[TYPO3-dev] Rights for Content Elements
Tapio Markula
tapio.markula at atwebteam.com
Wed Apr 11 17:50:01 CEST 2007
Martin Kutschker
>
> I'm not sure if hiding or greying of standard icons like edit is better,
> but it's important that the UI leads to no dead ends because of missing
> or misplaced permission checks.
>
> Masi
yes. The problem is that it is very difficult to build permission check
before opening record.
Basically the code
'if ($hasAccess) {...
which is alt_doc.php in function makeEditForm()
should remove from there and make for it own class file
and include that class file
into Web > Page and Web > List modules.
The function could have also nice hook
before starting final access check
/* hook for creting extra conditions */
if (is_array
($GLOBALS['TYPO3_CONF_VARS']['EXTCONF'][someHookName]['recordAccess'])) {
foreach
($GLOBALS['TYPO3_CONF_VARS']['EXTCONF'][someHookName]['recordAccess'] as
$classRef) {
$hookObj= &t3lib_div::getUserObj($classRef);
if (method_exists($hookObj, 'recordAccess')) {
$hasAccess = $hookObj->recordAccess($recordAccess);
$deniedAccessReason = $BE_USER->errorMsg;
}
}
}
// AT THIS POINT we have checked the access status of the
editing/creation of records and we can now proceed with creating the
form elements:
if ($hasAccess) {
More information about the TYPO3-dev
mailing list