Bug #84513
closed
Pagetree - Drag and Drop does not work without delete-permissions
100%
Description
This is a followup to #25135
It's still not possible to drag & drop pages in the page tree, if the user does not have delete permissions for a page. I have two pages on the same level. The user does not have the rights to delete those pages, but has the rights to create new pages and edit pages (perms_group=27).
Moving one child into another leads to an error:
Exception
[1.4.14]: Attempt to move record 'Page B' (pages:359) without having permissions to do so.
My page tree looks like this:
Parent
- Page A
- Page B
and I am trying to move Page B onto Page A. The pagetree updates (without reloading) and shows that page B is a child of Page A (even though the error message is shown). After refreshing the pagetree, Page B is a sibling of Page A again.
The relevant code position is:
https://github.com/TYPO3/TYPO3.CMS/blob/8.7.11/typo3/sysext/core/Classes/DataHandling/DataHandler.php#L4401
If I change the check for "delete" to "edit", it works as expected, but I am not sure if this is correct. But there is no permission bit for move, only for show, edit, delete, new and editcontent.
Updated by Robert Vock over 6 years ago
- Related to Bug #25135: Pagetree - Drag and drop only works for BE-Users with delete-permissions added
Updated by Gerrit Code Review about 6 years ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/56775
Updated by Helmut Hummel about 6 years ago
- Complexity set to nightmare
Hm, well. This depends how you look at it. Allowing to move a page from one place to another, can be as intrusive as deleting it.
E.g. if you are not allowed to delete the root page of a project, but are allowed to move it, you could move it into a subfolder which effectively destroys this site.
Moving a page in one level of the tree fine, but allowing to move a page between levels, effectively means allowing to "delete" it.
Updated by Guido Schmechel about 6 years ago
Hi Helmut, i'm fine with your arguments. Then we should only clarify the legend. Moving pages only if you have delete permissions.
3 Edit page: Change/Move page, eg. change pagetitle etc.
4 Delete page: Delete page and content.
5 New pages: Create new pages under this page.
Updated by Benni Mack about 6 years ago
OK. Agree with Helmut - let's document this. Guido, could you update the legend graphic and the docs?
Updated by Gerrit Code Review about 6 years ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/56775
Updated by Gerrit Code Review about 6 years ago
Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/56775
Updated by Gerrit Code Review about 6 years ago
Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/56775
Updated by Gerrit Code Review about 6 years ago
Patch set 1 for branch TYPO3_8-7 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/56939
Updated by Guido Schmechel about 6 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 0c6d01796436d2cd0a3e361d1eee4d4bf48ad1b1.
Updated by Benni Mack almost 6 years ago
- Status changed from Resolved to Closed