Commit 6d0c1bae authored by Markus Klein's avatar Markus Klein
Browse files

[BUGFIX] Correctly evaluate content edit permissions for users

Users are permitted to edit content of a page, even though
they are not permitted to edit the page itself.

Resolves: #72172
Releases: master
Change-Id: Ie2e60beec5a04632cf1cb7fef32929cab51408c2
Reviewed-on: https://review.typo3.org/45231

Reviewed-by: Georg Ringer's avatarGeorg Ringer <georg.ringer@gmail.com>
Tested-by: Georg Ringer's avatarGeorg Ringer <georg.ringer@gmail.com>
Reviewed-by: Wouter Wolters's avatarWouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Johannes Kasberger's avatarJohannes Kasberger <johannes.kasberger@reelworx.at>
Tested-by: Johannes Kasberger's avatarJohannes Kasberger <johannes.kasberger@reelworx.at>
Reviewed-by: Markus Klein's avatarMarkus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein's avatarMarkus Klein <markus.klein@typo3.org>
parent 93c6430c
......@@ -593,7 +593,7 @@ class PageLayoutController
if ($this->id && $access) {
// Initialize permission settings:
$this->CALC_PERMS = $this->getBackendUser()->calcPerms($this->pageinfo);
$this->EDIT_CONTENT = $this->pageIsNotLockedForEditors();
$this->EDIT_CONTENT = $this->contentIsNotLockedForEditors();
$this->moduleTemplate->getDocHeaderComponent()->setMetaInformation($this->pageinfo);
......@@ -1354,7 +1354,7 @@ class PageLayoutController
}
/**
* Check the editlock access
* Check if page can be edited by current user
*
* @return bool
*/
......@@ -1363,6 +1363,16 @@ class PageLayoutController
return $this->getBackendUser()->isAdmin() || ($this->CALC_PERMS & Permission::PAGE_EDIT) === Permission::PAGE_EDIT && !$this->pageinfo['editlock'];
}
/**
* Check if content can be edited by current user
*
* @return bool
*/
protected function contentIsNotLockedForEditors()
{
return $this->getBackendUser()->isAdmin() || ($this->CALC_PERMS & Permission::CONTENT_EDIT) === Permission::CONTENT_EDIT && !$this->pageinfo['editlock'];
}
/**
* Returns LanguageService
*
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment