Feature #19450
closed
More flexible editpanel permission
0%
Description
The permission check for rendering/using an editpanel in the frontend for logged in backend users depends on the BE user's permissions for the current TSFE->id only.
This may lead to non editable records in FE for logged in BE users, although they actually would have the permission to edit those records in the backend.
Which is I think a major drawback for FE editing.
That is typically (but not only) the case for FE plugins with their records being stored in a sysfolder, which shall be editable for some BE user but who is restricted by permissions to edit the page where the records are eventually outputted in FE.
The attached patch introduces a new parameter for cObject EDITPANEL and stdWrap property editPanel named
permissionCheckOnPid = [int | keyword 'pid']
for checking this editpanel's usability/permissions based on a given pid (if an integer) or a record's pid field (if keyword 'pid')
(issue imported from #M9539)
Files
Updated by Ralf Hettinger over 15 years ago
Attached a patch for the described functionality after fe editing moved to separate sysext fe_edit
Updated by Benni Mack almost 14 years ago
Hey Jeff.
Could you have a look at that patch again (before RC2) ? It's in the core list already.
Thanks.
Updated by Xavier Perseguers almost 13 years ago
- Category deleted (
Communication) - Target version changed from 4.6.0 to 4.6.0-beta1
Updated by Xavier Perseguers over 12 years ago
- Target version deleted (
4.6.0-beta1)
Updated by Alexander Opitz almost 11 years ago
- Status changed from Accepted to Needs Feedback
The issue is very old, does this issue exists in newer versions of TYPO3 CMS (4.5 or 6.1)?
Updated by Alexander Opitz over 10 years ago
- Status changed from Needs Feedback to Closed
- Assignee deleted (
Jeff Segars)
No feedback for over 90 days.