Project

General

Profile

Actions
Copy link

Bug #63337

closed

Missing User-rights-Management: User can edit all extension flexforms without sufficient rights

Added by Sven Juergens over 9 years ago. Updated about 4 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2014-11-26
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
6.2
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

Hi,

following situation.
Fresh installation of TYPO3 6.2.6, install the extensions news and macina_bannermanagement ( or any other extensions with flexform configuration )
Create a usergroup and allow them with "[Allow] Insert Plugin" and "[Allow] Bannermodule" to use the Plugin Bannermodule. Now my expectation is, that the user only can insert/read/update/delete the Plugin Bannermodule,
BUT he can also edit the flexform of News and any other Extensions with flexform configuration, which insert a User or Admin with sufficient rights.
The DropDown of plugins has the value "[ INVALID VALUE ("news_pi1") ]" but the User can save and change any configuration.

Best Regards
Sven

Related issues 2 (0 open2 closed)

Related to TYPO3 Core - Bug #43593: Rights to change denied pluginsClosed2012-12-04

Actions
Related to TYPO3 Core - Task #88496: Replace switchable controller actions terminologyClosedAlexander Schnitzler2019-06-05

Actions
Actions
Copy link

Also available in: Atom PDF