[TYPO3-dev] Rights for Content Elements
Steffen Kamper
steffen at dislabs.de
Tue Apr 10 14:25:00 CEST 2007
"Dmitry Dulepov" <9f4eetb02 at sneakemail.com> schrieb im Newsbeitrag
news:mailman.1.1176207641.26541.typo3-dev at lists.netfielders.de...
> Hi!
>
> Just ideas from me...
>
> Steffen Kamper wrote:
>> there is something, that is not consequent in Typo3 (AFAIK).
>>
>> For example the usergroup are not allowed to use the CE sitemap.
>> In this case, he cannot insert the sitemap and he is not allowed to edit.
>>
>> But in the GUI he see the edit-icon and the delete-icon. These should be
>> not visible to him.
>
> True (and easy to check)
>
>> If the flag Page:Content is set in Allowed excludefields the user is
>> allowed to delete the sitemap, this must be a bug
>> (see Bug #5386)
>
> Well, same in Unix/Linux: you still can delete a file if you have no write
> permissions to it but have execute on parent folder. I was surprised by
> this but explanation was that in fact you operate on folder (typo3 -> on a
> page), not on the file.
>
> --
> Dmitry Dulepov
Hi Dmitry,
may be, it sounds inconsequent for me too ;-)
but in T3 it's a point of unsecure - the effect is that such a user can
delete things he's origanlly not allowed to.
Because Userrights are one of T3's best, this should be improved.
vg Steffen
>
> Web: http://typo3bloke.net/
> Skype: callto:liels_bugs
>
> "It is our choices, that show what we truly are,
> far more than our abilities." (A.P.W.B.D.)
More information about the TYPO3-dev
mailing list