diff --git a/typo3/sysext/adminpanel/Classes/Repositories/FrontendGroupsRepository.php b/typo3/sysext/adminpanel/Classes/Repositories/FrontendGroupsRepository.php
index 395a84ce8dfc153c8d348a6871eaa91590fc55b4..2b2b12569e5accd71643b4befd279a25dd42dd10 100644
--- a/typo3/sysext/adminpanel/Classes/Repositories/FrontendGroupsRepository.php
+++ b/typo3/sysext/adminpanel/Classes/Repositories/FrontendGroupsRepository.php
@@ -19,7 +19,6 @@ namespace TYPO3\CMS\Adminpanel\Repositories;
use TYPO3\CMS\Backend\FrontendBackendUserAuthentication;
use TYPO3\CMS\Core\Database\ConnectionPool;
-use TYPO3\CMS\Core\Database\Query\Restriction\DeletedRestriction;
use TYPO3\CMS\Core\Type\Bitmask\Permission;
use TYPO3\CMS\Core\Utility\GeneralUtility;
@@ -58,10 +57,6 @@ class FrontendGroupsRepository
$queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)
->getQueryBuilderForTable('fe_groups');
- $queryBuilder->getRestrictions()
- ->removeAll()
- ->add(GeneralUtility::makeInstance(DeletedRestriction::class));
-
$optionCount = $queryBuilder->count('fe_groups.uid')
->from('fe_groups', 'fe_groups')
->innerJoin(
@@ -90,10 +85,6 @@ class FrontendGroupsRepository
$queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)
->getQueryBuilderForTable('fe_groups');
- $queryBuilder->getRestrictions()
- ->removeAll()
- ->add(GeneralUtility::makeInstance(DeletedRestriction::class));
-
return $queryBuilder->select('fe_groups.uid', 'fe_groups.title')
->from('fe_groups')
->innerJoin(
diff --git a/typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php b/typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php
index 948e5440c8d72847846b7461d9baecf591f40eb1..427c3e2d1291cfbc93aa25afc852416cd4e00983 100644
--- a/typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php
+++ b/typo3/sysext/core/Classes/Authentication/AbstractUserAuthentication.php
@@ -114,11 +114,6 @@ abstract class AbstractUserAuthentication implements LoggerAwareInterface
'deleted' => '',
];
- /**
- * @var bool
- */
- public $showHiddenRecords = false;
-
/**
* Form field with login-name
* @var string
@@ -1306,7 +1301,6 @@ abstract class AbstractUserAuthentication implements LoggerAwareInterface
$authInfo['HTTP_HOST'] = GeneralUtility::getIndpEnv('HTTP_HOST');
$authInfo['REMOTE_ADDR'] = GeneralUtility::getIndpEnv('REMOTE_ADDR');
$authInfo['REMOTE_HOST'] = GeneralUtility::getIndpEnv('REMOTE_HOST');
- $authInfo['showHiddenRecords'] = $this->showHiddenRecords;
// Can be overridden in localconf by SVCONF:
$authInfo['db_user']['table'] = $this->user_table;
$authInfo['db_user']['userid_column'] = $this->userid_column;
diff --git a/typo3/sysext/core/Classes/Authentication/AuthenticationService.php b/typo3/sysext/core/Classes/Authentication/AuthenticationService.php
index 6f757381364fbdb3b99df74036a137c105f4e32c..5d5e0175477d5b462e0bc77123fe6fa7019fb97c 100644
--- a/typo3/sysext/core/Classes/Authentication/AuthenticationService.php
+++ b/typo3/sysext/core/Classes/Authentication/AuthenticationService.php
@@ -19,7 +19,6 @@ use TYPO3\CMS\Core\Crypto\PasswordHashing\InvalidPasswordHashException;
use TYPO3\CMS\Core\Crypto\PasswordHashing\PasswordHashFactory;
use TYPO3\CMS\Core\Database\Connection;
use TYPO3\CMS\Core\Database\ConnectionPool;
-use TYPO3\CMS\Core\Database\Query\Restriction\HiddenRestriction;
use TYPO3\CMS\Core\SysLog\Action\Login as SystemLogLoginAction;
use TYPO3\CMS\Core\SysLog\Error as SystemLogErrorClassification;
use TYPO3\CMS\Core\SysLog\Type as SystemLogType;
@@ -199,9 +198,6 @@ class AuthenticationService extends AbstractAuthenticationService
$this->logger->debug('Get usergroups with id: ' . implode(',', $groups));
$queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)
->getQueryBuilderForTable($this->db_groups['table']);
- if (!empty($this->authInfo['showHiddenRecords'])) {
- $queryBuilder->getRestrictions()->removeByType(HiddenRestriction::class);
- }
$res = $queryBuilder->select('*')
->from($this->db_groups['table'])
@@ -237,9 +233,6 @@ class AuthenticationService extends AbstractAuthenticationService
{
// Fetching records of the groups in $grList:
$queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('fe_groups');
- if (!empty($this->authInfo['showHiddenRecords'])) {
- $queryBuilder->getRestrictions()->removeByType(HiddenRestriction::class);
- }
$res = $queryBuilder
->select('uid', 'subgroup')
diff --git a/typo3/sysext/core/Documentation/Changelog/master/Breaking-92499-AdminPanelDoesNotPreviewHiddenFrontendUserGroups.rst b/typo3/sysext/core/Documentation/Changelog/master/Breaking-92499-AdminPanelDoesNotPreviewHiddenFrontendUserGroups.rst
new file mode 100644
index 0000000000000000000000000000000000000000..85e8f1464e6b894b6742d056423aa32e0a0c4cca
--- /dev/null
+++ b/typo3/sysext/core/Documentation/Changelog/master/Breaking-92499-AdminPanelDoesNotPreviewHiddenFrontendUserGroups.rst
@@ -0,0 +1,44 @@
+.. include:: ../../Includes.txt
+
+==========================================================================
+Breaking: #92499 - AdminPanel does not preview hidden Frontend User Groups
+==========================================================================
+
+See :issue:`92499`
+
+Description
+===========
+
+Admin Panel previously allowed to also render a page with frontend groups that
+were hidden / disabled. This feature has been removed,
+in order to ensure consistency for the authentication process.
+
+The AbstractUserAuthentication property `showHiddenRecords` which
+was used to transfer this information is removed.
+
+
+Impact
+======
+
+The Admin Panel selector now only shows a list of non-hidden groups
+to simulate from.
+
+Using the removed PHP property `showHiddenRecords` will result
+in a PHP notice.
+
+
+Affected Installations
+======================
+
+TYPO3 installations with Admin Panel activated and Frontend Groups
+that are disabled.
+
+
+Migration
+=========
+
+It is recommended to include groups where no user is assigned to
+for simulation purposes, if this feature is needed to preview
+content.
+
+.. index:: Frontend, ext:adminpanel, FullyScanned
diff --git a/typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php b/typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php
index 927ccdee284088033d599705a923228858e367be..3f169441db9a35906fa0c02885b8f374ca961486 100644
--- a/typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php
+++ b/typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php
@@ -658,8 +658,6 @@ class TypoScriptFrontendController implements LoggerAwareInterface
public function initUserGroups()
{
$userGroups = [0];
- // This affects the hidden-flag selecting the fe_groups for the user!
- $this->fe_user->showHiddenRecords = $this->context->getPropertyFromAspect('visibility', 'includeHiddenContent', false);
// no matter if we have an active user we try to fetch matching groups which can be set without an user (simulation for instance!)
$this->fe_user->fetchGroupData();
$isUserAndGroupSet = is_array($this->fe_user->user) && !empty($this->fe_user->groupData['uid']);
diff --git a/typo3/sysext/install/Configuration/ExtensionScanner/Php/PropertyPublicMatcher.php b/typo3/sysext/install/Configuration/ExtensionScanner/Php/PropertyPublicMatcher.php
index 25bd51e54186ede0189fdd80720d150a71925c08..6c6e8e19f402dcfdf952d0d27256161c284abf46 100644
--- a/typo3/sysext/install/Configuration/ExtensionScanner/Php/PropertyPublicMatcher.php
+++ b/typo3/sysext/install/Configuration/ExtensionScanner/Php/PropertyPublicMatcher.php
@@ -690,4 +690,9 @@ return [
'Breaking-91563-PHP-basedJSCSSInclusionsForFrontendRemoved.rst'
],
],
+ 'TYPO3\CMS\Core\Authentication\AbstractUserAuthentication->showHiddenRecords' => [
+ 'restFiles' => [
+ 'Breaking-92499-AdminPanelDoesNotPreviewHiddenFrontendUserGroups.rst'
+ ],
+ ],
];