Bug #84119

Epic #90674: Backend UI not reflecting permissions

Limiting a BE-User to default language results in inconsistent saves.

Added by Marco Pfeiffer over 2 years ago. Updated 6 months ago.

Status:
Under Review
Priority:
Must have
Assignee:
-
Category:
Localization
Target version:
-
Start date:
2018-03-02
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
8
PHP Version:
7.1
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

scenario

I have a backend user who is only allowed to edit the default language.
This user now tries to edit a text media content element.

expected behavior

The user is able to save the content element.

What actually happens

The user gets this error:
recordEditAccessInternals() check failed. [ERROR: Language was not allowed.]

I assume this is because of the new copying behaviors. If I check the \TYPO3\CMS\Core\Authentication\BackendUserAuthentication::recordEditAccessInternals method, I see that all languages are checked for which a translation of the content element exists.

Workaround

I extended the BackendUserAuthentication class and removed that specific call to checkLanguageAccess. The other languages are still not visible but they could be edited now.


Related issues

Related to TYPO3 Core - Bug #91558: Auto slug update with multiple languages and editor language restrictions shows errorNew2020-06-03

Actions
Related to TYPO3 Core - Bug #91900: Editor with language restriction to non-default language can't edit records of tables with inline fields configured with l10n_mode => excludeNew2020-07-30

Actions
#1

Updated by Wolfgang Klinger over 2 years ago

I can confirm that (TYPO3 8.7.10).

#2

Updated by Gerrit Code Review over 2 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57287

#3

Updated by Tymoteusz Motylewski over 2 years ago

Does the element you try to edit and save need to be translated?

#4

Updated by Marco Pfeiffer over 2 years ago

Yes, you'll need a content element that is translated to another language.
If a user now tries to edit the default version without having access to the translated version, then you'll get that error.

#5

Updated by Gerrit Code Review over 2 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57287

#6

Updated by Gerrit Code Review over 2 years ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57287

#7

Updated by Susanne Moog about 2 years ago

  • Sprint Focus set to On Location Sprint
#8

Updated by Gerrit Code Review almost 2 years ago

Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57287

#9

Updated by Christian Eßl 11 months ago

I can reproduce this problem in TYPO3 9.5.13.

The following scenario:
- Editor with language restrictions, for instance: languages "default" and "german"
- Editor tries to edit a tt_content element in "default" language.
- The content element can be translated to other languages the editor has no access permissions for.

The problem does not occur when editing localized records, only the default language is affected.
The process_datamap() function in DataHandler should probably not call "$this->BE_USER->recordEditAccessInternals($table, $id);" in this case.

I'm impressed that not more people had this problem over the course of 2 years. Am I missing something here?

#10

Updated by Riccardo De Contardi 11 months ago

  • Category set to Localization
#11

Updated by Susanne Moog 11 months ago

  • Sprint Focus deleted (On Location Sprint)
#12

Updated by Riccardo De Contardi 9 months ago

  • Parent task set to #90674
#13

Updated by Gerrit Code Review 6 months ago

Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/57287

#14

Updated by Chris Müller 6 months ago

  • Related to Bug #91558: Auto slug update with multiple languages and editor language restrictions shows error added
#15

Updated by Kevin Ditscheid 4 months ago

  • Related to Bug #91900: Editor with language restriction to non-default language can't edit records of tables with inline fields configured with l10n_mode => exclude added

Also available in: Atom PDF