Project

General

Profile

Actions

Bug #84214

closed

Epic #85006: Reduce falsely reported broken links

Linkvalidator should not check records without write permissions

Added by Sybille Peters over 6 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Should have
Category:
Linkvalidator
Target version:
-
Start date:
2018-03-12
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
9
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

By default, all broken links in records for which the editor has read access (perms=1) are displayed. I think this should be changed to read / write (perms=3): It does not make sense for the editor to be displayed lists of broken links he can't do anything about because he does not have write permsission to the records.

Reproduce

Set permissions so a specific user does not have write access to content but can view the page in page tree. The page has one or more broken links. Check for broken links has already been performed

  1. Set permission for page: other user and same group as user (e.g. simple editor)
  2. Set permissions so group can only show page (not edit content)

  1. Open report for broken links
  2. Start to edit a broken link by clicking on pencil symbol

Error message:

Sorry, you didn't have proper permissions to perform this change.

No content edit permission for user 2 on page 104 1437679657

Solution

Must check if editor can edit the table.field:

  • for table_name = 'pages' : check if page is editable
  • for table_name not 'pages' check if content is editable

Additionally:

  • the specific field must be editable for the users, e.g. for pages.canonical_link : this must be editable by the user / group (see exclude fields)
  • BackendUserAuthentication::isRTE() : is RTE enable for the user (for RTE fields) - this is not necessary, even if RTE is disabled, editor can still edit the field
  • might also have to check if editing a translation is allowed for the user if the record is in non default language

Also might have to consider in the future:

(BackendUserAuthentication::isInWebMount() to check if page is in webmount) - only if complete list is displayed regardless of currently selected page which is currently not the case


Files

permissions.png (7.04 KB) permissions.png Sybille Peters, 2019-09-23 15:43

Related issues 1 (1 open0 closed)

Related to TYPO3 Core - Bug #89182: Linkvalidator should only check relevant fields in tableUnder Review2019-09-16

Actions
Actions

Also available in: Atom PDF