[BUGFIX] Correctly evaluate content edit permissions for users 31/45231/3
authorMarkus Klein <markus.klein@typo3.org>
Sun, 13 Dec 2015 23:34:28 +0000 (00:34 +0100)
committerMarkus Klein <markus.klein@typo3.org>
Mon, 14 Dec 2015 09:44:08 +0000 (10:44 +0100)
Users are permitted to edit content of a page, even though
they are not permitted to edit the page itself.

Resolves: #72172
Releases: master
Change-Id: Ie2e60beec5a04632cf1cb7fef32929cab51408c2
Reviewed-on: https://review.typo3.org/45231
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Johannes Kasberger <johannes.kasberger@reelworx.at>
Tested-by: Johannes Kasberger <johannes.kasberger@reelworx.at>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
typo3/sysext/backend/Classes/Controller/PageLayoutController.php

index 582c941..223ab9d 100755 (executable)
@@ -593,7 +593,7 @@ class PageLayoutController
         if ($this->id && $access) {
             // Initialize permission settings:
             $this->CALC_PERMS = $this->getBackendUser()->calcPerms($this->pageinfo);
-            $this->EDIT_CONTENT = $this->pageIsNotLockedForEditors();
+            $this->EDIT_CONTENT = $this->contentIsNotLockedForEditors();
 
             $this->moduleTemplate->getDocHeaderComponent()->setMetaInformation($this->pageinfo);
 
@@ -1354,7 +1354,7 @@ class PageLayoutController
     }
 
     /**
-     * Check the editlock access
+     * Check if page can be edited by current user
      *
      * @return bool
      */
@@ -1364,6 +1364,16 @@ class PageLayoutController
     }
 
     /**
+     * Check if content can be edited by current user
+     *
+     * @return bool
+     */
+    protected function contentIsNotLockedForEditors()
+    {
+        return $this->getBackendUser()->isAdmin() || ($this->CALC_PERMS & Permission::CONTENT_EDIT) === Permission::CONTENT_EDIT && !$this->pageinfo['editlock'];
+    }
+
+    /**
      * Returns LanguageService
      *
      * @return \TYPO3\CMS\Lang\LanguageService