Commit 7c3779ad authored by Tymoteusz Motylewski's avatar Tymoteusz Motylewski Committed by Christian Kuhn
Browse files

[BUGFIX] Check permissions for page deletion in context menu

Resolves: #82777
Releases: master, 8.7
Change-Id: I080e9d47053665c51fdc7b46787cd32299bfaba9
Reviewed-on: https://review.typo3.org/55235


Tested-by: default avatarTYPO3com <no-reply@typo3.com>
Reviewed-by: Andreas Fernandez's avatarAndreas Fernandez <typo3@scripting-base.de>
Tested-by: Andreas Fernandez's avatarAndreas Fernandez <typo3@scripting-base.de>
Reviewed-by: default avatarMathias Schreiber <mathias.schreiber@typo3.com>
Tested-by: default avatarMathias Schreiber <mathias.schreiber@typo3.com>
Reviewed-by: Anja Leichsenring's avatarAnja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring's avatarAnja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Christian Kuhn's avatarChristian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn's avatarChristian Kuhn <lolli@schwarzbu.ch>
parent ef17687d
...@@ -366,10 +366,11 @@ class PageProvider extends RecordProvider ...@@ -366,10 +366,11 @@ class PageProvider extends RecordProvider
* *
* @return bool * @return bool
*/ */
protected function canBeRemoved(): bool protected function canBeDeleted(): bool
{ {
return !$this->isDeletePlaceholder() return !$this->isDeletePlaceholder()
&& !$this->isRecordLocked() && !$this->isRecordLocked()
&& !$this->isDeletionDisabledInTS()
&& $this->hasPagePermission(Permission::PAGE_DELETE); && $this->hasPagePermission(Permission::PAGE_DELETE);
} }
......
...@@ -486,15 +486,25 @@ class RecordProvider extends AbstractProvider ...@@ -486,15 +486,25 @@ class RecordProvider extends AbstractProvider
} }
/** /**
* Checks if the user has the right to delete the page * Checks if disableDelete flag is set in TSConfig for the current table
* *
* @return bool * @return bool
*/ */
protected function canBeDeleted(): bool protected function isDeletionDisabledInTS(): bool
{ {
$disableDeleteTS = $this->backendUser->getTSConfig('options.disableDelete'); $disableDeleteTS = $this->backendUser->getTSConfig('options.disableDelete');
$disableDelete = (bool) trim($disableDeleteTS['properties'][$this->table] ?? (string)$disableDeleteTS['value']); $disableDelete = (bool) trim($disableDeleteTS['properties'][$this->table] ?? (string)$disableDeleteTS['value']);
return !$disableDelete && $this->canBeEdited(); return $disableDelete;
}
/**
* Checks if the user has the right to delete the page
*
* @return bool
*/
protected function canBeDeleted(): bool
{
return !$this->isDeletionDisabledInTS() && $this->canBeEdited();
} }
/** /**
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment