[TASK] Do not initialize inline page editing with insufficient permissions 53/44353/2
authorAndreas Fernandez <a.fernandez@scripting-base.de>
Thu, 29 Oct 2015 12:32:12 +0000 (13:32 +0100)
committerChristian Kuhn <lolli@schwarzbu.ch>
Thu, 29 Oct 2015 16:10:20 +0000 (17:10 +0100)
The PageActions module is now initialized only if the backend user
has sufficient permissions. The internal permission handling done
by PageActions is removed.

Resolves: #68271
Releases: master
Change-Id: I3f06a8c6c16e11ecc617bf20d5caf97a4c26ac53
Reviewed-on: https://review.typo3.org/44353
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Daniel Goerz <ervaude@gmail.com>
Tested-by: Daniel Goerz <ervaude@gmail.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
typo3/sysext/backend/Classes/View/PageLayoutView.php
typo3/sysext/backend/Resources/Public/JavaScript/PageActions.js
typo3/sysext/recordlist/Classes/RecordList.php

index 50bf150..b59b89c 100644 (file)
@@ -427,12 +427,13 @@ class PageLayoutView extends \TYPO3\CMS\Recordlist\RecordList\AbstractDatabaseRe
         if ($this->tt_contentConfig['languageColsPointer'] > 0) {
             $userCanEditPage = $this->getBackendUser()->check('tables_modify', 'pages_language_overlay');
         }
-        $pageRenderer->loadRequireJsModule('TYPO3/CMS/Backend/PageActions', 'function(PageActions) {
-                       PageActions.setPageId(' . (int)$this->id . ');
-                       PageActions.setCanEditPage(' . ($userCanEditPage ? 'true' : 'false') . ');
-                       PageActions.setLanguageOverlayId(' . $this->tt_contentConfig['languageColsPointer'] . ');
-            PageActions.initializePageTitleRenaming();
-               }');
+        if ($userCanEditPage) {
+            $pageRenderer->loadRequireJsModule('TYPO3/CMS/Backend/PageActions', 'function(PageActions) {
+                PageActions.setPageId(' . (int)$this->id . ');
+                PageActions.setLanguageOverlayId(' . $this->tt_contentConfig['languageColsPointer'] . ');
+                PageActions.initializePageTitleRenaming();
+            }');
+        }
         // Get labels for CTypes and tt_content element fields in general:
         $this->CType_labels = array();
         foreach ($GLOBALS['TCA']['tt_content']['columns']['CType']['config']['items'] as $val) {
index 97cc2a5..b2572a9 100644 (file)
@@ -20,13 +20,12 @@ define(['jquery', 'TYPO3/CMS/Backend/Storage'], function($, Storage) {
 
        /**
         *
-        * @type {{settings: {pageId: number, canEditPage: boolean, language: {pageOverlayId: number}}, identifier: {pageTitle: string, hiddenElements: string}, elements: {$pageTitle: null, $showHiddenElementsCheckbox: null}, documentIsReady: boolean}}
+        * @type {{settings: {pageId: number, language: {pageOverlayId: number}}, identifier: {pageTitle: string, hiddenElements: string}, elements: {$pageTitle: null, $showHiddenElementsCheckbox: null}, documentIsReady: boolean}}
         * @exports TYPO3/CMS/Backend/PageActions
         */
        var PageActions = {
                settings: {
                        pageId: 0,
-                       canEditPage: false,
                        language: {
                                pageOverlayId: 0
                        }
@@ -52,7 +51,7 @@ define(['jquery', 'TYPO3/CMS/Backend/Storage'], function($, Storage) {
                        });
                        return;
                }
-               if (PageActions.settings.pageId <= 0 || !PageActions.settings.canEditPage) {
+               if (PageActions.settings.pageId <= 0) {
                        return;
                }
 
@@ -174,15 +173,6 @@ define(['jquery', 'TYPO3/CMS/Backend/Storage'], function($, Storage) {
        };
 
        /**
-        * Set if user can edit the page properties
-        *
-        * @param {Boolean} allowed
-        */
-       PageActions.setCanEditPage = function(allowed) {
-               PageActions.settings.canEditPage = allowed;
-       };
-
-       /**
         * Set the overlay id
         *
         * @param {Number} overlayId
index 9d83af6..f026fc2 100644 (file)
@@ -294,11 +294,12 @@ class RecordList extends AbstractModule
         $this->getPageRenderer()->loadRequireJsModule('TYPO3/CMS/Backend/AjaxDataHandler');
         $calcPerms = $backendUser->calcPerms($this->pageinfo);
         $userCanEditPage = $calcPerms & Permission::PAGE_EDIT && !empty($this->id) && ($backendUser->isAdmin() || (int)$this->pageinfo['editlock'] === 0);
-        $this->getPageRenderer()->loadRequireJsModule('TYPO3/CMS/Backend/PageActions', 'function(PageActions) {
-                       PageActions.setPageId(' . (int)$this->id . ');
-                       PageActions.setCanEditPage(' . ($userCanEditPage ? 'true' : 'false') . ');
-                       PageActions.initializePageTitleRenaming();
-               }');
+        if ($userCanEditPage) {
+            $this->getPageRenderer()->loadRequireJsModule('TYPO3/CMS/Backend/PageActions', 'function(PageActions) {
+                PageActions.setPageId(' . (int)$this->id . ');
+                PageActions.initializePageTitleRenaming();
+            }');
+        }
         $this->getPageRenderer()->loadRequireJsModule('TYPO3/CMS/Recordlist/Tooltip');
         // Apply predefined values for hidden checkboxes
         // Set predefined value for DisplayBigControlPanel: