[TYPO3-english] Direct links to the backend pages (a question for Typo3 gurus)

Discussion:

Momchil Van

2017-04-21 06:39:55 UTC

Hello dear Typo3 gurus :)

I need to find a way to generate and send links, which should open the default screen(the one with the content elements) for specific backend pages.

For example:
I need a link like http://dev.domain/typo3/index.php?edit=123, which should directly open the backend page view of page with ID 123.
I have to send these links to editors and if the editor is not logged, the default backend login screen should appear.

I am wondering if such links already exist in Typo3 v7 (or v8) ?

What I found so far is that I can generate these links with:
$url = BackendUtility::getModuleUrl('web_layout', array('id' => 123));
This generates something like:
"typo3/index.php?M=web_layout&moduleToken=bd866d6ec7fe3247f601f374794f3c9512d19c9b&id=123"

This solution has several issues:

1. This is only the link of the main typo3 backend frame (without the typo3 left and top backend navigation).
If I prepend the domain and open the link:
http://dev.domain/typo3/index.php?M=web_layout&moduleToken=bd866d6ec7fe3247f601f374794f3c9512d19c9b&id=123
I see only the main frame with the page content elements.
How can I generate the full link, which should show also the missing typo3 backend sidebars ?

2. This works only in Firefox, in Chrome I get an error like: "The CSRF protection token for the requested module is missing or invalid"

3. This does not work if the editor is not already logged in the backend

Do you have any ideas about any working solution ?

Thank you in advance.

David Bruchmann

2017-04-21 10:39:39 UTC

Permalink

Hi,

is it right that actually you're asking how to make TYPO3 more insecure than it ever has been?

Over years there have been found many issues concerning security and since some years even an own team is working on security.
Now you're asking how to circumvent any prevention that anyone can edit any page even without login.

I think if you really want to realize this, the right way is to move editing in the frontend. There you can easier create any kind of links, ignore security related issues even you you shouldn't and if you change your mind you shut down one extension only and the system is secure again.

Best,
David

David Bruchmann

2017-04-21 10:55:02 UTC

Permalink

Perhaps this short discussion is helping: https://forum.typo3.org/index.php?t=msg&th=215905&#msg_749633

Momchil Van

2017-04-21 11:58:15 UTC

Permalink

David,

You misunderstand my post.

I do not want to make Typo3 insecure and for sure I do not want to allow any kind of backend access without login.

The idea is to have links, which can directly point you to a specific page view inside the backend.
And if the backend user is not logged, Typo3 should prompt you first with its default login screen and then redirect you
to a specific place.

I think this already exists in some of other big CMSes out there and I do not see any kind of insecurity.

David Bruchmann

2017-04-21 12:30:37 UTC

Permalink

Hi,

sorry for misunderstanding, perhaps the following detaill is helping a bit:

Typo3 is design to show the main-content always in a frame, therefore you never see the deep-links in the browser's url-bar.
It's possible to open the mainframe in a new window and only rarely the has a negative impact on the content.
It's also possible to bookmark many pages with click on a star.
Sending these links could be working but as you mentioned the hash could be "confusing" for TYPO3. Furthermore there is a redirect in TYPO3 missing, you're redirected to the login-mask if not logged in, but you're not directed to the page you called before, could be that there is an extension existing for deep-links in the backend, but I never know about it then.

Independent from that it's possible to define a standard-page editors see when they open the backend. Also you can define tasks in the taskcenter, this is probably the nearest existing solution fitting to your request. For this you've to enable the extension "taskcenter".

Best,
David

Mark Boland

2017-04-21 12:48:14 UTC

Permalink

Hi Momchil,

there was an extension named wstaskcenter [1] from Kasper, that you could use to delegate a list of tasks to users right with deep links to pages in page or list view for editing/reviewing.

It’s not maintained since 2007, but its code could be a starting point to build something like this.

Cheers,
Mark

[1] https://typo3.org/extensions/repository/view/wstaskcenter

Am 21.04.17, 14:30 schrieb "David Bruchmann" <typo3-english-***@lists.typo3.org im Auftrag von ***@gmail.com>:

Hi,

sorry for misunderstanding, perhaps the following detaill is helping a bit:

Typo3 is design to show the main-content always in a frame, therefore you never see the deep-links in the browser's url-bar.
It's possible to open the mainframe in a new window and only rarely the has a negative impact on the content.
It's also possible to bookmark many pages with click on a star.
Sending these links could be working but as you mentioned the hash could be "confusing" for TYPO3. Furthermore there is a redirect in TYPO3 missing, you're redirected to the login-mask if not logged in, but you're not directed to the page you called before, could be that there is an extension existing for deep-links in the backend, but I never know about it then.

Independent from that it's possible to define a standard-page editors see when they open the backend. Also you can define tasks in the taskcenter, this is probably the nearest existing solution fitting to your request. For this you've to enable the extension "taskcenter".

Best,
David

_______________________________________________
TYPO3-english mailing list
TYPO3-***@lists.typo3.org
http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-english

S. G.

2017-09-04 14:03:01 UTC

Permalink

Hi Momchil,

are you now able to create a direct link to a backend page ?
I'm really interrested in.

If yes, can you explain how ?
if not, :(

Cheers,
Goods