Project

General

Profile

Actions
Copy link

Bug #79954

closed

DokType permissions are not checked

Added by Markus Hölzle over 7 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
Security
Target version:
next-patchlevel
Start date:
2017-02-22
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
7
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

Hi there,

you can edit a page if you don't have permissions to edit the doktype!

How to reproduce:
- Create a BE user and BE group with permissions to edit just the "Page types" default and shortcut for example. Also make sure, that the group can edit the table "pages" and the field "doktype"
- Login with the specific user and edit a folder (which is not accepted in the be group permissions)

I do not know what behavior I was expecting:
- User can't edit the folder properties in general
OR
- User can't edit the "Page types" field of this folder

But currently the user can edit the page but do not leave the DokType on "Folder".
Therefore, the DokType is automatically set to "Default", which is definitely wrong, I think.

This issue exists in TYPO3 7.6 and TYPO3 8 (master)

Actions
Copy link
 #1

Updated by Gerrit Code Review over 7 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/51796

Actions
Copy link
 #2

Updated by Markus Hölzle over 7 years ago

  • Assignee deleted (Markus Hölzle)
Actions
Copy link
 #3

Updated by Mona Muzaffar over 7 years ago

  • Target version set to 8 LTS
Actions
Copy link
 #4

Updated by Gerrit Code Review over 7 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/51796

Actions
Copy link
 #5

Updated by Benni Mack over 7 years ago

  • Target version changed from 8 LTS to next-patchlevel
Actions
Copy link
 #6

Updated by Gerrit Code Review over 7 years ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/51796

Actions
Copy link
 #7

Updated by Gerrit Code Review over 7 years ago

Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/51796

Actions
Copy link
 #8

Updated by Gerrit Code Review over 7 years ago

Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/51796

Actions
Copy link
 #9

Updated by Gerrit Code Review over 7 years ago

Patch set 1 for branch TYPO3_8-7 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/53661

Actions
Copy link
 #10

Updated by Markus Hölzle over 7 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions
Copy link
 #11

Updated by Gerrit Code Review over 7 years ago

  • Status changed from Resolved to Under Review

Patch set 1 for branch TYPO3_7-6 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/53715

Actions
Copy link
 #12

Updated by Markus Hölzle over 7 years ago

  • Status changed from Under Review to Resolved
Actions
Copy link
 #13

Updated by Gerrit Code Review over 7 years ago

  • Status changed from Resolved to Under Review

Patch set 2 for branch TYPO3_7-6 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/53715

Actions
Copy link
 #14

Updated by Gerrit Code Review over 7 years ago

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/53749

Actions
Copy link
 #15

Updated by Gerrit Code Review over 7 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/53749

Actions
Copy link
 #16

Updated by Gerrit Code Review over 7 years ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/53749

Actions
Copy link
 #17

Updated by Gerrit Code Review about 7 years ago

Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/53749

Actions
Copy link
 #18

Updated by Gerrit Code Review about 7 years ago

Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/53749

Actions
Copy link
 #19

Updated by Gerrit Code Review about 7 years ago

Patch set 6 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/53749

Actions
Copy link
 #20

Updated by Gerrit Code Review about 7 years ago

Patch set 7 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/53749

Actions
Copy link
 #21

Updated by Gerrit Code Review about 7 years ago

Patch set 1 for branch TYPO3_8-7 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/54121

Actions
Copy link
 #22

Updated by Sascha Egerer about 7 years ago

  • Status changed from Under Review to Resolved
Actions
Copy link
 #23

Updated by Horst Wiederhold about 7 years ago

This issue is fixed in TYPO3 8.7 [0075ee57bb] and TYPO3 master [ebaea78e73] it is still existing in TYPO3 7.6

Actions
Copy link
 #24

Updated by Benni Mack about 6 years ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF