[BUGFIX] Take table permissions in account for file edit icon 16/36416/8
authorPhilipp Thiele <philipp.thiele@phth.de>
Fri, 30 Jan 2015 12:34:03 +0000 (13:34 +0100)
committerAnja Leichsenring <aleichsenring@ab-softlab.de>
Sat, 31 Jan 2015 11:33:39 +0000 (12:33 +0100)
Hides the file edit icon in filelist if the user has no modify
permissions for sys_file_metadata.

Resolves: #64634
Releases: master
Change-Id: Id0070849032d0596e8fe30c9f17a314f31adc6fa
Reviewed-on: http://review.typo3.org/36416
Reviewed-by: Mathias Schreiber <mathias.schreiber@wmdb.de>
Tested-by: Mathias Schreiber <mathias.schreiber@wmdb.de>
Reviewed-by: Nicole Cordes <typo3@cordes.co>
Tested-by: Nicole Cordes <typo3@cordes.co>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
typo3/sysext/backend/Classes/ClickMenu/ClickMenu.php
typo3/sysext/backend/Classes/Form/Element/InlineElement.php
typo3/sysext/filelist/Classes/FileList.php

index 0e73782..41331f6 100644 (file)
@@ -867,7 +867,7 @@ class ClickMenu {
                        }
                        // Edit
                        if (!in_array('edit', $this->disabledItems) && $fileObject->checkActionPermission('write')) {
-                               if (!$folder && !$isStorageRoot && $fileObject->isIndexed()) {
+                               if (!$folder && !$isStorageRoot && $fileObject->isIndexed() && $this->backendUser->check('tables_modify', 'sys_file_metadata')) {
                                        $metaData = $fileObject->_getMetaData();
                                        $menuItems['edit2'] = $this->DB_edit('sys_file_metadata', $metaData['uid']);
                                }
index 780699a..1ce90a5 100644 (file)
@@ -702,24 +702,25 @@ class InlineElement {
                        }
                        // "Edit" link:
                        if (($rec['table_local'] === 'sys_file') && !$isNewItem) {
-                               $location = 'top.content.list_frame';
-                               $table = 'sys_file_metadata';
                                $recordInDatabase = $this->getDatabaseConnection()->exec_SELECTgetSingleRow(
                                        'uid',
-                                       $table,
+                                       'sys_file_metadata',
                                        'file = ' . (int)substr($rec['uid_local'], 9) . ' AND sys_language_uid = ' . $rec['sys_language_uid']
                                );
                                $editUid = $recordInDatabase['uid'];
-                               $editOnClick = 'if(' . $location . '){' . $location . '.location.href=top.TS.PATH_typo3+\'alt_doc.php?returnUrl=\'+top.rawurlencode('
-                                       . $location . '.document.location' . '.pathname+' . $location . '.document.location' . '.search)+\'&edit['
-                                       . $table . '][' . $editUid . ']=edit\';}';
-                               $title = htmlspecialchars($languageService->sL('LLL:EXT:lang/locallang_core.xlf:cm.editMetadata'));
-                               $cells['editmetadata'] = '<a href="#" class="btn" onclick="' . $editOnClick . '" title="' . $title . '">'
-                                       . IconUtility::getSpriteIcon('actions-document-open') . '</a>';
+                               if ($GLOBALS['BE_USER']->check('tables_modify', 'sys_file_metadata')) {
+                                       $editOnClick = 'if(top.content.list_frame){top.content.list_frame.location.href=top.TS.PATH_typo3+\'alt_doc.php?returnUrl=\'+top.rawurlencode('
+                                               . 'top.content.list_frame.document.location' . '.pathname+top.content.list_frame.document.location' . '.search)+'
+                                               . '\'&edit[sys_file_metadata][' . (int)$editUid . ']=edit\';}';
+                                       $title = $languageService->sL('LLL:EXT:lang/locallang_core.xlf:cm.editMetadata');
+                                       $cells['editmetadata'] = '<a href="#" class="btn" onclick="'
+                                               . htmlspecialchars($editOnClick) . '" title="' . htmlspecialchars($title) . '">'
+                                               . IconUtility::getSpriteIcon('actions-document-open') . '</a>';
+                               }
                        }
                        // "Delete" link:
                        if ($enabledControls['delete'] && ($isPagesTable && $localCalcPerms & 4 || !$isPagesTable && $calcPerms & 16)) {
-                               $onClick = 'inline.deleteRecord(\'' . $nameObjectFtId . '\');';
+                               $onClick = 'inline.deleteRecord(' . GeneralUtility::quoteJSvalue($nameObjectFtId) . ');';
                                $cells['delete'] = '<a href="#" onclick="' . htmlspecialchars(('if (confirm(' . GeneralUtility::quoteJSvalue($languageService->getLL('deleteWarning')) . ')) {  ' . $onClick . ' } return false;')) . '">' . IconUtility::getSpriteIcon('actions-edit-delete', array('title' => $languageService->sL('LLL:EXT:lang/locallang_mod_web_list.xlf:delete', TRUE))) . '</a>';
                        }
 
index 8cd220e..fd94b35 100644 (file)
@@ -810,7 +810,7 @@ class FileList extends AbstractRecordList {
                $fullIdentifier = $fileOrFolderObject->getCombinedIdentifier();
                // Edit metadata of file
                try {
-                       if (is_a($fileOrFolderObject, File::class) && $fileOrFolderObject->isIndexed() && $fileOrFolderObject->checkActionPermission('write')) {
+                       if (is_a($fileOrFolderObject, File::class) && $fileOrFolderObject->isIndexed() && $fileOrFolderObject->checkActionPermission('write') && $this->getBackendUser()->check('tables_modify', 'sys_file_metadata')) {
                                $metaData = $fileOrFolderObject->_getMetaData();
                                $data = array(
                                        'sys_file_metadata' => array($metaData['uid'] => 'edit')