectedResult, $result);
+ }
+
+ public function checkAuthModeReturnsExpectedValueDataProvider(): array
+ {
+ return [
+ 'explicit allow, not allowed value' => [
+ 'non_allowed_field',
+ 'explicitAllow',
+ false,
+ ],
+ 'explicit allow, allowed value' => [
+ 'explicitly_allowed_value',
+ 'explicitAllow',
+ true,
+ ],
+ 'explicit deny, not denied value' => [
+ 'non_denied_field',
+ 'explicitDeny',
+ true,
+ ],
+ 'explicit deny, denied value' => [
+ 'explicitly_denied_value',
+ 'explicitDeny',
+ false,
+ ],
+ 'invalid value colon' => [
+ 'containing:invalid:chars',
+ 'does not matter',
+ false,
+ ],
+ 'invalid value comma' => [
+ 'containing,invalid,chars',
+ 'does not matter',
+ false,
+ ],
+ 'blank value' => [
+ '',
+ 'does not matter',
+ true,
+ ],
+ 'divider' => [
+ '--div--',
+ 'explicitAllow',
+ true,
+ ],
+ ];
+ }
}
--
GitLab