[BUGFIX] Disable restricted users to edit page properties 54/20454/7
authorHenrik Ziegenhain <hziegenhain@gmail.com>
Sat, 21 Nov 2015 17:34:36 +0000 (18:34 +0100)
committerMarkus Klein <markus.klein@typo3.org>
Sun, 22 Nov 2015 09:10:23 +0000 (10:10 +0100)
This patch hides the edit page properties icon in page- and list-module
when a user is restricted to only non-default languages.

Resolves: #47144
Releases: master
Change-Id: Id87456416a7f92ffa3f6c45bb28f1a31226f8b5b
Reviewed-on: https://review.typo3.org/20454
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Gianluigi Martino <gmartino27@gmail.com>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
typo3/sysext/backend/Classes/Controller/PageLayoutController.php
typo3/sysext/backend/Classes/View/PageLayoutView.php
typo3/sysext/core/Classes/FrontendEditing/FrontendEditingController.php
typo3/sysext/recordlist/Classes/RecordList/DatabaseRecordList.php

index 13a9903..9ab3c96 100755 (executable)
@@ -835,7 +835,7 @@ class PageLayoutController
             } catch (AccessDeniedException $e) {
                 // If no edit access, print error message:
                 $content = '<h2>' . $lang->getLL('noAccess', true) . '</h2>';
-                $conten .= '<div>' . $lang->getLL('noAccess_msg') . '<br /><br />' . ($beUser->errorMsg ? 'Reason: ' . $beUser->errorMsg . '<br /><br />' : '') . '</div>';
+                $content .= '<div>' . $lang->getLL('noAccess_msg') . '<br /><br />' . ($beUser->errorMsg ? 'Reason: ' . $beUser->errorMsg . '<br /><br />' : '') . '</div>';
             }
         } else {
             // If no edit access, print error message:
@@ -1100,7 +1100,7 @@ class PageLayoutController
             }
 
             // Edit page properties and page language overlay icons
-            if ($this->pageIsNotLockedForEditors()) {
+            if ($this->pageIsNotLockedForEditors() && $this->getBackendUser()->checkLanguageAccess(0)) {
                 // Edit localized page_language_overlay only when one specific language is selected
                 if ($this->MOD_SETTINGS['function'] == 1 && $this->current_sys_language > 0) {
                     $overlayRecord = $this->getDatabaseConnection()->exec_SELECTgetSingleRow(
index e01c1ab..acecf14 100644 (file)
@@ -765,19 +765,24 @@ class PageLayoutView extends \TYPO3\CMS\Recordlist\RecordList\AbstractDatabaseRe
                         . '</div>'
                         . ' ' . $recordIcon . ' ' . htmlspecialchars(GeneralUtility::fixed_lgd_cs($lpRecord['title'], 20));
                 } else {
-                    $params = '&edit[pages][' . $this->id . ']=edit';
-
-                    $recordIcon = BackendUtility::wrapClickMenuOnIcon(
-                        $this->iconFactory->getIconForRecord('pages', $this->pageRecord, Icon::SIZE_SMALL)->render(),
-                        'pages',
-                        $this->id
-                    );
-                    $editLink = ($this->getBackendUser()->check('tables_modify', 'pages_language_overlay')
-                        ? '<a href="#" class="btn btn-default btn-sm" onclick="' . htmlspecialchars(BackendUtility::editOnClick($params))
-                        . '" title="' . $this->getLanguageService()->getLL('edit', true) . '">'
-                        . $this->iconFactory->getIcon('actions-open', Icon::SIZE_SMALL)->render() . '</a>'
-                        : ''
-                    );
+                    $editLink = '';
+                    $recordIcon = '';
+                    if ($this->getBackendUser()->checkLanguageAccess(0)) {
+                        $params = '&edit[pages][' . $this->id . ']=edit';
+
+                        $recordIcon = BackendUtility::wrapClickMenuOnIcon(
+                            $this->iconFactory->getIconForRecord('pages', $this->pageRecord,
+                                Icon::SIZE_SMALL)->render(),
+                            'pages',
+                            $this->id
+                        );
+                        $editLink = ($this->getBackendUser()->check('tables_modify', 'pages_language_overlay')
+                            ? '<a href="#" class="btn btn-default btn-sm" onclick="' . htmlspecialchars(BackendUtility::editOnClick($params))
+                            . '" title="' . $this->getLanguageService()->getLL('edit', true) . '">'
+                            . $this->iconFactory->getIcon('actions-open', Icon::SIZE_SMALL)->render() . '</a>'
+                            : ''
+                        );
+                    }
 
                     $lPLabel =
                         '<div class="btn-group">'
@@ -1176,7 +1181,7 @@ class PageLayoutView extends \TYPO3\CMS\Recordlist\RecordList\AbstractDatabaseRe
         // Create command links:
         if ($this->tt_contentConfig['showCommands']) {
             // Edit whole of column:
-            if ($editParams && $this->getBackendUser()->doesUserHaveAccess($this->pageinfo, Permission::CONTENT_EDIT)) {
+            if ($editParams && $this->getBackendUser()->doesUserHaveAccess($this->pageinfo, Permission::CONTENT_EDIT) && $this->getBackendUser()->checkLanguageAccess(0)) {
                 $iconsArr['edit'] = '<a href="#" onclick="'
                     . htmlspecialchars(BackendUtility::editOnClick($editParams)) . '" title="'
                     . $this->getLanguageService()->getLL('editColumn', true) . '">'
index 6f65ba7..cbabba0 100755 (executable)
@@ -532,7 +532,7 @@ class FrontendEditingController
                     unset($allow['hide']);
                     unset($allow['delete']);
                 }
-                if (!($perms & Permission::PAGE_EDIT)) {
+                if (!($perms & Permission::PAGE_EDIT) || !$GLOBALS['BE_USER']->checkLanguageAccess(0)) {
                     unset($allow['edit']);
                     unset($allow['move']);
                     unset($allow['hide']);
index 7fbc4cd..45e457c 100644 (file)
@@ -271,7 +271,7 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
             }
             // If edit permissions are set, see
             // \TYPO3\CMS\Core\Authentication\BackendUserAuthentication
-            if ($localCalcPerms & Permission::PAGE_EDIT && !empty($this->id) && $this->editLockPermissions()) {
+            if ($localCalcPerms & Permission::PAGE_EDIT && !empty($this->id) && $this->editLockPermissions() && $this->getBackendUserAuthentication()->checkLanguageAccess(0)) {
                 // Edit
                 $params = '&edit[pages][' . $this->pageRow['uid'] . ']=edit';
                 $onClick = htmlspecialchars(BackendUtility::editOnClick($params, '', -1));
@@ -1383,7 +1383,11 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
         if ($table == 'pages') {
             $localCalcPerms = $this->getBackendUserAuthentication()->calcPerms(BackendUtility::getRecord('pages', $row['uid']));
         }
-        $permsEdit = $table === 'pages' && $localCalcPerms & Permission::PAGE_EDIT || $table !== 'pages' && $this->calcPerms & Permission::CONTENT_EDIT;
+        $permsEdit = $table === 'pages'
+                     && $this->getBackendUserAuthentication()->checkLanguageAccess(0)
+                     && $localCalcPerms & Permission::PAGE_EDIT
+                     || $table !== 'pages'
+                        && $this->calcPerms & Permission::CONTENT_EDIT;
         $permsEdit = $this->overlayEditLockPermissions($table, $row, $permsEdit);
         // "Show" link (only pages and tt_content elements)
         if ($table == 'pages' || $table == 'tt_content') {