[BUGFIX] Hide "new page buttons" for users who can't create new pages 64/28464/7
authorGeorg Ringer <georg.ringer@gmail.com>
Tue, 18 Mar 2014 09:41:59 +0000 (10:41 +0100)
committerNicole Cordes <typo3@cordes.co>
Fri, 21 Mar 2014 22:52:31 +0000 (23:52 +0100)
There are 2 icons in the New Element wizard which should not belong there
and get the user into a blank page if the user got no access to create
page records.

- in the toolbar: icon to create a new page
- in the wizard: icon to create new page

Change-Id: I5ab638f17eebfc740ab64dd57ce655681552f901
Resolves: #56992
Releases: 6.2
Reviewed-on: https://review.typo3.org/28464
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer
Reviewed-by: Wouter Wolters
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
Reviewed-by: Nicole Cordes
Tested-by: Nicole Cordes
typo3/sysext/backend/Classes/Controller/NewRecordController.php

index 8c349b9..e520fee 100644 (file)
@@ -368,8 +368,8 @@ class NewRecordController {
                // Enabled option for the position of a new page
                $this->newPagesSelectPosition = !empty($pageTS['mod.']['wizards.']['newRecord.']['pages.']['show.']['pageSelectPosition']);
                // Pseudo-boolean (0/1) for backward compatibility
-               $this->newPagesInto = !empty($pageTS['mod.']['wizards.']['newRecord.']['pages.']['show.']['pageInside']) ? 1 : 0;
-               $this->newPagesAfter = !empty($pageTS['mod.']['wizards.']['newRecord.']['pages.']['show.']['pageAfter']) ? 1 : 0;
+               $displayNewPagesIntoLink = $this->newPagesInto && !empty($pageTS['mod.']['wizards.']['newRecord.']['pages.']['show.']['pageInside']) ? 1 : 0;
+               $displayNewPagesAfterLink = $this->newPagesAfter && !empty($pageTS['mod.']['wizards.']['newRecord.']['pages.']['show.']['pageAfter']) ? 1 : 0;
                // Slight spacer from header:
                $this->code .= '<div class="typo3-newRecord-treeline">' . $halfLine . '</div>';
                // New Page
@@ -380,12 +380,12 @@ class NewRecordController {
                $rowContent = '';
                // New pages INSIDE this pages
                $newPageLinks = array();
-               if ($this->newPagesInto && $this->isTableAllowedForThisPage($this->pageinfo, 'pages') && $GLOBALS['BE_USER']->check('tables_modify', 'pages') && $GLOBALS['BE_USER']->workspaceCreateNewRecord(($this->pageinfo['_ORIG_uid'] ?: $this->id), 'pages')) {
+               if ($displayNewPagesIntoLink && $this->isTableAllowedForThisPage($this->pageinfo, 'pages') && $this->getBackendUserAuthentication()->check('tables_modify', 'pages') && $this->getBackendUserAuthentication()->workspaceCreateNewRecord(($this->pageinfo['_ORIG_uid'] ?: $this->id), 'pages')) {
                        // Create link to new page inside:
                        $newPageLinks[] = $this->linkWrap(IconUtility::getSpriteIconForRecord($table, array()) . $GLOBALS['LANG']->sL($v['ctrl']['title'], TRUE) . ' (' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:db_new.php.inside', TRUE) . ')', $table, $this->id);
                }
                // New pages AFTER this pages
-               if ($this->newPagesAfter && $this->isTableAllowedForThisPage($this->pidInfo, 'pages') && $GLOBALS['BE_USER']->check('tables_modify', 'pages') && $GLOBALS['BE_USER']->workspaceCreateNewRecord($this->pidInfo['uid'], 'pages')) {
+               if ($displayNewPagesAfterLink && $this->isTableAllowedForThisPage($this->pidInfo, 'pages') && $this->getBackendUserAuthentication()->check('tables_modify', 'pages') && $this->getBackendUserAuthentication()->workspaceCreateNewRecord($this->pidInfo['uid'], 'pages')) {
                        $newPageLinks[] = $this->linkWrap($pageIcon . $GLOBALS['LANG']->sL($v['ctrl']['title'], TRUE) . ' (' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:db_new.php.after', TRUE) . ')', 'pages', -$this->id);
                }
                // New pages at selection position
@@ -656,6 +656,11 @@ class NewRecordController {
         * @todo Define visibility
         */
        public function showNewRecLink($table, array $allowedNewTables = array(), array $deniedNewTables = array()) {
+
+               if (!$this->getBackendUserAuthentication()->check('tables_modify', $table)) {
+                       return FALSE;
+               }
+
                $allowedNewTables = $allowedNewTables ?: $this->allowedNewTables;
                $deniedNewTables = $deniedNewTables ?: $this->deniedNewTables;
                // No deny/allow tables are set:
@@ -668,4 +673,12 @@ class NewRecordController {
                }
        }
 
+       /**
+        * Returns the global BackendUserAuthentication object.
+        *
+        * @return \TYPO3\CMS\Core\Authentication\BackendUserAuthentication
+        */
+       protected function getBackendUserAuthentication() {
+               return $GLOBALS['BE_USER'];
+       }
 }