[TYPO3-english] Let TCA select respect user access rights
Armin Ruediger Vieweg
armin at v.ieweg.de
Mon Aug 11 17:14:51 CEST 2014
Hi,
I have had the problem, that select lists in TCA does not respect access rights. If you have eg. a list of fe_groups you are able to add a group to a user, which you are not allowed to see, because the sysfolder is not in your db_mounts.
I wrote a simple itemsProcFunc to filter such items out:
https://gist.github.com/ArminVieweg/a9b7bc49ca3567667139
This example also add the itemsProcFunc to all fields in TCA of type "select", which have not already an itemsProcFunc.
Maybe this make sense to add as new feature to TYPO3 to activate the access-check by a flag in configuration of selects? There are already options like "AuthMode", but they do not work with select query based lists.
If you think, this makes sense I would create a ticket on forge for that and provide a patch. The script has some improvements potential, like replacing the $GLOBALS['TYPO3_DB'] usage, with special BE methods. But as far, this script works fine :)
More information about the TYPO3-english
mailing list