Bug #25135
Pagetree - Drag and drop only works for BE-Users with delete-permissions
| Status: | New | Start date: | 2011-02-22 | |
|---|---|---|---|---|
| Priority: | Should have | Due date: | ||
| Assignee: | - | % Done: | 0% |
|
| Category: | Pagetree | |||
| Target version: | - | |||
| TYPO3 Version: | 4.5 | Complexity: | ||
| PHP Version: | 5.2 | |||
| Votes: | 3 (View) |
Description
All drag and drop functions with pages in the pagetree only works, when the backend-user has assigned delete-permissions to pages in the access-module.
How to reproduce:
1. Create some pages in the pagetree
2. Create a BE usergroup
3. Create a BE user
4. Assign the BE user to the BE usergroup
5. Assign BE usergroup access permissions to all pages (with default setting - "Delete page" not checked!)
6. Switch user to BE user
7. Try to use drap and drop in pagetree
It´s hard to say for me if this is a bug or a feature. In TYPO3 4.4.x, a BE user could use drag and drop in the pagetree without delete-permissions on pages.
If this is not a bug, maybe it would be a good idea to set "Delete page" checked in TYPO3´s default settings in the access-module.
(issue imported from #M17711)
Related issues
| related to Core - Bug #29801: Delete access required to move pages. | New | 2011-09-15 | ||
| duplicated by Core - Bug #28778: Pages not moveable in pagetree without right to delete page | Accepted | 2011-08-05 |
History
Updated by Stefan Galinski about 2 years ago
There was a reason for this behaviour. Unfortunatly I don't know it anymore... ;-)
Updated by Torben Hansen about 2 years ago
Nice one ;-)
I had a look at the code and found the function, which disables the drag and drop feature. In "class.t3lib_tree_pagetree_commands.php" the function "getNewNode" is responsible for the setting. At the end of the function you´ll see the following:
if (!$subNode->canBeEdited() || !$subNode->canBeRemoved() || intval($record['t3ver_state']) === 2) {
$subNode->setDraggable(FALSE);
}
I have tried to remove "!$subNode->canBeRemoved()" and now all drag and drop functions seem to work fine for a BE usergroup. So the question is, why is it necessary that a page can be removed to use drap and drop functionality? My first thought was the new "Drop here to delete"-field. Maybe no access-checking is done there. So I tested to drag and drop a page (with no delete-permission for the usergroup) to the "Drop here to delete"-field, and an error message appears which says, that I don´t have the right permissions to delete the page. So everything fine there and access-checking is correct.
Maybe this helps you remembering, what the reason was for this behaviour.
Updated by Susanne Moog almost 2 years ago
- Category set to Pagetree
- Target version deleted (
0)
Updated by Andreas Wolf over 1 year ago
- Assignee set to Stefan Galinski
- Target version set to 4.6.0-beta3
Stefan, any news on that? Does Torbens comment help you fix this issue?
Updated by Oliver Hader over 1 year ago
- Target version changed from 4.6.0-beta3 to 4.6.0-RC1
Updated by Xavier Perseguers over 1 year ago
- Target version changed from 4.6.0-RC1 to 4.6.0
Updated by Chris topher over 1 year ago
- Target version changed from 4.6.0 to 4.6.1
Updated by Chris topher over 1 year ago
- Target version changed from 4.6.1 to 4.6.2
Updated by Xavier Perseguers over 1 year ago
- Assignee deleted (
Stefan Galinski) - Target version deleted (
4.6.2)
Updated by Stephan Vidar about 1 year ago
Same problem in TYPO3 4.5.11
Updated by Falk Kühnel 6 months ago
Still a problem in 4.7.6