From 477003c2266933603871ae522066e265579fc047 Mon Sep 17 00:00:00 2001
From: Georg Ringer <georg.ringer@gmail.com>
Date: Tue, 18 Mar 2014 10:41:59 +0100
Subject: [PATCH] [BUGFIX] Hide "new page buttons" for users who can't create
 new pages

There are 2 icons in the New Element wizard which should not belong there
and get the user into a blank page if the user got no access to create
page records.

- in the toolbar: icon to create a new page
- in the wizard: icon to create new page

Change-Id: I5ab638f17eebfc740ab64dd57ce655681552f901
Resolves: #56992
Releases: 6.2
Reviewed-on: https://review.typo3.org/28464
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer
Reviewed-by: Wouter Wolters
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
Reviewed-by: Nicole Cordes
Tested-by: Nicole Cordes
---
 .../Controller/NewRecordController.php        | 21 +++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/typo3/sysext/backend/Classes/Controller/NewRecordController.php b/typo3/sysext/backend/Classes/Controller/NewRecordController.php
index 8c349b9c86a9..e520fee7479f 100644
--- a/typo3/sysext/backend/Classes/Controller/NewRecordController.php
+++ b/typo3/sysext/backend/Classes/Controller/NewRecordController.php
@@ -368,8 +368,8 @@ class NewRecordController {
 		// Enabled option for the position of a new page
 		$this->newPagesSelectPosition = !empty($pageTS['mod.']['wizards.']['newRecord.']['pages.']['show.']['pageSelectPosition']);
 		// Pseudo-boolean (0/1) for backward compatibility
-		$this->newPagesInto = !empty($pageTS['mod.']['wizards.']['newRecord.']['pages.']['show.']['pageInside']) ? 1 : 0;
-		$this->newPagesAfter = !empty($pageTS['mod.']['wizards.']['newRecord.']['pages.']['show.']['pageAfter']) ? 1 : 0;
+		$displayNewPagesIntoLink = $this->newPagesInto && !empty($pageTS['mod.']['wizards.']['newRecord.']['pages.']['show.']['pageInside']) ? 1 : 0;
+		$displayNewPagesAfterLink = $this->newPagesAfter && !empty($pageTS['mod.']['wizards.']['newRecord.']['pages.']['show.']['pageAfter']) ? 1 : 0;
 		// Slight spacer from header:
 		$this->code .= '<div class="typo3-newRecord-treeline">' . $halfLine . '</div>';
 		// New Page
@@ -380,12 +380,12 @@ class NewRecordController {
 		$rowContent = '';
 		// New pages INSIDE this pages
 		$newPageLinks = array();
-		if ($this->newPagesInto && $this->isTableAllowedForThisPage($this->pageinfo, 'pages') && $GLOBALS['BE_USER']->check('tables_modify', 'pages') && $GLOBALS['BE_USER']->workspaceCreateNewRecord(($this->pageinfo['_ORIG_uid'] ?: $this->id), 'pages')) {
+		if ($displayNewPagesIntoLink && $this->isTableAllowedForThisPage($this->pageinfo, 'pages') && $this->getBackendUserAuthentication()->check('tables_modify', 'pages') && $this->getBackendUserAuthentication()->workspaceCreateNewRecord(($this->pageinfo['_ORIG_uid'] ?: $this->id), 'pages')) {
 			// Create link to new page inside:
 			$newPageLinks[] = $this->linkWrap(IconUtility::getSpriteIconForRecord($table, array()) . $GLOBALS['LANG']->sL($v['ctrl']['title'], TRUE) . ' (' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:db_new.php.inside', TRUE) . ')', $table, $this->id);
 		}
 		// New pages AFTER this pages
-		if ($this->newPagesAfter && $this->isTableAllowedForThisPage($this->pidInfo, 'pages') && $GLOBALS['BE_USER']->check('tables_modify', 'pages') && $GLOBALS['BE_USER']->workspaceCreateNewRecord($this->pidInfo['uid'], 'pages')) {
+		if ($displayNewPagesAfterLink && $this->isTableAllowedForThisPage($this->pidInfo, 'pages') && $this->getBackendUserAuthentication()->check('tables_modify', 'pages') && $this->getBackendUserAuthentication()->workspaceCreateNewRecord($this->pidInfo['uid'], 'pages')) {
 			$newPageLinks[] = $this->linkWrap($pageIcon . $GLOBALS['LANG']->sL($v['ctrl']['title'], TRUE) . ' (' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:db_new.php.after', TRUE) . ')', 'pages', -$this->id);
 		}
 		// New pages at selection position
@@ -656,6 +656,11 @@ class NewRecordController {
 	 * @todo Define visibility
 	 */
 	public function showNewRecLink($table, array $allowedNewTables = array(), array $deniedNewTables = array()) {
+
+		if (!$this->getBackendUserAuthentication()->check('tables_modify', $table)) {
+			return FALSE;
+		}
+
 		$allowedNewTables = $allowedNewTables ?: $this->allowedNewTables;
 		$deniedNewTables = $deniedNewTables ?: $this->deniedNewTables;
 		// No deny/allow tables are set:
@@ -668,4 +673,12 @@ class NewRecordController {
 		}
 	}
 
+	/**
+	 * Returns the global BackendUserAuthentication object.
+	 *
+	 * @return \TYPO3\CMS\Core\Authentication\BackendUserAuthentication
+	 */
+	protected function getBackendUserAuthentication() {
+		return $GLOBALS['BE_USER'];
+	}
 }
-- 
GitLab