Project

General

Profile

Actions
Copy link

Epic #90674

open

Backend UI not reflecting permissions

Added by Riccardo De Contardi about 4 years ago. Updated 10 months ago.

Status:
In Progress
Priority:
Could have
Assignee:
-
Category:
Backend User Interface
Target version:
-
Start date:
2006-08-24
Due date:
% Done:

63%

Estimated time:
(Total: 0.00 h)
Sprint Focus:

Description

This is an umbrella Epic for the issues about the flaws of UI where permissions and allowances of non-admin backend users are not checked properly.

Subtasks 33 (12 open21 closed)

Bug #16487: Changed permissions in workspace-versions are not respectedClosed2006-08-24

Actions
Bug #22348: Security problem with flexforms, especially extbase and overriding not allowed valuesAccepted2010-03-29

Actions
Bug #23598: AJAX-menu for content-elements only checks page-record-permissions not content-element-permissionsClosed2010-09-24

Actions
Bug #33436: Changes to page usergroup access rights are not respected when previewing a workspaceClosed2012-01-25

Actions
Bug #35142: Preview-icon shown even if no access to workspace-moduleAccepted2012-03-22

Actions
Bug #40819: Edit icons (pencils) still visible in WS even though use has no modify accessClosed2012-09-11

Actions
Bug #40867: User-rights: Workspaces-settings though workspace-extension disabledClosed2012-09-12

Actions
Bug #43593: Rights to change denied pluginsClosed2012-12-04

Actions
Bug #59799: showPossibleLocalizationRecords does not work if parent language is not allowed for current BE-UserNew2014-06-23

Actions
Bug #65615: Editors can sort pages in module functions - they can see and sort restricted pages like templatesAccepted2015-03-09

Actions
Bug #67399: BE editor with rights to edit single locale sees "All" in languages drop-downClosed2015-06-10

Actions
Task #67725: Hide module menu if emptyClosedBenni Mack2015-06-24

Actions
Bug #72975: If "Copy default content elements" fails because of missing CType access, images get duplicatedNew2016-01-27

Actions
Bug #75063: Workspace-Preview for Non-Admin Users not working correctly for extbase contentClosed2016-03-14

Actions
Bug #75890: editor with only read access to page - some interface improvementsNew2016-04-24

Actions
Bug #78860: "Page edit" permissions not enough to "media" field in page propertiesUnder Review2016-12-02

Actions
Bug #83008: Edit Icon shown in list view despite user not having write permission for tableClosed2017-11-15

Actions
Bug #83219: "Make new translation of this page" may create duplicate translationsClosed2017-12-04

Actions
Bug #83694: Do not show delete option when user has no delete permissionsClosed2018-01-26

Actions
Bug #84119: Limiting a BE-User to default language results in inconsistent saves.New2018-03-02

Actions
Bug #84867: Non admin-users aren't able to create IRRE records via the "+" IconClosed2018-04-25

Actions
Bug #85099: Attempt to delete without permission - error message shows up, but action worksOn Hold2018-05-28

Actions
Bug #86296: no drag and drop for restricted users if authMode is explicitDenyClosed2018-09-18

Actions
Bug #86755: Translated pages should not be visible if the BE-User has no access to the corresponding language in list moduleClosed2018-10-26

Actions
Bug #87238: TCA inline element translation with language restriction not possibleClosed2018-12-20

Actions
Bug #87536: Editors cannot enable backend users created with sys_action "Create Backend User"Closed2019-01-24

Actions
Feature #88224: Make it possible to hide slug field for editors / make it readonlyNew2019-04-26

Actions
Bug #88861: Broken localizing content element by non-admin user feature in 8 LTSClosed2019-07-30

Actions
Bug #89240: "Edit page properties" icon is displayed, even if page editing is not allowed for userClosed2019-09-24

Actions
Bug #89307: List Module shows edit action icon even if User has no edit permissionClosed2019-09-30

Actions
Bug #90178: Page edit button in page module is not using BackendUserAuthentication::recordEditAccessInternals() for checking access permissionsNew2020-01-23

Actions
Bug #90186: treeConfig.rootUid only works for admin users in flexformsClosed2020-01-23

Actions
Bug #101336: Pages are shown in page tree even if (non-admin) BE user has no DB mounts and "Mount from groups" "DB Mounts" is offNew2023-07-12

Actions
Actions
Copy link
 #1

Updated by Georg Ringer about 4 years ago

  • Status changed from New to In Progress
Actions
Copy link
 #2

Updated by Sybille Peters 10 months ago

  • Subtask #101336 added
Actions
Copy link

Also available in: Atom PDF