[BUGFIX] colPos_list sets access to edit areas 83/31783/7
authorJigal van Hemert <jigal.van.hemert@typo3.org>
Thu, 24 Jul 2014 23:18:52 +0000 (01:18 +0200)
committerJigal van Hemert <jigal.van.hemert@typo3.org>
Sun, 7 Sep 2014 15:02:36 +0000 (17:02 +0200)
The property mod.SHARED.colPos_list used to determine which columns
were visible in the Page module. With backend layouts it will only
determine which edit areas in the backend layout are accessible for
editing.

Resolves: #39967
Releases: 6.3, 6.2
Change-Id: Iba65ce84adf025802d1b0ebda00dff4d6299a06a
Reviewed-on: http://review.typo3.org/31783
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Marcin SÄ…gol <marcin@soee.pl>
Reviewed-by: Jo Hasenau <info@cybercraft.de>
Reviewed-by: Jigal van Hemert <jigal.van.hemert@typo3.org>
Tested-by: Jigal van Hemert <jigal.van.hemert@typo3.org>
typo3/sysext/backend/Classes/Controller/PageLayoutController.php
typo3/sysext/backend/Classes/View/PageLayoutView.php

index d72366a..446879d 100644 (file)
@@ -108,6 +108,13 @@ class PageLayoutController {
         */
        public $modTSconfig;
 
+       /**
+        * Module shared TSconfig
+        *
+        * @var array
+        */
+       public $modSharedTSconfig;
+
        // Current ids page record
        /**
         * @todo Define visibility
@@ -208,6 +215,14 @@ class PageLayoutController {
        public $editIcon;
 
        /**
+        * List of column-integers accessible to the current BE user.
+        * Is set from TSconfig, default is $colPosList
+        *
+        * @var string
+        */
+       public $activeColPosList;
+
+       /**
         * Initializing the module
         *
         * @return void
@@ -523,7 +538,22 @@ class PageLayoutController {
                                $this->colPosList = implode(',', $backendLayout['__colPosList']);
                        }
                        // Removing duplicates, if any
-                       $this->colPosList = implode(',', array_unique(GeneralUtility::intExplode(',', $this->colPosList)));
+                       $this->colPosList = array_unique(GeneralUtility::intExplode(',', $this->colPosList));
+                       // Accessible columns
+                       if (trim($this->modSharedTSconfig['properties']['colPos_list']) !== '') {
+                               $this->activeColPosList = array_unique(GeneralUtility::intExplode(',', trim($this->modSharedTSconfig['properties']['colPos_list'])));
+                               // Match with the list which is present in the colPosList for the current page
+                               if (!empty($this->colPosList) && !empty($this->colActivePosList)) {
+                                       $this->activeColPosList = implode(',', array_unique(array_intersect(
+                                               $this->activeColPosList,
+                                               $this->colPosList
+                                       )));
+                               }
+                       } else {
+                               $this->activeColPosList = implode(',', $this->colPosList);
+                       }
+                       $this->colPosList = implode(',', $this->colPosList);
+
                        // Page title
                        $body = $this->doc->header($this->getLocalizedPageTitle());
                        $body .= $this->getHeaderFlashMessagesForCurrentPid();
@@ -903,6 +933,7 @@ class PageLayoutController {
                                }
                                // The order of the rows: Default is left(1), Normal(0), right(2), margin(3)
                                $dblist->tt_contentConfig['cols'] = implode(',', $colList);
+                               $dblist->tt_contentConfig['activeCols'] = $this->activeColPosList;
                                $dblist->tt_contentConfig['showHidden'] = $this->MOD_SETTINGS['tt_content_showHidden'];
                                $dblist->tt_contentConfig['sys_language_uid'] = (int)$this->current_sys_language;
                                // If the function menu is set to "Language":
index 73d38ce..e8d2743 100644 (file)
@@ -122,7 +122,9 @@ class PageLayoutView extends \TYPO3\CMS\Recordlist\RecordList\AbstractDatabaseRe
                // Displays hidden records as well
                'sys_language_uid' => 0,
                // Which language
-               'cols' => '1,0,2,3'
+               'cols' => '1,0,2,3',
+               'activeCols' => '1,0,2,3'
+               // Which columns can be accessed by current BE user
        );
 
        // Contains icon/title of pages which are listed in the tables menu (see getTableMenu() function )
@@ -610,16 +612,28 @@ class PageLayoutView extends \TYPO3\CMS\Recordlist\RecordList\AbstractDatabaseRe
                                                                ($rowSpan > 0 ? ' rowspan="' . $rowSpan . '"' : '') .
                                                                ' class="t3-gridCell t3-page-column t3-page-column-' . $columnKey .
                                                                ((!isset($columnConfig['colPos']) || $columnConfig['colPos'] === '') ? ' t3-gridCell-unassigned' : '') .
-                                                               ((isset($columnConfig['colPos']) && $columnConfig['colPos'] !== '' && !$head[$columnKey]) ? ' t3-gridCell-restricted' : '') .
+                                                               ((isset($columnConfig['colPos']) && $columnConfig['colPos'] !== '' && !$head[$columnKey]) || !GeneralUtility::inList($this->tt_contentConfig['activeCols'], $columnConfig['colPos']) ? ' t3-gridCell-restricted' : '') .
                                                                ($colSpan > 0 ? ' t3-gridCell-width' . $colSpan : '') .
                                                                ($rowSpan > 0 ? ' t3-gridCell-height' . $rowSpan : '') . '">';
 
                                                        // Draw the pre-generated header with edit and new buttons if a colPos is assigned.
                                                        // If not, a new header without any buttons will be generated.
-                                                       if (isset($columnConfig['colPos']) && $columnConfig['colPos'] !== '' && $head[$columnKey]) {
+                                                       if (
+                                                               isset($columnConfig['colPos']) && $columnConfig['colPos'] !== '' && $head[$columnKey]
+                                                               && GeneralUtility::inList($this->tt_contentConfig['activeCols'], $columnConfig['colPos'])
+                                                       ) {
                                                                $grid .= $head[$columnKey] . $content[$columnKey];
-                                                       } elseif (isset($columnConfig['colPos']) && $columnConfig['colPos'] !== '') {
+                                                       } elseif (
+                                                               isset($columnConfig['colPos']) && $columnConfig['colPos'] !== ''
+                                                               && GeneralUtility::inList($this->tt_contentConfig['activeCols'], $columnConfig['colPos'])
+                                                       ) {
                                                                $grid .= $this->tt_content_drawColHeader($this->getLanguageService()->getLL('noAccess'), '', '');
+                                                       } elseif (
+                                                               isset($columnConfig['colPos']) && $columnConfig['colPos'] !== ''
+                                                               && !GeneralUtility::inList($this->tt_contentConfig['activeCols'], $columnConfig['colPos'])
+                                                       ) {
+                                                               $grid .= $this->tt_content_drawColHeader($this->getLanguageService()->sL($columnConfig['name']) .
+                                                                       ' (' . $this->getLanguageService()->getLL('noAccess') . ')', '', '');
                                                        } elseif (isset($columnConfig['name']) && strlen($columnConfig['name']) > 0) {
                                                                $grid .= $this->tt_content_drawColHeader($this->getLanguageService()->sL($columnConfig['name'])
                                                                        . ' (' . $this->getLanguageService()->getLL('notAssigned') . ')', '', '');