Bug #14238
User cannot save existing page if page-type is not allowed by backend-group config
| Status: | Accepted | Start date: | 2004-07-14 | |
|---|---|---|---|---|
| Priority: | Should have | Due date: | ||
| Assignee: | - | % Done: | 0% |
|
| Category: | Backend API | |||
| Target version: | - | |||
| TYPO3 Version: | 4.2 | Complexity: | ||
| PHP Version: | 5.2 | |||
| Votes: | 0 |
Description
A user may open and edit an existing page (-header) but may not be able to save the page if he has no access to the current page type. For example if you edit the page-header of an »Advanced« page you may not be able to save the changes without changing the page type to an allowed one, if the group of the users has no access to »Advanced« pages.
(issue imported from #M215)
History
Updated by Andreas Beutel over 8 years ago
Bug persists in TYPO3 version 3.7.0RC1.
Updated by Ingmar Schlecht over 8 years ago
...which means it will not be fixed for 3.7 final because a change to something as security relevant as this needs more testing than just a few days.
Updated by Sebastian Kurfuerst about 8 years ago
Are there any proposals how to deal with that? Maybe there needs to be a possibility to select "Don't change" instead of an allowed pagetype?
Updated by Andreas Beutel about 8 years ago
There are some usability issues related to this:
If a user is not allowed to set the page type to "Advanced", does this imply he/she is also not allowed to edit any advanced page?
If yes, the "Edit page header" option has to be disabled for that page even if the permissions allow to modify the page settings for that user/group.
If no, he/she has two options to edit: He/she must change the page type to an allowed one.
In this case TYPO3 should immediately notify the user that he/she has to change the page type to save.
OR
- and this is what I would prefer - the page type select has to be modified so it recognizes that the inaccessible page type was set before and allow the user to save the page even with that page type. Also a correct warning should be issued near the select: Something like "If you change the page type you will not be able to select "Advanced" again because of insufficient permissions".
Updated by Andreas Beutel about 8 years ago
Bug persists in TYPO3 version 3.8.0beta1.
Updated by Sebastian Kurfuerst about 8 years ago
"- and this is what I would prefer - the page type select has to be modified so it recognizes that the inaccessible page type was set before and allow the user to save the page even with that page type. Also a correct warning should be issued near the select: Something like "If you change the page type you will not be able to select "Advanced" again because of insufficient permissions"."
I like that option most, too. Are there other comments on that?
Updated by Andreas Beutel over 4 years ago
Bug furthermore persists up to TYPO3 version 4.2.x.
Updated by Chris topher about 3 years ago
Thanks for providing updates on this, Andreas!
Can you provide a patch?
Updated by Riccardo De Contardi 8 days ago
- File Cattura.PNG added
- File Cattura2.PNG added
I've done this test in TYPO3 CMS 6.1.0:
I tried to edit a page of type "mount point" for wich my editors' usergroup has no right.
So, I've opened the page --> the attached CATTURA.png
I tried to save the page and the page has been saved, with some warnings: see attached CATTURA2.png