Bug #90178
Updated by Christian Eßl about 5 years ago
Both in page and list module, permissions if a record is editable (and a button should be shown) are handled in BackendUserAuthentication::recordEditAccessInternals(). This function has a convenient hook, that makes it possible to apply your own access restrictions on some records. However there appears to be one place in the *page module,* where this function is NOT used to check for record access: *The page edit button. The permissions for this button are internally checked in PageLayoutView::getTable_tt_content(). PageLayoutController::isPageEditable(). I added a screenshot to make it clear which button is meant. For consistency, this button should use BackendUserAuthentication::recordEditAccessInternals(). as well as is done for all other places, where access permissions are checked.