Epic #90674: Backend UI not reflecting permissions
If "Copy default content elements" fails because of missing CType access, images get duplicated
There seems to be a bug with access restricted CTypes in 6.2.17:
1. Create content element with FAL image in default language
2. Try to translate the CE with an translator account who doesn't have
access to this CType (sadly the "Copy default content elment button"
still shows up)
I restrict the access with the "Explicitly allow/deny field values:"-option for a backend user group.
3. TYPO3 tries to create a translated CE but fails with "newlog()]
recordEditAccessInternals() check failed. [ERROR: authMode
"explicitAllow" failed for field "CType" with value..."
4. It's correct that TYPO3 throws this error, but it seems that this
happens too late. The FAL image got already copied and shows up as duplicate in the default language now
M.e the problem is in \TYPO3\CMS\Core\DataHandling\DataHandler->process_datamap().
The tables which need an update/new entries are processed one after
another and access check happens only for the current table.
So if an error occurs in the last table the already proccessed tables need some kind of rollback.
#1 Updated by Riccardo De Contardi over 3 years ago
I can confirm it with 8.7-dev (latest master)
Steps to reproduce
1) create and editors group and an editor user that has it
2) editors group > explicit deny the "filelist" CType
3) with admin editor, create a page, translate it
4) create inside the page a "filelist" CE and fill it with one file
5) login as editor > try to translate the CE > the file gets duplicated.