Project

General

Profile

Actions
Copy link

Bug #17000

closed

BE permissions ignored

Added by Andreas Beutel almost 18 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Should have
Assignee:
Chris topher
Category:
-
Target version:
-
Start date:
2007-02-16
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.0
PHP Version:
4
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

A user may have restricted access to the backend edit forms via the »explicit deny« in the BE user group configuration. If you set up a group and restrict its access to page content type »plugin« and also restrict the available plugins, a user can only edit and create new content elements of the type plugin. If the user creates a new content element of type plugin, he may only select the allowed plugin types (as defined in the explicit deny for »Pagecontent: Plugin«.

If the user tries to edit an existing content element of type plugin which is not in the list of allowed plugins the plugin select box shows [ INVALID VALUE ("plugin") ] as selected value plus the allowed plugin types. Anyway the user may change any value in the edit form (headline, flexform configuration, ...) and save the changes.

I have verified this for version 4.0.0 - 4.1RC1.
(issue imported from #M5007)

Related issues 1 (0 open1 closed)

Is duplicate of TYPO3 Core - Bug #21947: BE user which have right to edit one of x installed plugin content elements can edit allClosed2010-01-12

Actions
Actions
Copy link
 #1

Updated by Andreas Beutel almost 15 years ago

Verified as bug in 4.2 and 4.3. Not fixed yet.

Actions
Copy link
 #2

Updated by Chris topher over 14 years ago

Resolved as duplicate of #21947.

Actions
Copy link
 #3

Updated by Benni Mack about 6 years ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF