Bug #23241

Frontend Editing edit panels are shown for content element types that cannot be edited

Added by Jeff Segars almost 11 years ago. Updated about 10 years ago.

Should have
Target version:
Start date:
Due date:
% Done:


Estimated time:
TYPO3 Version:
PHP Version:
Is Regression:
Sprint Focus:


In frontend editing (both feedit and feeditadvanced), the only check on content editing permissions is whether tt_content can be edited on the current page or not. This means that a particular content element type may be restricted in the user or group record, but still show editing icons in frontend editing. When the record is clicked to edit, an error message is generated.

Calling $GLOBALS['BE_USER']->recordEditAccessInternals() will tell us if the specific record is truly editable.

(issue imported from #M15189)


15189.diff (2.43 KB) 15189.diff Administrator Admin, 2010-07-21 16:07
15189_v2.diff (3.95 KB) 15189_v2.diff Administrator Admin, 2010-11-17 22:15

Related issues

Related to TYPO3 Core - Bug #17203: Access Check for Content Elements before drawing the InterfaceClosed2007-04-12

Related to TYPO3 Core - Bug #22728: Icon "Create new record in top of column" displayed even with no rightsClosed2010-05-27


Updated by Chris topher almost 11 years ago

Hi Jeff,

if you already made a patch, that's great!
If not, have a look at #0005412, where Steffen made one. Maybe you can then continue with something like that. ;-)

However, this has not yet been posted to Core List...


Updated by Sven Juergens over 10 years ago

sorry but i found a problem with this patch, now. I testet only with feedit not with feedit_advanced.
If you use the Editpanel only for creating new records, there is a problem with recordEditAccessInternals() in class.t3lib_userauthgroup.php

For example use this setup:
temp.newcontent = EDITPANEL
temp.newcontent {
allow = new
newRecordFromTable = tt_content

page = PAGE
page.10 = TEXT
page.10.value = Hello World
page.20 < temp.newcontent

Only as Administrator you can see the editpanel.

Problem Description:
in t3lib_frontendedit the patch introduce this check:
$GLOBALS['BE_USER']->recordEditAccessInternals($table, $dataArray))

table = table to edit
$dataArray = if you want create a new Record, this is the current PageRecord

in recordEditAccessInternals() in t3lib_userauthgroup is one check that produce the error
($idOrRow is the $dataArray, which is a PageRecord)
if ($TCA[$table]['ctrl']['languageField']) {
if (isset($idOrRow[$TCA[$table]['ctrl']['languageField']])) {
$TCA[$table]['ctrl']['languageField'] = is in this example with tt_content 'sys_language_uid'
but in the next line we check the given PageRecord for sys_language_uid as languageField, but a page has no sys_language_uid and so always return a FALSE


Updated by Jeff Segars over 10 years ago

Thanks for the testing! You're right about the issue too. The attached v2 works around this problem by only calling recordEditAccessInternals() when we're editing an existing record.

If you're able to vote on this on the core list, that would be great.



Updated by Sven Juergens over 10 years ago

Hi Jeff,

thanks for your continuous work on this patch. Give a +1 in core list, would be nice to see this in core :)


Updated by Jeff Segars over 10 years ago

Committed v2 to trunk in r9476


Updated by Susanne Moog about 10 years ago

  • Target version deleted (4.5.0)

Also available in: Atom PDF