Bug #47144
closedEditor can always edit the default language of pages
Added by Philipp Gampe over 11 years ago. Updated about 6 years ago.
100%
Description
An editor which has a language restriction to a non-default language can still edit page records in the default language via the page properties.
Editing content elements fails with "Language was not allowed".
The same message is shown if he edits the page properties, but only as debug message in the debug toolbar (bottom).
Updated by Frank Frewer over 11 years ago
Some more actions which should not be allowed to restricted users:
- via QuickEdit/[edit page properties]/'Move page'-button its possible to copy the page.
- via QuickEdit/[edit page properties]/'View record change history'-button its possible to change the page record.
- the user can manually call /typo3/sysext/cms/layout/db_layout.php?id=XX to edit the page record
- the same for history/undo: even if this entry in context menu is hidden the user could manually call the history modul via /typo3/show_rechis.php?element=pages:XX
Updated by Henrik Ziegenhain over 11 years ago
I can confirm this for 6.0.x & 4.6.x
Patch from #47126 (thanks Frank) works, we only need a solution for this specific issue.
Updated by Henrik Ziegenhain over 11 years ago
I did some research on this and found a simple solution for the main issue discovered by Philipp.
This solution does NOT solve the additional issues reported by Frank.
Page Module
Open typo3/sysext/backend/Classes/Controller/PageLayoutController.php and search for
// Edit page properties if ($this->CALC_PERMS & 2) {
and replace with
// Edit page properties if ($this->CALC_PERMS & 2 && $GLOBALS['BE_USER']->checkLanguageAccess(0)) {
List Module
Open typo3/sysext/recordlist/Classes/RecordList/DatabaseRecordList.php and search for
// If edit permissions are set (see class.t3lib_userauthgroup.php) if ($localCalcPerms & 2 && !empty($this->id)) {
and replace with
// If edit permissions are set (see class.t3lib_userauthgroup.php) if ($localCalcPerms & 2 && !empty($this->id) && $GLOBALS['BE_USER']->checkLanguageAccess(0)) {
My Question is how to put this to the review System? Could someone give me a hint/link to a documentation?
Updated by Philipp Gampe over 11 years ago
Thanks for your findings.
Have a look here:
http://wiki.typo3.org/Contribution_Walkthrough_Tutorials
Updated by Gerrit Code Review over 11 years ago
- Status changed from New to Under Review
Patch set 1 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/20420
Updated by Henrik Ziegenhain over 11 years ago
Hi Philipp,
thanks for your help. A few seconds ago I pushed my first patch to Gerrit :)
Hope everything is right.
Updated by Gerrit Code Review over 11 years ago
Patch set 1 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/20453
Updated by Gerrit Code Review over 11 years ago
Patch set 1 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/20454
Updated by Gerrit Code Review over 11 years ago
Patch set 1 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/21143
Updated by Gerrit Code Review over 11 years ago
Patch set 1 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/21144
Updated by Henrik Ziegenhain over 11 years ago
I pushed a new patch to gerrit, which respects the new 6.2 and 4.5/4.7 for backporting.
I also changed two files mentioned by Dmitry.
Sorry for creating a new issue in Gerrit. How can I push a new patch set 2 for an existing one? (I am using TortoiseGit)
Updated by Stefan Neufeind over 11 years ago
@Henrik: Just push to the same branch (for example master) and leave the Commit-Id unchanged. Gerrit will then know you're posting just a new revision and not a new patch.
Upon backports you'll then push to a different branch but still leave the Commit-Id unchanged. That will create a separate patch but will help keep track of the backport and it's siblings.
Updated by Gerrit Code Review over 11 years ago
Patch set 2 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/20454
Updated by Henrik Ziegenhain over 11 years ago
Sorry for my messy pushes and thanks to Stefan for the hint.
Now I got it right and pushed patch set 2 to the originally created issue and abandoned the other one to keep the comments.
Updated by Jens Jacobsen about 10 years ago
Well just stumbled across this "bug" in TYPO3 6.2.4
Nasty! Some progress on this would be fine.
Updated by Gerrit Code Review almost 10 years ago
Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/20454
Updated by Gerrit Code Review almost 10 years ago
Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/20454
Updated by Gerrit Code Review about 9 years ago
Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/20454
Updated by Gerrit Code Review about 9 years ago
Patch set 6 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/20454
Updated by Anonymous almost 9 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 0ad9a8c1519fffe56b3428fc8ff69ff35dff7489.