From 0ad9a8c1519fffe56b3428fc8ff69ff35dff7489 Mon Sep 17 00:00:00 2001
From: Henrik Ziegenhain <hziegenhain@gmail.com>
Date: Sat, 21 Nov 2015 18:34:36 +0100
Subject: [PATCH] [BUGFIX] Disable restricted users to edit page properties
This patch hides the edit page properties icon in page- and list-module
when a user is restricted to only non-default languages.
Resolves: #47144
Releases: master
Change-Id: Id87456416a7f92ffa3f6c45bb28f1a31226f8b5b
Reviewed-on: https://review.typo3.org/20454
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Gianluigi Martino <gmartino27@gmail.com>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
---
.../Controller/PageLayoutController.php | 4 +--
.../backend/Classes/View/PageLayoutView.php | 33 +++++++++++--------
.../FrontendEditingController.php | 2 +-
.../Classes/RecordList/DatabaseRecordList.php | 8 +++--
4 files changed, 28 insertions(+), 19 deletions(-)
diff --git a/typo3/sysext/backend/Classes/Controller/PageLayoutController.php b/typo3/sysext/backend/Classes/Controller/PageLayoutController.php
index 13a9903977dd..9ab3c966e538 100755
--- a/typo3/sysext/backend/Classes/Controller/PageLayoutController.php
+++ b/typo3/sysext/backend/Classes/Controller/PageLayoutController.php
@@ -835,7 +835,7 @@ class PageLayoutController
} catch (AccessDeniedException $e) {
// If no edit access, print error message:
$content = '<h2>' . $lang->getLL('noAccess', true) . '</h2>';
- $conten .= '<div>' . $lang->getLL('noAccess_msg') . '<br /><br />' . ($beUser->errorMsg ? 'Reason: ' . $beUser->errorMsg . '<br /><br />' : '') . '</div>';
+ $content .= '<div>' . $lang->getLL('noAccess_msg') . '<br /><br />' . ($beUser->errorMsg ? 'Reason: ' . $beUser->errorMsg . '<br /><br />' : '') . '</div>';
}
} else {
// If no edit access, print error message:
@@ -1100,7 +1100,7 @@ class PageLayoutController
}
// Edit page properties and page language overlay icons
- if ($this->pageIsNotLockedForEditors()) {
+ if ($this->pageIsNotLockedForEditors() && $this->getBackendUser()->checkLanguageAccess(0)) {
// Edit localized page_language_overlay only when one specific language is selected
if ($this->MOD_SETTINGS['function'] == 1 && $this->current_sys_language > 0) {
$overlayRecord = $this->getDatabaseConnection()->exec_SELECTgetSingleRow(
diff --git a/typo3/sysext/backend/Classes/View/PageLayoutView.php b/typo3/sysext/backend/Classes/View/PageLayoutView.php
index e01c1ab94531..acecf14d1bfb 100644
--- a/typo3/sysext/backend/Classes/View/PageLayoutView.php
+++ b/typo3/sysext/backend/Classes/View/PageLayoutView.php
@@ -765,19 +765,24 @@ class PageLayoutView extends \TYPO3\CMS\Recordlist\RecordList\AbstractDatabaseRe
. '</div>'
. ' ' . $recordIcon . ' ' . htmlspecialchars(GeneralUtility::fixed_lgd_cs($lpRecord['title'], 20));
} else {
- $params = '&edit[pages][' . $this->id . ']=edit';
-
- $recordIcon = BackendUtility::wrapClickMenuOnIcon(
- $this->iconFactory->getIconForRecord('pages', $this->pageRecord, Icon::SIZE_SMALL)->render(),
- 'pages',
- $this->id
- );
- $editLink = ($this->getBackendUser()->check('tables_modify', 'pages_language_overlay')
- ? '<a href="#" class="btn btn-default btn-sm" onclick="' . htmlspecialchars(BackendUtility::editOnClick($params))
- . '" title="' . $this->getLanguageService()->getLL('edit', true) . '">'
- . $this->iconFactory->getIcon('actions-open', Icon::SIZE_SMALL)->render() . '</a>'
- : ''
- );
+ $editLink = '';
+ $recordIcon = '';
+ if ($this->getBackendUser()->checkLanguageAccess(0)) {
+ $params = '&edit[pages][' . $this->id . ']=edit';
+
+ $recordIcon = BackendUtility::wrapClickMenuOnIcon(
