[Typo3-dev] Making a better access control - solved also 'alt_doc.php
tapio
tapio.markula at dnainternet.net
Tue Aug 23 15:26:07 CEST 2005
Typo3 source code gave me a number of
> entries that looked like:
> $BE_USER->user['admin']
Yes. This is the practise, which Typo3 uses. I admit that even if
[admin] works it is a bad practise. Anyway I got solved 'db_lyout.php'
'alt_doc.php' has different variables. The last test goes here (row 656):
if ($hasAccess) {
$hasAccess = $BE_USER->recordEditAccessInternals($table,
$calcPRec); $deniedAccessReason = $BE_USER->errorMsg;
}
I added few conditions.
if ($hasAccess) {
$hasAccess = $BE_USER->recordEditAccessInternals($table,
$calcPRec);
if($hasAccess==1)
{
if($BE_USER->user['admin']==0 && $calcPRec['editlock']==1)
$hasAccess=0;
}
$deniedAccessReason = $BE_USER->errorMsg;
}
Now at least in BE editing also 'Columns' view has rought access control
for individual content elements. I have not tested it in FE editing.
More information about the TYPO3-dev
mailing list