[TYPO3-core] RFC: Bug #15189: Frontend Editing edit panels are shown for content element types that cannot be edited

Jeff Segars jsegars at alumni.rice.edu
Wed Nov 17 22:15:38 CET 2010 

On 7/21/10 2:09 PM, Jeff Segars wrote:
> Hey guys,
>
> This is a SVN patch request.
>
> Type: Bugfix
> Bugtracker reference: http://bugs.typo3.org/view.php?id=[Number]
> Branch: trunk, 4.4, 4.3
>
> Problem:
> In frontend editing (both feedit and feeditadvanced), the only check on
> content editing permissions is whether content elements in general can
> be edited on the current page or not. This means that a particular
> content element type may be restricted in the user or group record, but
> still show editing icons in frontend editing. When the record is clicked
> to edit, an error message is generated.
>
> Solution:
> Calling $GLOBALS['BE_USER']->recordEditAccessInternals() will tell us if
> the specific record is truly editable.
>
> This does change a user-visible behavior for 4.3 and 4.4 but its clearly
> a bug so I would like to apply the fix to those branches also.
>
> How To Test:
> * Using feedit or feeditadvanced, set up a backend user where not all
> content elements types are allowed.
> * Verify that the editing icons still appear, but opening the editing
> form does not work
> * Apply Patch
> * Notice the missing editing icons
>
> Thanks,
> Jeff

Following up here after a long break.  Sven Juergens pointed out on the 
bugtracker that the original patch broke the ability to have an 
EDITPANEL for new content with a non-admin user.  For example....

> temp.newcontent = EDITPANEL
> temp.newcontent {
>   allow = new
>   newRecordFromTable = tt_content
> }
>
> page = PAGE
> page.10 = TEXT
> page.10.value = Hello World
> page.20 < temp.newcontent

The attached v2 patch only calls 
$GLOBALS['BE_USER']->recordEditAccessInternals() when we're working with 
a record already, not for the newRecordFromTable scenario.

Thanks,
Jeff
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 15189_v2_whitespace.diff
URL: <http://lists.typo3.org/pipermail/typo3-team-core/attachments/20101117/d2fc0513/attachment-0001.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 15189_v2.diff
URL: <http://lists.typo3.org/pipermail/typo3-team-core/attachments/20101117/d2fc0513/attachment-0001.asc>

More information about the TYPO3-team-core mailing list