Bug #85099
open
Epic #90674: Backend UI not reflecting permissions
Attempt to delete without permission - error message shows up, but action works
0%
Description
Hi,
I have to notice that issue #30229 still not solved completely.
https://forge.typo3.org/issues/30229
If an editor (non-admin) deletes a page in the page tree (e.g. via context menu), AND that page as at least 1 translation (alternative page language) and a translated element on it (see attachment), then the red flashMessage "1: Attempt to delete record without delete-permissions" (see attachment).
I have checked the "Access" Module: What we have set is a "770" for the pages (see attachment).
It does not matter if the editor has created the page (and translation) or an admin did that.
The reloaded page tree then shows that the page has been deleted anyways. But because of the error message, the editor thinks his action went wrong.
TYPO3 8.7.15
As mentioned in issue #30229 I must reopen this bug with this issue.
Thank you for taking care and regards
Ralf - merzilla
Files
Updated by Ralf Merz over 6 years ago
- Related to Bug #30229: Error when deleting a Page with translation added
Updated by 
Updated by ondro no-lastname-given over 6 years ago
Can confirm, same behaviour with Typo3 v8.7.11
Updated by Susanne Moog about 6 years ago
- Sprint Focus set to On Location Sprint
Updated by Nicolai Schirawski about 6 years ago
I can confirm the bug for TYPO3 8.7.20-dev
In TYPO3 9.5.1-dev the editor gets warned about the pending deletions before action is taken. After that, no error message is shown - but: The page tree doesn't reload.
Updated by Gerrit Code Review about 6 years ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/58728
Updated by Gerrit Code Review about 6 years ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/58728
Updated by Jan Helke almost 6 years ago
We should first clarify the intended behaviour before doing anything. The issue here and the commit message indicates, that the indention is to remove the error message and let the editor do, what she want. In my opinion, a user, who ist not allowed to do a specific action should never be able to perform this action.
So:
The User is allowed to edit pages and all affected languages -> The user can delete any translation or the default language page with all translations at once.
The User is allowed to edit only some languages -> The user is able to delete only the translations, he is permitted for. Any attempt to delete the default language page should be denied with a clear error message (e.g. "You can't delete this page, because you are not allowed to affect any content in Language 1, Language 2 and Language 3")
Updated by Gerrit Code Review almost 6 years ago
Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/58728
Updated by Stefanos Karasavvidis almost 6 years ago
As Jan already explains, the initial conditions (what access permissions should the user have to the page and to the content elements in it?) and the end result (user can delete the page and content having only delete permission on the page?) should be clarified.
In the initial bug report #30229 that the current ticket is based on, the user is the owner of the page. Is this still the case here?
Updated by Dominik Kempf over 5 years ago
Is there any news about this? I can confirm this behaviour in Typo3 8.7.24.
Same scenario as mentioned before, admin user does not get that error message. When a non-admin user deletes the page, he gets the error message 8x Times, depending on how many content elements are present on the page. If he deletes all the content elements the error message is not shown.
In both cases the page is still deleted.
This is a problem in our production site and the customer gets kind of unsecure with all that error messages.
Updated by Daniel Goerz about 5 years ago
- Status changed from Under Review to On Hold
Putting the issue on hold for now as the intended behaviour is unclear at this point. The patch may later be reopened after clarification.
Updated by Susanne Moog almost 5 years ago
- Sprint Focus deleted (
On Location Sprint)