Project

General

Profile

Actions

Bug #90178

open

Epic #90674: Backend UI not reflecting permissions

Page edit button in page module is not using BackendUserAuthentication::recordEditAccessInternals() for checking access permissions

Added by Christian Eßl over 4 years ago. Updated over 4 years ago.

Status:
New
Priority:
Should have
Assignee:
-
Category:
Backend API
Target version:
-
Start date:
2020-01-23
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
10
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Both in page and list module, permissions if a record is editable (and a button should be shown) are handled in BackendUserAuthentication::recordEditAccessInternals().
This function has a convenient hook, that makes it possible to apply your own access restrictions on some records.

However there appears to be one place in the page module, where this function is NOT used to check for record access:
*The page edit button.
The permissions for this button are internally checked in PageLayoutView::getTable_tt_content().
I added a screenshot to make it clear which button is meant.

For consistency, this button should use BackendUserAuthentication::recordEditAccessInternals(). as well as is done for all other places, where access permissions are checked.


Files


Related issues 1 (0 open1 closed)

Related to TYPO3 Core - Bug #89240: "Edit page properties" icon is displayed, even if page editing is not allowed for userClosed2019-09-24

Actions
Actions

Also available in: Atom PDF