Bug #90178
openEpic #90674: Backend UI not reflecting permissions
Page edit button in page module is not using BackendUserAuthentication::recordEditAccessInternals() for checking access permissions
0%
Description
Both in page and list module, permissions if a record is editable (and a button should be shown) are handled in BackendUserAuthentication::recordEditAccessInternals().
This function has a convenient hook, that makes it possible to apply your own access restrictions on some records.
However there appears to be one place in the page module, where this function is NOT used to check for record access:
*The page edit button.
The permissions for this button are internally checked in PageLayoutView::getTable_tt_content().
I added a screenshot to make it clear which button is meant.
For consistency, this button should use BackendUserAuthentication::recordEditAccessInternals(). as well as is done for all other places, where access permissions are checked.
Files