[BUGFIX] Check permissions for page deletion in context menu 60/55260/2
authorTymoteusz Motylewski <t.motylewski@gmail.com>
Mon, 16 Oct 2017 15:38:11 +0000 (17:38 +0200)
committerChristian Kuhn <lolli@schwarzbu.ch>
Thu, 4 Jan 2018 10:44:29 +0000 (11:44 +0100)
Resolves: #82777
Releases: master, 8.7
Change-Id: I080e9d47053665c51fdc7b46787cd32299bfaba9
Reviewed-on: https://review.typo3.org/55260
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
typo3/sysext/backend/Classes/ContextMenu/ItemProviders/PageProvider.php
typo3/sysext/backend/Classes/ContextMenu/ItemProviders/RecordProvider.php

index 7d845db..f710b11 100644 (file)
@@ -337,10 +337,11 @@ class PageProvider extends RecordProvider
      *
      * @return bool
      */
-    protected function canBeRemoved(): bool
+    protected function canBeDeleted(): bool
     {
         return !$this->isDeletePlaceholder()
             && !$this->isRecordLocked()
+            && !$this->isDeletionDisabledInTS()
             && $this->hasPagePermission(Permission::PAGE_DELETE);
     }
 
index f19352e..3ab05ba 100644 (file)
@@ -480,15 +480,25 @@ class RecordProvider extends AbstractProvider
     }
 
     /**
+     * Checks if disableDelete flag is set in TSConfig for the current table
+     *
+     * @return bool
+     */
+    protected function isDeletionDisabledInTS(): bool
+    {
+        $disableDeleteTS = $this->backendUser->getTSConfig('options.disableDelete');
+        $disableDelete = (bool) trim($disableDeleteTS['properties'][$this->table] ?? (string)$disableDeleteTS['value']);
+        return $disableDelete;
+    }
+
+    /**
      * Checks if the user has the right to delete the page
      *
      * @return bool
      */
     protected function canBeDeleted(): bool
     {
-        $disableDeleteTS = $this->backendUser->getTSConfig('options.disableDelete');
-        $disableDelete = (bool) trim(isset($disableDeleteTS['properties'][$this->table]) ? $disableDeleteTS['properties'][$this->table] : (string)$disableDeleteTS['value']);
-        return !$disableDelete && $this->canBeEdited();
+        return !$this->isDeletionDisabledInTS() && $this->canBeEdited();
     }
 
     /**