[BUGFIX] Check permissions for page deletion in context menu 35/55235/2
authorTymoteusz Motylewski <t.motylewski@gmail.com>
Mon, 16 Oct 2017 15:38:11 +0000 (17:38 +0200)
committerChristian Kuhn <lolli@schwarzbu.ch>
Thu, 4 Jan 2018 10:05:31 +0000 (11:05 +0100)
Resolves: #82777
Releases: master, 8.7
Change-Id: I080e9d47053665c51fdc7b46787cd32299bfaba9
Reviewed-on: https://review.typo3.org/55235
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Andreas Fernandez <typo3@scripting-base.de>
Tested-by: Andreas Fernandez <typo3@scripting-base.de>
Reviewed-by: Mathias Schreiber <mathias.schreiber@typo3.com>
Tested-by: Mathias Schreiber <mathias.schreiber@typo3.com>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
typo3/sysext/backend/Classes/ContextMenu/ItemProviders/PageProvider.php
typo3/sysext/backend/Classes/ContextMenu/ItemProviders/RecordProvider.php

index b414ec1..efed92c 100644 (file)
@@ -366,10 +366,11 @@ class PageProvider extends RecordProvider
      *
      * @return bool
      */
-    protected function canBeRemoved(): bool
+    protected function canBeDeleted(): bool
     {
         return !$this->isDeletePlaceholder()
             && !$this->isRecordLocked()
+            && !$this->isDeletionDisabledInTS()
             && $this->hasPagePermission(Permission::PAGE_DELETE);
     }
 
index 94b4416..1d15c5b 100644 (file)
@@ -486,15 +486,25 @@ class RecordProvider extends AbstractProvider
     }
 
     /**
-     * Checks if the user has the right to delete the page
+     * Checks if disableDelete flag is set in TSConfig for the current table
      *
      * @return bool
      */
-    protected function canBeDeleted(): bool
+    protected function isDeletionDisabledInTS(): bool
     {
         $disableDeleteTS = $this->backendUser->getTSConfig('options.disableDelete');
         $disableDelete = (bool) trim($disableDeleteTS['properties'][$this->table] ?? (string)$disableDeleteTS['value']);
-        return !$disableDelete && $this->canBeEdited();
+        return $disableDelete;
+    }
+
+    /**
+     * Checks if the user has the right to delete the page
+     *
+     * @return bool
+     */
+    protected function canBeDeleted(): bool
+    {
+        return !$this->isDeletionDisabledInTS() && $this->canBeEdited();
     }
 
     /**