Bug #52634
closed
sys_categories are missing security restrictions
100%
Description
Like tt_news or ext news categories need to be restrictable for backend users.
- selection for groups and users
- TCA tree must respect this selection
- TCEmain must check that selecting not allowed categories is not posible,
- TCEmain must check that categories, already set by others before, but not allowed for me, are not removed on saving.
Updated by Stefan Neufeind about 10 years ago
What is left here? The TCEmain-part?
Updated by
Updated by Thierry Brodard about 10 years ago
Actually, on the 6.2 RC1, the category-tree is filtered for files, but not in the list-module: even if a category mount is set for a be-group, all be-users can see all categories.
Updated by Lorenz Ulrich almost 10 years ago
How would you handle category restriction for different records. If e.g. news, tt_address and FAL are using the Category API, you might have categories that are News-only, categories that are tt_address only etc.. For the user it will be distracting if he can add a category meant for addresses to a News item.
Maybe it would be nice if categories could be locked to record types (default to all). What do you think?
Updated by
Updated by Christian Kuhn almost 8 years ago
- Status changed from New to Rejected
very hard to resolve, will not be done in near future, see related https://forge.typo3.org/issues/71461