Bug #83008
closed
Epic #90674: Backend UI not reflecting permissions
Edit Icon shown in list view despite user not having write permission for table
100%
Description
The list view shows an "edit" icon for records in a table even when the current user does not have write permissions for that table (for example, domain records). When clicked, a spinner shows but the view is never loaded.
So, there should be no icon if the user does not have write permission for that table.
Files
Updated by Georg Ringer about 7 years ago
- Status changed from New to Needs Feedback
Thanks for creating this issue. Can you please check 8.7 as well and if valid add a Screenshot. That would be great!
Updated by Riccardo De Contardi about 7 years ago
- File belayout_listing.png belayout_listing.png added
- File attempt_modify.png attempt_modify.png added
- File attempt_delete.png attempt_delete.png added
- File attempt_hide.png attempt_hide.png added
This still affects 9.0.0-dev (latest master) as far as I can see.
Steps to reproduce
1) create a usergroup that can list backend_layouts but cannot modify them
2) assign a user
3) create some backend layouts in a sysfolder that the group can access
Results: As you can see, the "edit", "hide" and "delete" button are still visible
- if you try to modify the record, the result is a grey infinite spinning page:
- if you try to hide the record the icon will be replaced with the spin, but an error message is shown
- if you try to delete the record, an error message is shown:
Maybe it would be better to hide or disable the icons, but the error messages are correct.
Updated by Georg Ringer about 7 years ago
- Status changed from Needs Feedback to Accepted
thanks for the detailed feedback!
Updated by Riccardo De Contardi over 6 years ago
- Related to Bug #23598: AJAX-menu for content-elements only checks page-record-permissions not content-element-permissions added
Updated by Riccardo De Contardi over 4 years ago
- Related to Bug #89307: List Module shows edit action icon even if User has no edit permission added
Updated by Gerrit Code Review over 4 years ago
- Status changed from Accepted to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/63696
Updated by Gerrit Code Review over 4 years ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/63696
Updated by Gerrit Code Review over 4 years ago
Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/63696
Updated by Gerrit Code Review over 4 years ago
Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/63696
Updated by Gerrit Code Review over 4 years ago
Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/63696
Updated by Gerrit Code Review over 4 years ago
Patch set 6 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/63696
Updated by Gerrit Code Review over 4 years ago
Patch set 1 for branch 9.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/63750
Updated by Gerrit Code Review over 4 years ago
Patch set 2 for branch 9.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/63750
Updated by Christian Eßl over 4 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 72bcf63cf11e1e9490980e11eaae8bc58aeb636a.
Updated by 
Updated by