Bug #84119
open
Epic #90674: Backend UI not reflecting permissions
Limiting a BE-User to default language results in inconsistent saves.
0%
Description
scenario¶
I have a backend user who is only allowed to edit the default language.
This user now tries to edit a text media content element.
expected behavior¶
The user is able to save the content element.
What actually happens¶
The user gets this error:recordEditAccessInternals() check failed. [ERROR: Language was not allowed.]
I assume this is because of the new copying behaviors. If I check the \TYPO3\CMS\Core\Authentication\BackendUserAuthentication::recordEditAccessInternals method, I see that all languages are checked for which a translation of the content element exists.
Workaround¶
I extended the BackendUserAuthentication class and removed that specific call to checkLanguageAccess. The other languages are still not visible but they could be edited now.
Files
Updated by Wolfgang Klinger about 6 years ago
I can confirm that (TYPO3 8.7.10).
Updated by Gerrit Code Review almost 6 years ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57287
Updated by Tymoteusz Motylewski almost 6 years ago
Does the element you try to edit and save need to be translated?
Updated by Marco Pfeiffer almost 6 years ago
Yes, you'll need a content element that is translated to another language.
If a user now tries to edit the default version without having access to the translated version, then you'll get that error.
Updated by Gerrit Code Review almost 6 years ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57287
Updated by Gerrit Code Review almost 6 years ago
Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57287
Updated by Gerrit Code Review over 5 years ago
Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57287
Updated by Christian Eßl over 4 years ago
I can reproduce this problem in TYPO3 9.5.13.
The following scenario:
- Editor with language restrictions, for instance: languages "default" and "german"
- Editor tries to edit a tt_content element in "default" language.
- The content element can be translated to other languages the editor has no access permissions for.
The problem does not occur when editing localized records, only the default language is affected.
The process_datamap() function in DataHandler should probably not call "$this->BE_USER->recordEditAccessInternals($table, $id);" in this case.
I'm impressed that not more people had this problem over the course of 2 years. Am I missing something here?
Updated by 
Updated by Susanne Moog over 4 years ago
- Sprint Focus deleted (
On Location Sprint)
Updated by Gerrit Code Review almost 4 years ago
Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/57287
Updated by Chris Müller almost 4 years ago
- Related to Bug #91558: Auto slug update with multiple languages and editor language restrictions shows error added
Updated by Kevin Ditscheid over 3 years ago
- Related to Bug #91900: Editor with language restriction to non-default language can't edit records of tables with inline fields configured with l10n_mode => exclude added
Updated by Nicolà Widmer over 2 years ago
The problem still occurs on TYPOe 9.5.28. Has anything happened since last year or are there any news regarding this problem?
Updated by Michael Sollmann over 2 years ago
The problem occurs also while saving the page properties in 10.4.17.
Updated by Christian Kuhn over 2 years ago
- Status changed from Under Review to New
Updated by Raphael Zschorsch about 2 years ago
I'm having the same problem with TYPO3 10.4.23 and the default language. Everything is set up correctly and with the provided patch, everything works fine. Can this topic be reopened, because with a multilanguage website and editors, who only have the right to edit specific languages, this is a must have!
Updated by Kevin Ditscheid over 1 year ago
- File 2022-10-20_10-32.png 2022-10-20_10-32.png added
I tested the issue again in TYPO3 11.
The issue described in the description is still occuring in 11.5.17.
However, if a backend user is restricted to non-default languages (language id != 0):
- they can see the default language elements, but can't edit them (correct)
- they can edit elements in their language (correct)
- they can hit the translate button, but the translations are made in the default language (not correct)
- they can add new elements in their language in mixed mode (correct)
- they can not add new elements in their language in connected mode (correct)
So yeah, language restricting editors is still broken in TYPO3 11