Bug #21947
closed
BE user which have right to edit one of x installed plugin content elements can edit all
0%
Description
A BE user which is no admin user but got the right to edit one plugin content element can edit all other plugin content elements too.
BE user with BE group:
Explicitly allow/deny field values: [Allow] Insert plugins - checked
Pagecontent: Plugin: [Allow] News - checked, all other checkboxes are unchecked
$TYPO3_CONF_VARS['BE']['explicitADmode'] = 'explicitAllow'; in localconf set
(issue imported from #M13217)
Updated by Sonja Schubert over 13 years ago
Any news for this issue? Would be great if that could be fixed as it is a big problem that the user has too much rights...
Updated by Alexander Opitz almost 11 years ago
- Status changed from New to Needs Feedback
- Target version deleted (
0)
The issue is very old, does this issue exists in newer versions of TYPO3 CMS (4.5 or 6.1)?
Updated by Alexander Opitz over 10 years ago
- Status changed from Needs Feedback to Closed
- Is Regression set to No
No feedback for over 90 days.
Updated by Moritz Ngo over 9 years ago
I can confirm this bug in TYPO3 4.7.19 and TYPO3 6.2.4.
It is exactly like this:
https://forge.typo3.org/issues/32209
It doesn't matter if I use$TYPO3_CONF_VARS['BE']['explicitADmode'] = 'explicitAllow';
or $TYPO3_CONF_VARS['BE']['explicitADmode'] = 'explicitDeny';