Project

General

Profile

Actions

Bug #96215

open

since v10 displayCond HIDE_FOR_NON_ADMINS ignores these fields in custom DataHandler calls even when bypassAccessCheckForRecords is enabled

Added by Stefan P over 2 years ago. Updated over 2 years ago.

Status:
New
Priority:
Should have
Assignee:
-
Category:
DataHandler aka TCEmain
Target version:
-
Start date:
2021-12-03
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
10
PHP Version:
Tags:
Complexity:
Is Regression:
Yes
Sprint Focus:

Description

The solution for #87100 changed the DataHandler to respect HIDE_FOR_NON_ADMINS when building the excludedTablesAndFields array.

We have a field that is configured this way:
  • exclude => true (to hide them for non-admin)
  • we give editors edit permission to these fields (so that editor-induced editing works via script-induced DataaHndler calls, for the subset of editors that have the edit rights for these fields)
  • HIDE_FOR_NON_ADMINS to not show these fields in regular list/edit module, but only make them available in our custom module

Because: we have a custom Backend Module for editors to edit these fields in a controlled distraction-free way.

This does not work on v10 anymore becasue of the now-respected HIDE_FOR_NON_ADMINS

This is a breaking change that was not documented at all.

When setting explicitly $dataHandler->bypassAccessCheckForRecords = true; then I expect that the access checks are bypassed completly. The new behaviour adds access restriction that are not "by-passable" by bypassAccessCheckForRecords.

Important: the setting is called "HIDE for", not "RESTRICT for" and is just a displayCond (conditional display , not conditonal access )..


Related issues 1 (0 open1 closed)

Related to TYPO3 Core - Feature #87100: Remove checkbox "Restrict editing for non-Admins" in Allowed excludefields for pages table in be_group Closed2018-12-07

Actions
Actions

Also available in: Atom PDF