Bug #90178: Page edit button in page module is not using BackendUserAuthentication::recordEditAccessInternals() for checking access permissions - TYPO3 Core - TYPO3 Forge

Actions

Copy link

Bug #90178

open

Epic #90674: Backend UI not reflecting permissions

Page edit button in page module is not using BackendUserAuthentication::recordEditAccessInternals() for checking access permissions

Added by Christian Eßl about 4 years ago. Updated about 4 years ago.

Status:

New

Priority:

Should have

Assignee:

Category:

Backend API

Target version:

Start date:

2020-01-23

Due date:

% Done:

Estimated time:

TYPO3 Version:

PHP Version:

Tags:

Complexity:

Is Regression:

Sprint Focus:

Description

Both in page and list module, permissions if a record is editable (and a button should be shown) are handled in BackendUserAuthentication::recordEditAccessInternals().
This function has a convenient hook, that makes it possible to apply your own access restrictions on some records.

However there appears to be one place in the page module, where this function is NOT used to check for record access:
*The page edit button.
The permissions for this button are internally checked in PageLayoutView::getTable_tt_content().
I added a screenshot to make it clear which button is meant.

For consistency, this button should use BackendUserAuthentication::recordEditAccessInternals(). as well as is done for all other places, where access permissions are checked.

Files

Bildschirmfoto 2020-01-23 um 07.33.36.png (24.4 KB) Bildschirmfoto 2020-01-23 um 07.33.36.png

Christian Eßl, 2020-01-23 07:34

Related issues 1 (0 open — 1 closed)