15189_v2.diff

Administrator Admin, 2010-11-17 22:15

Download (3.95 KB)

View differences:

t3lib/class.t3lib_frontendedit.php (working copy)
84 84
		if ($conf['newRecordFromTable']) {
85 85
			$currentRecord = $conf['newRecordFromTable'] . ':NEW';
86 86
			$conf['allow'] = 'new';
87
			$checkEditAccessInternals = FALSE;
88
		} else {
89
			$checkEditAccessInternals = TRUE;
87 90
		}
88 91

  
89 92
		list($table, $uid) = explode(':', $currentRecord);
......
105 108
			}
106 109
		}
107 110

  
108
		if ($GLOBALS['TSFE']->displayEditIcons && $table && $this->allowedToEdit($table, $dataArray, $conf) && $this->allowedToEditLanguage($table, $dataArray)) {
111
		if ($GLOBALS['TSFE']->displayEditIcons && $table && $this->allowedToEdit($table, $dataArray, $conf, $checkEditAccessInternals) && $this->allowedToEditLanguage($table, $dataArray)) {
109 112
			$editClass = $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['typo3/classes/class.frontendedit.php']['edit'];
110 113
			if ($editClass) {
111 114
				$edit = t3lib_div::getUserObj($editClass, false);
......
497 500
	 * @param	string	The name of the table.
498 501
	 * @param	array	The data array.
499 502
	 * @param	array	The configuration array for the edit panel.
503
	 * @param	boolean	Boolean indicating whether recordEditAccessInternals should not be checked. Defaults
504
	 * 					to true but doesn't makes sense when creating new records on a page.
500 505
	 * @return	boolean
501 506
	 */
502
	protected function allowedToEdit($table, array $dataArray, array $conf) {
507
	protected function allowedToEdit($table, array $dataArray, array $conf, $checkEditAccessInternals = TRUE) {
503 508

  
504 509
			// Unless permissions specifically allow it, editing is not allowed.
505
		$mayEdit = false;
510
		$mayEdit = FALSE;
506 511

  
507
		if ($table=='pages') {
508
				// 2 = permission to edit the page
509
			if ($GLOBALS['BE_USER']->isAdmin() || $GLOBALS['BE_USER']->doesUserHaveAccess($dataArray, 2)) {
510
				$mayEdit = true;
511
			}
512
		if ($checkEditAccessInternals) {
513
			$editAccessInternals = $GLOBALS['BE_USER']->recordEditAccessInternals($table, $dataArray, FALSE, FALSE);
512 514
		} else {
513
				// 16 = permission to edit content on the page
514
			if ($GLOBALS['BE_USER']->isAdmin() || $GLOBALS['BE_USER']->doesUserHaveAccess(t3lib_BEfunc::getRecord('pages', $dataArray['pid']), 16)) {
515
				$mayEdit = true;
515
			$editAccessInternals = TRUE;
516
		}
517
		
518
		if ($editAccessInternals) {
519
			if ($table=='pages') {
520
					// 2 = permission to edit the page
521
				if ($GLOBALS['BE_USER']->isAdmin() || $GLOBALS['BE_USER']->doesUserHaveAccess($dataArray, 2)) {
522
					$mayEdit = true;
523
				}
524
			} else {
525
					// 16 = permission to edit content on the page
526
				if ($GLOBALS['BE_USER']->isAdmin() || $GLOBALS['BE_USER']->doesUserHaveAccess(t3lib_BEfunc::getRecord('pages', $dataArray['pid']), 16)) {
527
					$mayEdit = true;
528
				}
516 529
			}
517
		}
518 530

  
519
		if (!$conf['onlyCurrentPid'] || ($dataArray['pid'] == $GLOBALS['TSFE']->id)) {
520
				// Permissions:
521
			$types = t3lib_div::trimExplode(',', t3lib_div::strtolower($conf['allow']),1);
522
			$allow = array_flip($types);
531
			if (!$conf['onlyCurrentPid'] || ($dataArray['pid'] == $GLOBALS['TSFE']->id)) {
532
					// Permissions:
533
				$types = t3lib_div::trimExplode(',', t3lib_div::strtolower($conf['allow']),1);
534
				$allow = array_flip($types);
523 535

  
524
			$perms = $GLOBALS['BE_USER']->calcPerms($GLOBALS['TSFE']->page);
525
			if ($table == 'pages') {
526
				$allow = $this->getAllowedEditActions($table, $conf, $dataArray['pid'], $allow);
536
				$perms = $GLOBALS['BE_USER']->calcPerms($GLOBALS['TSFE']->page);
537
				if ($table == 'pages') {
538
					$allow = $this->getAllowedEditActions($table, $conf, $dataArray['pid'], $allow);
527 539

  
528
					// Can only display editbox if there are options in the menu
529
				if (count($allow)) {
530
					$mayEdit = true;
540
						// Can only display editbox if there are options in the menu
541
					if (count($allow)) {
542
						$mayEdit = true;
543
					}
544
				} else {
545
					$mayEdit = count($allow) && ($perms & 16);
531 546
				}
532
			} else {
533
				$mayEdit = count($allow) && ($perms & 16);
534 547
			}
535 548
		}
536 549