[BUGFIX] Drag&Drop sorting respects AuthMode 95/46995/2
authorajahn <jahn.typo3@googlemail.com>
Thu, 18 Feb 2016 11:10:29 +0000 (12:10 +0100)
committerBenni Mack <benni@typo3.org>
Wed, 2 Mar 2016 12:23:25 +0000 (13:23 +0100)
If an editor is not allowed to edit content elements with a specific
CType (e.g. HTML), drag&drop sorting was still active. Sorting seemed to
work without an error but was blocked in DataHandler due to missing
permissions.
This fix introduces the missing check to deactivate sorting in this case.

Change-Id: Ib40b1e2a2fbbd4694fbb69ed7cda4a2180e15f14
Resolves: #73539
Releases: master, 7.6
Reviewed-on: https://review.typo3.org/46995
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
typo3/sysext/backend/Classes/View/PageLayoutView.php

index 9d7ea34..c2e2171 100644 (file)
@@ -1509,6 +1509,7 @@ class PageLayoutView extends \TYPO3\CMS\Recordlist\RecordList\AbstractDatabaseRe
         if ($this->getBackendUser()->user['admin']
             || ((int)$row['editlock'] === 0 && (int)$this->pageinfo['editlock'] === 0)
             && $this->getBackendUser()->doesUserHaveAccess($this->pageinfo, Permission::CONTENT_EDIT)
+            && $this->getBackendUser()->checkAuthMode('tt_content', 'CType', $row['CType'], $GLOBALS['TYPO3_CONF_VARS']['BE']['explicitADmode'])
         ) {
             return true;
         }