[TASK] Check if user have permission to cut records 76/46876/2
authorGianluigi Martino <gmartino27@gmail.com>
Fri, 19 Feb 2016 12:01:51 +0000 (13:01 +0100)
committerChristian Kuhn <lolli@schwarzbu.ch>
Wed, 24 Feb 2016 15:08:53 +0000 (16:08 +0100)
Only show cut icons when the user has write-permissions on the
specific record.

Change-Id: I0d5a1153faf448f9c1c6c0948f2cdf8f78cab8f6
Resolves: #73564, #73472
Releases: master, 7.6
Reviewed-on: https://review.typo3.org/46876
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
typo3/sysext/backend/Classes/ClickMenu/ClickMenu.php
typo3/sysext/recordlist/Classes/RecordList/DatabaseRecordList.php

index a950245..ec2cba3 100644 (file)
@@ -285,7 +285,7 @@ class ClickMenu
                 $menuItems['copy'] = $this->DB_copycut($table, $uid, 'copy');
             }
             // Cut:
-            if (!in_array('cut', $this->disabledItems, true) && !$root && !$DBmount && !$l10nOverlay) {
+            if (!in_array('cut', $this->disabledItems, true) && !$root && !$DBmount && !$l10nOverlay && $this->editOK) {
                 $menuItems['cut'] = $this->DB_copycut($table, $uid, 'cut');
             }
             // Paste:
index 9e41947..13b382a 100644 (file)
@@ -1705,13 +1705,35 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
                     . htmlspecialchars('return jumpSelf(' . GeneralUtility::quoteJSvalue($this->clipObj->selUrlDB($table, $row['uid'], 1, ($isSel === 'copy'), array('returnUrl' => ''))) . ');')
                     . '" title="' . $this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:cm.copy', true) . '">'
                     . $copyIcon->render() . '</a>';
-                if (true) {
-                    $cells['cut'] = '<a class="btn btn-default" href="#" onclick="'
+
+                // Check permission to cut page or content
+                if ($table == 'pages') {
+                    $localCalcPerms = $this->getBackendUserAuthentication()->calcPerms(BackendUtility::getRecord('pages', $row['uid']));
+                    $permsEdit = $localCalcPerms & Permission::PAGE_EDIT;
+                } else {
+                    $permsEdit = $this->calcPerms & Permission::CONTENT_EDIT;
+                }
+                $permsEdit = $this->overlayEditLockPermissions($table, $row, $permsEdit);
+
+                // If the listed table is 'pages' we have to request the permission settings for each page:
+                if ($table == 'pages') {
+                    if ($permsEdit) {
+                        $cells['cut'] = '<a class="btn btn-default" href="#" onclick="'
                         . htmlspecialchars('return jumpSelf(' . GeneralUtility::quoteJSvalue($this->clipObj->selUrlDB($table, $row['uid'], 0, ($isSel === 'cut'), array('returnUrl' => ''))) . ');')
                         . '" title="' . $this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:cm.cut', true) . '">'
                         . $cutIcon->render() . '</a>';
+                    } else {
+                        $cells['cut'] = $this->spaceIcon;
+                    }
                 } else {
-                    $cells['cut'] = $this->spaceIcon;
+                    if ($table !== 'pages' && $this->calcPerms & Permission::CONTENT_EDIT) {
+                        $cells['cut'] = '<a class="btn btn-default" href="#" onclick="'
+                        . htmlspecialchars('return jumpSelf(' . GeneralUtility::quoteJSvalue($this->clipObj->selUrlDB($table, $row['uid'], 0, ($isSel === 'cut'), array('returnUrl' => ''))) . ');')
+                        . '" title="' . $this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:cm.cut', true) . '">'
+                        . $cutIcon->render() . '</a>';
+                    } else {
+                        $cells['cut'] = $this->spaceIcon;
+                    }
                 }
             }
         } else {