Epic #90674: Backend UI not reflecting permissions
Limiting a BE-User to default language results in inconsistent saves.
I have a backend user who is only allowed to edit the default language.
This user now tries to edit a text media content element.
The user is able to save the content element.
What actually happens¶
The user gets this error:
recordEditAccessInternals() check failed. [ERROR: Language was not allowed.]
I assume this is because of the new copying behaviors. If I check the \TYPO3\CMS\Core\Authentication\BackendUserAuthentication::recordEditAccessInternals method, I see that all languages are checked for which a translation of the content element exists.
I extended the BackendUserAuthentication class and removed that specific call to checkLanguageAccess. The other languages are still not visible but they could be edited now.
Updated by Christian Eßl over 1 year ago
I can reproduce this problem in TYPO3 9.5.13.
The following scenario:
- Editor with language restrictions, for instance: languages "default" and "german"
- Editor tries to edit a tt_content element in "default" language.
- The content element can be translated to other languages the editor has no access permissions for.
The problem does not occur when editing localized records, only the default language is affected.
The process_datamap() function in DataHandler should probably not call "$this->BE_USER->recordEditAccessInternals($table, $id);" in this case.
I'm impressed that not more people had this problem over the course of 2 years. Am I missing something here?
Updated by Gerrit Code Review about 1 year ago
Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/57287