DokType permissions are not checked
you can edit a page if you don't have permissions to edit the doktype!
How to reproduce:
- Create a BE user and BE group with permissions to edit just the "Page types" default and shortcut for example. Also make sure, that the group can edit the table "pages" and the field "doktype"
- Login with the specific user and edit a folder (which is not accepted in the be group permissions)
I do not know what behavior I was expecting:
- User can't edit the folder properties in general
- User can't edit the "Page types" field of this folder
But currently the user can edit the page but do not leave the DokType on "Folder".
Therefore, the DokType is automatically set to "Default", which is definitely wrong, I think.
This issue exists in TYPO3 7.6 and TYPO3 8 (master)