+ $this->iconFactory->getIconForRecord('pages', $this->pageRecord,
+ Icon::SIZE_SMALL)->render(),
+ 'pages',
+ $this->id
+ );
+ $editLink = ($this->getBackendUser()->check('tables_modify', 'pages_language_overlay')
+ ? '<a href="#" class="btn btn-default btn-sm" onclick="' . htmlspecialchars(BackendUtility::editOnClick($params))
+ . '" title="' . $this->getLanguageService()->getLL('edit', true) . '">'
+ . $this->iconFactory->getIcon('actions-open', Icon::SIZE_SMALL)->render() . '</a>'
+ : ''
+ );
+ }
$lPLabel =
'<div class="btn-group">'
@@ -1176,7 +1181,7 @@ class PageLayoutView extends \TYPO3\CMS\Recordlist\RecordList\AbstractDatabaseRe
// Create command links:
if ($this->tt_contentConfig['showCommands']) {
// Edit whole of column:
- if ($editParams && $this->getBackendUser()->doesUserHaveAccess($this->pageinfo, Permission::CONTENT_EDIT)) {
+ if ($editParams && $this->getBackendUser()->doesUserHaveAccess($this->pageinfo, Permission::CONTENT_EDIT) && $this->getBackendUser()->checkLanguageAccess(0)) {
$iconsArr['edit'] = '<a href="#" onclick="'
. htmlspecialchars(BackendUtility::editOnClick($editParams)) . '" title="'
. $this->getLanguageService()->getLL('editColumn', true) . '">'
diff --git a/typo3/sysext/core/Classes/FrontendEditing/FrontendEditingController.php b/typo3/sysext/core/Classes/FrontendEditing/FrontendEditingController.php
index 6f65ba75a3f8..cbabba063401 100755
--- a/typo3/sysext/core/Classes/FrontendEditing/FrontendEditingController.php
+++ b/typo3/sysext/core/Classes/FrontendEditing/FrontendEditingController.php
@@ -532,7 +532,7 @@ class FrontendEditingController
unset($allow['hide']);
unset($allow['delete']);
}
- if (!($perms & Permission::PAGE_EDIT)) {
+ if (!($perms & Permission::PAGE_EDIT) || !$GLOBALS['BE_USER']->checkLanguageAccess(0)) {
unset($allow['edit']);
unset($allow['move']);
unset($allow['hide']);
diff --git a/typo3/sysext/recordlist/Classes/RecordList/DatabaseRecordList.php b/typo3/sysext/recordlist/Classes/RecordList/DatabaseRecordList.php
index 7fbc4cdf1ea9..45e457c0e356 100644
--- a/typo3/sysext/recordlist/Classes/RecordList/DatabaseRecordList.php
+++ b/typo3/sysext/recordlist/Classes/RecordList/DatabaseRecordList.php
@@ -271,7 +271,7 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
}
// If edit permissions are set, see
// \TYPO3\CMS\Core\Authentication\BackendUserAuthentication
- if ($localCalcPerms & Permission::PAGE_EDIT && !empty($this->id) && $this->editLockPermissions()) {
+ if ($localCalcPerms & Permission::PAGE_EDIT && !empty($this->id) && $this->editLockPermissions() && $this->getBackendUserAuthentication()->checkLanguageAccess(0)) {
// Edit
$params = '&edit[pages][' . $this->pageRow['uid'] . ']=edit';
$onClick = htmlspecialchars(BackendUtility::editOnClick($params, '', -1));
@@ -1383,7 +1383,11 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
if ($table == 'pages') {
$localCalcPerms = $this->getBackendUserAuthentication()->calcPerms(BackendUtility::getRecord('pages', $row['uid']));
}
- $permsEdit = $table === 'pages' && $localCalcPerms & Permission::PAGE_EDIT || $table !== 'pages' && $this->calcPerms & Permission::CONTENT_EDIT;
+ $permsEdit = $table === 'pages'
+ && $this->getBackendUserAuthentication()->checkLanguageAccess(0)
+ && $localCalcPerms & Permission::PAGE_EDIT
+ || $table !== 'pages'
+ && $this->calcPerms & Permission::CONTENT_EDIT;
$permsEdit = $this->overlayEditLockPermissions($table, $row, $permsEdit);
// "Show" link (only pages and tt_content elements)
if ($table == 'pages' || $table == 'tt_content') {
--
GitLab