[BUGFIX] File metadata can't be edited inline 23/40323/2
authorBenjamin Mack <benni@typo3.org>
Mon, 15 Jun 2015 10:04:51 +0000 (12:04 +0200)
committerAndreas Wolf <andreas.wolf@typo3.org>
Thu, 18 Jun 2015 08:50:31 +0000 (10:50 +0200)
Since 2012, there is a special mechanism to allow some tables for
editing even if their records reside on a page that is inaccessible for
the user. This is checked for regular forms in
``EditDocumentController``, but the check for inline elements was
missing until this patch.

Resolves: #65563
Releases: master, 6.2
Change-Id: I6d984c28672e2b3ba225ea91f6c7292aa3e1127d
Reviewed-on: http://review.typo3.org/40323
Reviewed-by: Andreas Wolf <andreas.wolf@typo3.org>
Tested-by: Andreas Wolf <andreas.wolf@typo3.org>
typo3/sysext/backend/Classes/Controller/EditDocumentController.php
typo3/sysext/backend/Classes/Form/Element/InlineElement.php

index 9cacd27..b3e7628 100644 (file)
@@ -832,7 +832,7 @@ class EditDocumentController {
                                                                        }
                                                                        // Check internals regarding access:
                                                                        $isRootLevelRestrictionIgnored = BackendUtility::isRootLevelRestrictionIgnored($table);
-                                                                       if ($hasAccess || (string) $calcPRec['pid'] === '0' && $isRootLevelRestrictionIgnored) {
+                                                                       if ($hasAccess || (int)$calcPRec['pid'] === 0 && $isRootLevelRestrictionIgnored) {
                                                                                $hasAccess = $GLOBALS['BE_USER']->recordEditAccessInternals($table, $calcPRec);
                                                                                $deniedAccessReason = $GLOBALS['BE_USER']->errorMsg;
                                                                        }
index 2d48dba..c0e6ae0 100644 (file)
@@ -2137,7 +2137,8 @@ class InlineElement {
                                        $hasAccess = $CALC_PERMS & 16 ? 1 : 0;
                                }
                                // Check internals regarding access:
-                               if ($hasAccess) {
+                               $isRootLevelRestrictionIgnored = BackendUtility::isRootLevelRestrictionIgnored($table);
+                               if ($hasAccess || (int)$calcPRec['pid'] === 0 && $isRootLevelRestrictionIgnored) {
                                        $hasAccess = $GLOBALS['BE_USER']->recordEditAccessInternals($table, $calcPRec);
                                }
                        }