Project

General

Profile

Actions

Bug #84119

open

Epic #90674: Backend UI not reflecting permissions

Limiting a BE-User to default language results in inconsistent saves.

Added by Marco Pfeiffer over 6 years ago. Updated over 1 year ago.

Status:
New
Priority:
Must have
Assignee:
-
Category:
Localization
Target version:
-
Start date:
2018-03-02
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
8
PHP Version:
7.1
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

scenario

I have a backend user who is only allowed to edit the default language.
This user now tries to edit a text media content element.

expected behavior

The user is able to save the content element.

What actually happens

The user gets this error:
recordEditAccessInternals() check failed. [ERROR: Language was not allowed.]

I assume this is because of the new copying behaviors. If I check the \TYPO3\CMS\Core\Authentication\BackendUserAuthentication::recordEditAccessInternals method, I see that all languages are checked for which a translation of the content element exists.

Workaround

I extended the BackendUserAuthentication class and removed that specific call to checkLanguageAccess. The other languages are still not visible but they could be edited now.


Files

2022-10-20_10-32.png (28.7 KB) 2022-10-20_10-32.png Language != 0 restriction Kevin Ditscheid, 2022-10-20 08:32

Related issues 2 (2 open0 closed)

Related to TYPO3 Core - Bug #91558: Auto slug update with multiple languages and editor language restrictions shows errorNew2020-06-03

Actions
Related to TYPO3 Core - Bug #91900: Editor with language restriction to non-default language can't edit records of tables with inline fields configured with l10n_mode => excludeNew2020-07-30

Actions
Actions #1

Updated by Wolfgang Klinger over 6 years ago

I can confirm that (TYPO3 8.7.10).

Actions #2

Updated by Gerrit Code Review almost 6 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57287

Actions #3

Updated by Tymoteusz Motylewski almost 6 years ago

Does the element you try to edit and save need to be translated?

Actions #4

Updated by Marco Pfeiffer almost 6 years ago

Yes, you'll need a content element that is translated to another language.
If a user now tries to edit the default version without having access to the translated version, then you'll get that error.

Actions #5

Updated by Gerrit Code Review almost 6 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57287

Actions #6

Updated by Gerrit Code Review almost 6 years ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57287

Actions #7

Updated by Susanne Moog over 5 years ago

  • Sprint Focus set to On Location Sprint
Actions #8

Updated by Gerrit Code Review over 5 years ago

Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57287

Actions #9

Updated by Christian Eßl over 4 years ago

I can reproduce this problem in TYPO3 9.5.13.

The following scenario:
- Editor with language restrictions, for instance: languages "default" and "german"
- Editor tries to edit a tt_content element in "default" language.
- The content element can be translated to other languages the editor has no access permissions for.

The problem does not occur when editing localized records, only the default language is affected.
The process_datamap() function in DataHandler should probably not call "$this->BE_USER->recordEditAccessInternals($table, $id);" in this case.

I'm impressed that not more people had this problem over the course of 2 years. Am I missing something here?

Actions #10

Updated by Riccardo De Contardi over 4 years ago

  • Category set to Localization
Actions #11

Updated by Susanne Moog over 4 years ago

  • Sprint Focus deleted (On Location Sprint)
Actions #12

Updated by Riccardo De Contardi over 4 years ago

  • Parent task set to #90674
Actions #13

Updated by Gerrit Code Review about 4 years ago

Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/57287

Actions #14

Updated by Chris Müller about 4 years ago

  • Related to Bug #91558: Auto slug update with multiple languages and editor language restrictions shows error added
Actions #15

Updated by Kevin Ditscheid almost 4 years ago

  • Related to Bug #91900: Editor with language restriction to non-default language can't edit records of tables with inline fields configured with l10n_mode => exclude added
Actions #16

Updated by Nicolà Widmer almost 3 years ago

The problem still occurs on TYPOe 9.5.28. Has anything happened since last year or are there any news regarding this problem?

Actions #17

Updated by Michael Sollmann almost 3 years ago

The problem occurs also while saving the page properties in 10.4.17.

Actions #18

Updated by Christian Kuhn over 2 years ago

  • Status changed from Under Review to New
Actions #19

Updated by Raphael Zschorsch over 2 years ago

I'm having the same problem with TYPO3 10.4.23 and the default language. Everything is set up correctly and with the provided patch, everything works fine. Can this topic be reopened, because with a multilanguage website and editors, who only have the right to edit specific languages, this is a must have!

Actions #20

Updated by Kevin Ditscheid over 1 year ago

I tested the issue again in TYPO3 11.
The issue described in the description is still occuring in 11.5.17.
However, if a backend user is restricted to non-default languages (language id != 0):
- they can see the default language elements, but can't edit them (correct)
- they can edit elements in their language (correct)
- they can hit the translate button, but the translations are made in the default language (not correct)
- they can add new elements in their language in mixed mode (correct)
- they can not add new elements in their language in connected mode (correct)

So yeah, language restricting editors is still broken in TYPO3 11

Actions

Also available in: Atom PDF