fix(debug): Restrict debug sidebar to backend users only (#433)

Copilot · skerbis · web-flow · commit f1e0303a848f · 2025-12-17T17:58:39.000+01:00
* Initial plan

* fix(debug): Restrict debug sidebar to backend users only

Co-authored-by: skerbis &lt;791247+skerbis@users.noreply.github.com&gt;

---------

Co-authored-by: copilot-swe-agent[bot] &lt;198982749+Copilot@users.noreply.github.com&gt;
Co-authored-by: skerbis &lt;791247+skerbis@users.noreply.github.com&gt;
diff --git a/fragments/ConsentManager/box_cssjs.php b/fragments/ConsentManager/box_cssjs.php
@@ -50,23 +50,29 @@
     $googleConsentModeScriptUrl = $addon->getAssetsUrl($googleConsentModeScriptFile);
     $googleConsentModeOutput .= '    <script src="' . $googleConsentModeScriptUrl . '" defer></script>' . PHP_EOL;
 
-    // Debug-Script laden wenn Debug-Modus aktiviert
+    // Debug-Script laden wenn Debug-Modus aktiviert UND User im Backend eingeloggt
     if (isset($consent_manager->domainInfo['google_consent_mode_debug'])
         && 1 === $consent_manager->domainInfo['google_consent_mode_debug']) {
-        $debugScriptUrl = $addon->getAssetsUrl('consent_debug.js');
-        $googleConsentModeOutput .= '    <script src="' . $debugScriptUrl . '" defer></script>' . PHP_EOL;
-
-        // Debug-Konfiguration für JavaScript verfügbar machen
-        $googleConsentModeOutput .= '    <script>' . PHP_EOL;
-        $googleConsentModeOutput .= '        window.consentManagerDebugConfig = ' . json_encode([
-            'mode' => $consent_manager->domainInfo['google_consent_mode_enabled'],
-            'auto_mapping' => $consent_manager->domainInfo['google_consent_mode_enabled'] === 'auto',
-            'debug_enabled' => true,
-            'domain' => rex_request::server('HTTP_HOST'),
-            'cache_log_id' => $consent_manager->cacheLogId,
-            'version' => $consent_manager->version,
-        ]) . ';' . PHP_EOL;
-        $googleConsentModeOutput .= '    </script>' . PHP_EOL;
+        // User für Frontend initialisieren
+        rex_backend_login::createUser();
+        
+        // Nur für eingeloggte Backend-Benutzer
+        if (rex_backend_login::hasSession() && null !== rex::getUser()) {
+            $debugScriptUrl = $addon->getAssetsUrl('consent_debug.js');
+            $googleConsentModeOutput .= '    <script src="' . $debugScriptUrl . '" defer></script>' . PHP_EOL;
+
+            // Debug-Konfiguration für JavaScript verfügbar machen
+            $googleConsentModeOutput .= '    <script>' . PHP_EOL;
+            $googleConsentModeOutput .= '        window.consentManagerDebugConfig = ' . json_encode([
+                'mode' => $consent_manager->domainInfo['google_consent_mode_enabled'],
+                'auto_mapping' => $consent_manager->domainInfo['google_consent_mode_enabled'] === 'auto',
+                'debug_enabled' => true,
+                'domain' => rex_request::server('HTTP_HOST'),
+                'cache_log_id' => $consent_manager->cacheLogId,
+                'version' => $consent_manager->version,
+            ]) . ';' . PHP_EOL;
+            $googleConsentModeOutput .= '    </script>' . PHP_EOL;
+        }
     }
 
     // Auto-Mapping wird jetzt im Frontend-JS gehandhabt
