[BUGFIX] Allow editing of shortcuts for non-admin users 14/41714/2
authorMarkus Klein <markus.klein@typo3.org>
Mon, 20 Jul 2015 07:57:53 +0000 (09:57 +0200)
committerSusanne Moog <typo3@susannemoog.de>
Tue, 21 Jul 2015 07:07:51 +0000 (09:07 +0200)
Resolves: #60254
Releases: master, 6.2
Change-Id: Ie5e65ab761e8ce018a4d71daa39495fae3ad3572
Reviewed-on: http://review.typo3.org/41714
Reviewed-by: Frederic Gaus <frederic.gaus@flagbit.de>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Susanne Moog <typo3@susannemoog.de>
Tested-by: Susanne Moog <typo3@susannemoog.de>
typo3/sysext/backend/Classes/Backend/ToolbarItems/ShortcutToolbarItem.php

index 2a4cbec..034a450 100644 (file)
@@ -573,23 +573,21 @@ class ShortcutToolbarItem implements ToolbarItemInterface {
                $shortcutId = (int)GeneralUtility::_POST('shortcutId');
                $shortcutName = strip_tags(GeneralUtility::_POST('shortcutTitle'));
                $shortcutGroupId = (int)GeneralUtility::_POST('shortcutGroup');
-               if ($shortcutGroupId > 0 || $backendUser->isAdmin()) {
-                       // Users can delete only their own shortcuts (except admins)
-                       $addUserWhere = !$backendUser->isAdmin() ? ' AND userid=' . (int)$backendUser->user['uid'] : '';
-                       $fieldValues = array(
-                               'description' => $shortcutName,
-                               'sc_group' => $shortcutGroupId
-                       );
-                       if ($fieldValues['sc_group'] < 0 && !$backendUser->isAdmin()) {
-                               $fieldValues['sc_group'] = 0;
-                       }
-                       $databaseConnection->exec_UPDATEquery('sys_be_shortcuts', 'uid=' . $shortcutId . $addUserWhere, $fieldValues);
-                       $affectedRows = $databaseConnection->sql_affected_rows();
-                       if ($affectedRows == 1) {
-                               $ajaxObj->addContent('shortcut', $shortcutName);
-                       } else {
-                               $ajaxObj->addContent('shortcut', 'failed');
-                       }
+               // Users can only modify their own shortcuts (except admins)
+               $addUserWhere = !$backendUser->isAdmin() ? ' AND userid=' . (int)$backendUser->user['uid'] : '';
+               $fieldValues = array(
+                       'description' => $shortcutName,
+                       'sc_group' => $shortcutGroupId
+               );
+               if ($fieldValues['sc_group'] < 0 && !$backendUser->isAdmin()) {
+                       $fieldValues['sc_group'] = 0;
+               }
+               $databaseConnection->exec_UPDATEquery('sys_be_shortcuts', 'uid=' . $shortcutId . $addUserWhere, $fieldValues);
+               $affectedRows = $databaseConnection->sql_affected_rows();
+               if ($affectedRows == 1) {
+                       $ajaxObj->addContent('shortcut', $shortcutName);
+               } else {
+                       $ajaxObj->addContent('shortcut', 'failed');
                }
                $ajaxObj->setContentFormat('plain');
        }