[BUGFIX] Properly check shortcut permissions in ShortcutRepository
When fetching available shortcuts for a user, also permissions are checked by the ShortcutRepository. However previously a lot of use-cases were missed and the implemented checks were more or less faulty, especially when it comes to non-admin users. Therefore, three main topics are now handled properly: * Evaluation of record edit permissions for shortcuts, targeting the record_edit route * Evaluation of page access permissions for every shortcut not targeting the file list * Proper distinction between shortcuts for file list and the ones for other modules, since both use the "id" argument, while for the file list, this is a string (combined identifier), and for the rest, this is an integer (the requested page id or the records' pid) Resolves: #89530 Resolves: #93516 Releases: master, 10.4 Change-Id: Ib18eaf506886627360c58857f0160d008e130368 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69758 Tested-by:core-ci <typo3@b13.com> Tested-by:
Jochen <rothjochen@gmail.com> Tested-by:
Benni Mack <benni@typo3.org> Tested-by:
Oliver Bartsch <bo@cedev.de> Reviewed-by:
parent
eb41ee8f
Please register or sign in to comment