Commit 0ad9a8c1 authored by Henrik Ziegenhain's avatar Henrik Ziegenhain Committed by Markus Klein
Browse files

[BUGFIX] Disable restricted users to edit page properties

This patch hides the edit page properties icon in page- and list-module
when a user is restricted to only non-default languages.

Resolves: #47144
Releases: master
Change-Id: Id87456416a7f92ffa3f6c45bb28f1a31226f8b5b
Reviewed-on: https://review.typo3.org/20454

Reviewed-by: Georg Ringer's avatarGeorg Ringer <georg.ringer@gmail.com>
Tested-by: Georg Ringer's avatarGeorg Ringer <georg.ringer@gmail.com>
Tested-by: default avatarGianluigi Martino <gmartino27@gmail.com>
Reviewed-by: Markus Klein's avatarMarkus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein's avatarMarkus Klein <markus.klein@typo3.org>
parent 0511ce3a
......@@ -835,7 +835,7 @@ class PageLayoutController
} catch (AccessDeniedException $e) {
// If no edit access, print error message:
$content = '<h2>' . $lang->getLL('noAccess', true) . '</h2>';
$conten .= '<div>' . $lang->getLL('noAccess_msg') . '<br /><br />' . ($beUser->errorMsg ? 'Reason: ' . $beUser->errorMsg . '<br /><br />' : '') . '</div>';
$content .= '<div>' . $lang->getLL('noAccess_msg') . '<br /><br />' . ($beUser->errorMsg ? 'Reason: ' . $beUser->errorMsg . '<br /><br />' : '') . '</div>';
}
} else {
// If no edit access, print error message:
......@@ -1100,7 +1100,7 @@ class PageLayoutController
}
// Edit page properties and page language overlay icons
if ($this->pageIsNotLockedForEditors()) {
if ($this->pageIsNotLockedForEditors() && $this->getBackendUser()->checkLanguageAccess(0)) {
// Edit localized page_language_overlay only when one specific language is selected
if ($this->MOD_SETTINGS['function'] == 1 && $this->current_sys_language > 0) {
$overlayRecord = $this->getDatabaseConnection()->exec_SELECTgetSingleRow(
......
......@@ -765,19 +765,24 @@ class PageLayoutView extends \TYPO3\CMS\Recordlist\RecordList\AbstractDatabaseRe
. '</div>'
. ' ' . $recordIcon . ' ' . htmlspecialchars(GeneralUtility::fixed_lgd_cs($lpRecord['title'], 20));
} else {
$params = '&edit[pages][' . $this->id . ']=edit';
$recordIcon = BackendUtility::wrapClickMenuOnIcon(
$this->iconFactory->getIconForRecord('pages', $this->pageRecord, Icon::SIZE_SMALL)->render(),
'pages',
$this->id
);
$editLink = ($this->getBackendUser()->check('tables_modify', 'pages_language_overlay')
? '<a href="#" class="btn btn-default btn-sm" onclick="' . htmlspecialchars(BackendUtility::editOnClick($params))
. '" title="' . $this->getLanguageService()->getLL('edit', true) . '">'
. $this->iconFactory->getIcon('actions-open', Icon::SIZE_SMALL)->render() . '</a>'
: ''
);
$editLink = '';
$recordIcon = '';
if ($this->getBackendUser()->checkLanguageAccess(0)) {
$params = '&edit[pages][' . $this->id . ']=edit';
$recordIcon = BackendUtility::wrapClickMenuOnIcon(
$this->iconFactory->getIconForRecord('pages', $this->pageRecord,
Icon::SIZE_SMALL)->render(),
'pages',
$this->id
);
$editLink = ($this->getBackendUser()->check('tables_modify', 'pages_language_overlay')
? '<a href="#" class="btn btn-default btn-sm" onclick="' . htmlspecialchars(BackendUtility::editOnClick($params))
. '" title="' . $this->getLanguageService()->getLL('edit', true) . '">'
. $this->iconFactory->getIcon('actions-open', Icon::SIZE_SMALL)->render() . '</a>'
: ''
);
}
$lPLabel =
'<div class="btn-group">'
......@@ -1176,7 +1181,7 @@ class PageLayoutView extends \TYPO3\CMS\Recordlist\RecordList\AbstractDatabaseRe
// Create command links:
if ($this->tt_contentConfig['showCommands']) {
// Edit whole of column:
if ($editParams && $this->getBackendUser()->doesUserHaveAccess($this->pageinfo, Permission::CONTENT_EDIT)) {
if ($editParams && $this->getBackendUser()->doesUserHaveAccess($this->pageinfo, Permission::CONTENT_EDIT) && $this->getBackendUser()->checkLanguageAccess(0)) {
$iconsArr['edit'] = '<a href="#" onclick="'
. htmlspecialchars(BackendUtility::editOnClick($editParams)) . '" title="'
. $this->getLanguageService()->getLL('editColumn', true) . '">'
......
......@@ -532,7 +532,7 @@ class FrontendEditingController
unset($allow['hide']);
unset($allow['delete']);
}
if (!($perms & Permission::PAGE_EDIT)) {
if (!($perms & Permission::PAGE_EDIT) || !$GLOBALS['BE_USER']->checkLanguageAccess(0)) {
unset($allow['edit']);
unset($allow['move']);
unset($allow['hide']);
......
......@@ -271,7 +271,7 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
}
// If edit permissions are set, see
// \TYPO3\CMS\Core\Authentication\BackendUserAuthentication
if ($localCalcPerms & Permission::PAGE_EDIT && !empty($this->id) && $this->editLockPermissions()) {
if ($localCalcPerms & Permission::PAGE_EDIT && !empty($this->id) && $this->editLockPermissions() && $this->getBackendUserAuthentication()->checkLanguageAccess(0)) {
// Edit
$params = '&edit[pages][' . $this->pageRow['uid'] . ']=edit';
$onClick = htmlspecialchars(BackendUtility::editOnClick($params, '', -1));
......@@ -1383,7 +1383,11 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
if ($table == 'pages') {
$localCalcPerms = $this->getBackendUserAuthentication()->calcPerms(BackendUtility::getRecord('pages', $row['uid']));
}
$permsEdit = $table === 'pages' && $localCalcPerms & Permission::PAGE_EDIT || $table !== 'pages' && $this->calcPerms & Permission::CONTENT_EDIT;
$permsEdit = $table === 'pages'
&& $this->getBackendUserAuthentication()->checkLanguageAccess(0)
&& $localCalcPerms & Permission::PAGE_EDIT
|| $table !== 'pages'
&& $this->calcPerms & Permission::CONTENT_EDIT;
$permsEdit = $this->overlayEditLockPermissions($table, $row, $permsEdit);
// "Show" link (only pages and tt_content elements)
if ($table == 'pages' || $table == 'tt_content') {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment