Bug #83008

Edit Icon shown in list view despite user not having write permission for table

Added by Moritz Ahl almost 2 years ago. Updated almost 2 years ago.

Status:
Accepted
Priority:
Should have
Assignee:
-
Category:
Backend User Interface
Target version:
-
Start date:
2017-11-15
Due date:
% Done:

0%

TYPO3 Version:
9
PHP Version:
7.1
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

The list view shows an "edit" icon for records in a table even when the current user does not have write permissions for that table (for example, domain records). When clicked, a spinner shows but the view is never loaded.

So, there should be no icon if the user does not have write permission for that table.

belayout_listing.png View (20 KB) Riccardo De Contardi, 2017-11-15 23:35

attempt_modify.png View (19.1 KB) Riccardo De Contardi, 2017-11-15 23:35

attempt_delete.png View (28.9 KB) Riccardo De Contardi, 2017-11-15 23:35

attempt_hide.png View (31.4 KB) Riccardo De Contardi, 2017-11-15 23:40


Related issues

Related to TYPO3 Core - Bug #23598: AJAX-menu for content-elements only checks page-record-permissions not content-element-permissions Accepted 2010-09-24

History

#1 Updated by Georg Ringer almost 2 years ago

  • Status changed from New to Needs Feedback

Thanks for creating this issue. Can you please check 8.7 as well and if valid add a Screenshot. That would be great!

#2 Updated by Riccardo De Contardi almost 2 years ago

This still affects 9.0.0-dev (latest master) as far as I can see.

Steps to reproduce

1) create a usergroup that can list backend_layouts but cannot modify them
2) assign a user
3) create some backend layouts in a sysfolder that the group can access

Results: As you can see, the "edit", "hide" and "delete" button are still visible

- if you try to modify the record, the result is a grey infinite spinning page:

- if you try to hide the record the icon will be replaced with the spin, but an error message is shown

- if you try to delete the record, an error message is shown:

Maybe it would be better to hide or disable the icons, but the error messages are correct.

#3 Updated by Georg Ringer almost 2 years ago

  • Status changed from Needs Feedback to Accepted

thanks for the detailed feedback!

#4 Updated by Georg Ringer almost 2 years ago

  • TYPO3 Version changed from 7 to 9

#5 Updated by Riccardo De Contardi about 1 year ago

  • Related to Bug #23598: AJAX-menu for content-elements only checks page-record-permissions not content-element-permissions added

Also available in: Atom PDF