Bug #83008: Edit Icon shown in list view despite user not having write permission for table - TYPO3 Core - TYPO3 Forge

Custom queries

Accessibility
Easy tasks
Forge Triage
JavaScript issues
JavaScript Issues (w/o Epics/Stories)
My open issues
No feedback within 90 days
Open Bugs
Open issues of 10
Recently modified
Regressions
Stabilization Issues
Usability or UX

Watchers (1)

Tilo Baller

Actions

Copy link

Bug #83008

closed

Epic #90674: Backend UI not reflecting permissions

Edit Icon shown in list view despite user not having write permission for table

Added by Moritz Ahl about 7 years ago. Updated over 4 years ago.

Status:

Closed

Priority:

Should have

Assignee:

Category:

Backend User Interface

Target version:

Start date:

2017-11-15

Due date:

% Done:

100%

Estimated time:

TYPO3 Version:

PHP Version:

7.1

Tags:

Complexity:

Is Regression:

Sprint Focus:

Description

The list view shows an "edit" icon for records in a table even when the current user does not have write permissions for that table (for example, domain records). When clicked, a spinner shows but the view is never loaded.

So, there should be no icon if the user does not have write permission for that table.

Files

Download all files

belayout_listing.png (20 KB) belayout_listing.png		Riccardo De Contardi, 2017-11-15 23:35
attempt_modify.png (19.1 KB) attempt_modify.png		Riccardo De Contardi, 2017-11-15 23:35
attempt_delete.png (28.9 KB) attempt_delete.png		Riccardo De Contardi, 2017-11-15 23:35
attempt_hide.png (31.4 KB) attempt_hide.png		Riccardo De Contardi, 2017-11-15 23:40

Related issues 2 (0 open — 2 closed)

Related to TYPO3 Core - Bug #23598: AJAX-menu for content-elements only checks page-record-permissions not content-element-permissions

Closed

2010-09-24

Actions

Related to TYPO3 Core - Bug #89307: List Module shows edit action icon even if User has no edit permission

Closed

2019-09-30

Actions

Issue # Delay: days Cancel

History
Notes
Property changes
Associated revisions

Actions

Copy link

Updated by Georg Ringer about 7 years ago

Status changed from New to Needs Feedback

Thanks for creating this issue. Can you please check 8.7 as well and if valid add a Screenshot. That would be great!

Actions

Copy link Download all files

Updated by Riccardo De Contardi about 7 years ago

File belayout_listing.png belayout_listing.png added
File attempt_modify.png attempt_modify.png added
File attempt_delete.png attempt_delete.png added
File attempt_hide.png attempt_hide.png added

This still affects 9.0.0-dev (latest master) as far as I can see.

Steps to reproduce

1) create a usergroup that can list backend_layouts but cannot modify them
2) assign a user
3) create some backend layouts in a sysfolder that the group can access

Results: As you can see, the "edit", "hide" and "delete" button are still visible

- if you try to modify the record, the result is a grey infinite spinning page:

- if you try to hide the record the icon will be replaced with the spin, but an error message is shown

- if you try to delete the record, an error message is shown:

Maybe it would be better to hide or disable the icons, but the error messages are correct.

Actions

Copy link

Updated by Georg Ringer about 7 years ago

Status changed from Needs Feedback to Accepted

thanks for the detailed feedback!

Actions

Copy link

Updated by Georg Ringer about 7 years ago

TYPO3 Version changed from 7 to 9

Actions

Copy link

Updated by Riccardo De Contardi over 6 years ago

Related to Bug #23598: AJAX-menu for content-elements only checks page-record-permissions not content-element-permissions added

Actions

Copy link

Updated by Riccardo De Contardi over 4 years ago

Parent task set to #90674

Actions

Copy link

Updated by Riccardo De Contardi over 4 years ago

Related to Bug #89307: List Module shows edit action icon even if User has no edit permission added

Actions

Copy link

Updated by Gerrit Code Review over 4 years ago

Status changed from Accepted to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/63696

Actions

Copy link

Updated by Gerrit Code Review over 4 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/63696

Actions

Copy link

#10

Updated by Gerrit Code Review over 4 years ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/63696

Actions

Copy link

#11

Updated by Gerrit Code Review over 4 years ago

Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/63696

Actions

Copy link

#12

Updated by Gerrit Code Review over 4 years ago

Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/63696

Actions

Copy link

#13

Updated by Gerrit Code Review over 4 years ago

Patch set 6 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/63696

Actions

Copy link

#14

Updated by Gerrit Code Review over 4 years ago

Patch set 1 for branch 9.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/63750

Actions

Copy link

#15

Updated by Gerrit Code Review over 4 years ago

Patch set 2 for branch 9.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/63750

Actions

Copy link

#16