Bug #23241
closedFrontend Editing edit panels are shown for content element types that cannot be edited
0%
Description
In frontend editing (both feedit and feeditadvanced), the only check on content editing permissions is whether tt_content can be edited on the current page or not. This means that a particular content element type may be restricted in the user or group record, but still show editing icons in frontend editing. When the record is clicked to edit, an error message is generated.
Calling $GLOBALS['BE_USER']->recordEditAccessInternals() will tell us if the specific record is truly editable.
(issue imported from #M15189)
Files
Updated by Chris topher over 14 years ago
Hi Jeff,
if you already made a patch, that's great!
If not, have a look at #0005412, where Steffen made one. Maybe you can then continue with something like that. ;-)
However, this has not yet been posted to Core List...
Updated by Sven Juergens over 14 years ago
hi,
sorry but i found a problem with this patch, now. I testet only with feedit not with feedit_advanced.
If you use the Editpanel only for creating new records, there is a problem with recordEditAccessInternals() in class.t3lib_userauthgroup.php
For example use this setup:
temp.newcontent = EDITPANEL
temp.newcontent {
allow = new
newRecordFromTable = tt_content
}
page = PAGE
page.10 = TEXT
page.10.value = Hello World
page.20 < temp.newcontent
Only as Administrator you can see the editpanel.
Problem Description:
in t3lib_frontendedit the patch introduce this check:
$GLOBALS['BE_USER']->recordEditAccessInternals($table, $dataArray))
table = table to edit
$dataArray = if you want create a new Record, this is the current PageRecord
in recordEditAccessInternals() in t3lib_userauthgroup is one check that produce the error
($idOrRow is the $dataArray, which is a PageRecord)
---
if ($TCA[$table]['ctrl']['languageField']) {
if (isset($idOrRow[$TCA[$table]['ctrl']['languageField']])) {
...
---
$TCA[$table]['ctrl']['languageField'] = is in this example with tt_content 'sys_language_uid'
but in the next line we check the given PageRecord for sys_language_uid as languageField, but a page has no sys_language_uid and so always return a FALSE
Updated by Jeff Segars about 14 years ago
Sven,
Thanks for the testing! You're right about the issue too. The attached v2 works around this problem by only calling recordEditAccessInternals() when we're editing an existing record.
If you're able to vote on this on the core list, that would be great.
Thanks!
Jeff
Updated by Sven Juergens about 14 years ago
Hi Jeff,
thanks for your continuous work on this patch. Give a +1 in core list, would be nice to see this in core :)