[BUGFIX] Allow editing of shortcuts for non-admin users

Resolves: #60254
Releases: master, 6.2
Change-Id: Ie5e65ab761e8ce018a4d71daa39495fae3ad3572
Reviewed-on: http://review.typo3.org/41714


Reviewed-by: Frederic Gaus <frederic.gaus@flagbit.de>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Susanne Moog <typo3@susannemoog.de>
Tested-by: Susanne Moog <typo3@susannemoog.de>

typo3/sysext/backend/Classes/Backend/ToolbarItems/ShortcutToolbarItem.php

@@ -573,23 +573,21 @@ class ShortcutToolbarItem implements ToolbarItemInterface {
 		$shortcutId = (int)GeneralUtility::_POST('shortcutId');
 		$shortcutName = strip_tags(GeneralUtility::_POST('shortcutTitle'));
 		$shortcutGroupId = (int)GeneralUtility::_POST('shortcutGroup');
-		if ($shortcutGroupId > 0 || $backendUser->isAdmin()) {
-			// Users can delete only their own shortcuts (except admins)
-			$addUserWhere = !$backendUser->isAdmin() ? ' AND userid=' . (int)$backendUser->user['uid'] : '';
-			$fieldValues = array(
-				'description' => $shortcutName,
-				'sc_group' => $shortcutGroupId
-			);
-			if ($fieldValues['sc_group'] < 0 && !$backendUser->isAdmin()) {
-				$fieldValues['sc_group'] = 0;
-			}
-			$databaseConnection->exec_UPDATEquery('sys_be_shortcuts', 'uid=' . $shortcutId . $addUserWhere, $fieldValues);
-			$affectedRows = $databaseConnection->sql_affected_rows();
-			if ($affectedRows == 1) {
-				$ajaxObj->addContent('shortcut', $shortcutName);
-			} else {
-				$ajaxObj->addContent('shortcut', 'failed');
-			}
+		// Users can only modify their own shortcuts (except admins)
+		$addUserWhere = !$backendUser->isAdmin() ? ' AND userid=' . (int)$backendUser->user['uid'] : '';
+		$fieldValues = array(
+			'description' => $shortcutName,
+			'sc_group' => $shortcutGroupId
+		);
+		if ($fieldValues['sc_group'] < 0 && !$backendUser->isAdmin()) {
+			$fieldValues['sc_group'] = 0;
+		}
+		$databaseConnection->exec_UPDATEquery('sys_be_shortcuts', 'uid=' . $shortcutId . $addUserWhere, $fieldValues);
+		$affectedRows = $databaseConnection->sql_affected_rows();
+		if ($affectedRows == 1) {
+			$ajaxObj->addContent('shortcut', $shortcutName);
+		} else {
+			$ajaxObj->addContent('shortcut', 'failed');
 		}
 		$ajaxObj->setContentFormat('plain');
 	}