Project

General

Profile

Actions

Bug #32209

closed

Be user with explicit deny can edit the content plugin fields

Added by David Denicolo' almost 13 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2011-11-30
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
4.5
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

If a Admin create plugin news the editor with explict deny on content plugin news can edit this plugin, he see [invalid value "9"] in the select plugin selector but every other input box or selector is editable so the editor can change the plugin option.
Simple he cannot create another one but can change everything in the plugin.
TYPO3 version 4.5.8
Thanks


Files


Related issues 2 (0 open2 closed)

Related to TYPO3 Core - Bug #72171: Since the authMode_enforce strict is set editors can't edit content elements if the list_type is 0 (which is the default value)Closed2015-12-11

Actions
Related to TYPO3 Core - Bug #72689: 6.2.17 broke editing of content elementsRejected2016-01-14

Actions
Actions #2

Updated by Kaan Sanli over 11 years ago

This bug still exists in TYPO3 6.x.

In one of our installations (6.1) we have a very specified management of user rights with more than 20 editors and a lot of roles. Some may edit and create certain content, some may not. The editors, who may not create plugins like news or powermail can open such a content element and change the settings, e.g. the list_type of a plugin.

This bug should be fixed to have a valid userright's mangament by using the explicit deny functionality.

Thx.

Actions #3

Updated by Mathias Schreiber almost 10 years ago

  • Target version set to 7.4 (Backend)
  • Is Regression set to No
Actions #4

Updated by Susanne Moog over 9 years ago

  • Target version changed from 7.4 (Backend) to 7.5
Actions #5

Updated by Benni Mack about 9 years ago

  • Target version changed from 7.5 to 7 LTS
Actions #6

Updated by Mathias Schreiber about 9 years ago

  • Target version changed from 7 LTS to next-patchlevel
Actions #7

Updated by Mathias Schreiber about 9 years ago

  • Target version deleted (next-patchlevel)
Actions #8

Updated by Georg Ringer almost 9 years ago

  • Project changed from TYPO3 Core to 1716
Actions #9

Updated by Gerrit Code Review almost 9 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Teams/Security/TYPO3v4-Core has been pushed to the review server.
It is available at https://review.typo3.org/45163

Actions #10

Updated by Helmut Hummel almost 9 years ago

  • Project changed from 1716 to TYPO3 Core
  • Is Regression set to No
Actions #11

Updated by Gerrit Code Review almost 9 years ago

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/45165

Actions #12

Updated by Gerrit Code Review almost 9 years ago

Patch set 1 for branch TYPO3_6-2 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/45167

Actions #13

Updated by Georg Ringer almost 9 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions #14

Updated by Benni Mack about 6 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF