[TYPO3-core] RFC: Feature #9539: More flexible editpanel permission
Jeff Segars
jsegars at alumni.rice.edu
Sat Nov 1 15:59:45 CET 2008
Ralf Hettinger wrote:
> This is an SVN patch request.
>
> Type:
> Feature
>
> Bugtracker references:
> http://bugs.typo3.org/view.php?id=9539
>
> Branches:
> Trunk
>
> Problem:
> The permission check for rendering/using an editpanel in the frontend
> for logged in backend users depends on the BE user's permissions for the
> current TSFE->id only. This may lead to non editable records in FE for
> logged in BE users, although they actually would have the permission to
> edit those records in the backend.
> That is typically (but not only) the case for FE plugins with their
> records being stored in a sysfolder, which shall be editable for some BE
> user but who is restricted by permissions to edit the page where the
> records are eventually outputted in FE.
>
> Solution:
> The attached patch introduces a new parameter for cObject EDITPANEL and
> stdWrap property editPanel named
> permissionCheckOnPid = [int | keyword 'pid']
> for checking this editpanel's usability/permissions based on a given pid
> (if an integer) or a record's pid field (if keyword 'pid').
>
> Ralf Hettinger
Ralf,
Can we wait on this one until the patch to move frontend editing into a
system extension (#9615) is committed? I can handle the update that
point if you'd like.
Thanks,
Jeff
More information about the TYPO3-team-core
mailing list