search

contao / contao

Contao Open Source CMS
https://contao.org
GNU Lesser General Public License v3.0
350 stars 159 forks source link

Inhaltselement - Toggle verstecken/anzeigen > HTTP 403 #1499

Closed kalterwind closed 4 years ago

kalterwind commented 4 years ago

Affected version(s)

Contao 4.9.1

Description

Normaler Benutzer (Admin funktioneit), nur Gruppenrechte (alles angehakt). Inhaltselement per Auge switchen: HTTP Status: 403

Übrigens beim Inhaltselement "Text" geht es, zB bei "Bild" oder "Überschrift" nicht.

"Not enough permissions to modify content elements of type "headline"." Stack Traces (2):

[2/2] AccessDeniedHttpException
Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException:
Not enough permissions to modify content elements of type "headline".

  at vendor/symfony/security-http/Firewall/ExceptionListener.php:137
  at Symfony\Component\Security\Http\Firewall\ExceptionListener->handleAccessDeniedException(object(ExceptionEvent), object(AccessDeniedException))
     (vendor/symfony/security-http/Firewall/ExceptionListener.php:102)
  at Symfony\Component\Security\Http\Firewall\ExceptionListener->onKernelException(object(ExceptionEvent), 'kernel.exception', object(TraceableEventDispatcher))
     (vendor/symfony/event-dispatcher/Debug/WrappedListener.php:126)
  at Symfony\Component\EventDispatcher\Debug\WrappedListener->__invoke(object(ExceptionEvent), 'kernel.exception', object(TraceableEventDispatcher))
     (vendor/symfony/event-dispatcher/EventDispatcher.php:264)
  at Symfony\Component\EventDispatcher\EventDispatcher->doDispatch(array(object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener)), 'kernel.exception', object(ExceptionEvent))
     (vendor/symfony/event-dispatcher/EventDispatcher.php:239)
  at Symfony\Component\EventDispatcher\EventDispatcher->callListeners(array(object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener)), 'kernel.exception', object(ExceptionEvent))
     (vendor/symfony/event-dispatcher/EventDispatcher.php:73)
  at Symfony\Component\EventDispatcher\EventDispatcher->dispatch(object(ExceptionEvent), 'kernel.exception')
     (vendor/symfony/event-dispatcher/Debug/TraceableEventDispatcher.php:168)
  at Symfony\Component\EventDispatcher\Debug\TraceableEventDispatcher->dispatch(object(ExceptionEvent), 'kernel.exception')
     (vendor/symfony/http-kernel/HttpKernel.php:207)
  at Symfony\Component\HttpKernel\HttpKernel->handleThrowable(object(AccessDeniedException), object(Request), 1)
     (vendor/symfony/http-kernel/HttpKernel.php:79)
  at Symfony\Component\HttpKernel\HttpKernel->handle(object(Request), 1, true)
     (vendor/symfony/http-kernel/Kernel.php:201)
  at Symfony\Component\HttpKernel\Kernel->handle(object(Request))
     (web/index.php:31)
  at require('/www/htdocs/xxxx/web/index.php')
     (web/app.php:4)`

[1/2] AccessDeniedException
Contao\CoreBundle\Exception\AccessDeniedException:
Not enough permissions to modify content elements of type "headline".

  at vendor/contao/core-bundle/src/Resources/contao/dca/tl_content.php:2036
  at tl_content->toggleVisibility('628', false, object(DC_Table))
     (vendor/contao/core-bundle/src/Resources/contao/dca/tl_content.php:1960)
  at tl_content->toggleIcon(array('id' => '628', 'pid' => '271', 'ptable' => 'tl_article', 'sorting' => '64', 'tstamp' => '1583316317', 'type' => 'headline', 'headline' => 'a:2:{s:4:"unit";s:2:"h3";s:5:"value";s:57:"Nicht das Richtige dabei? Dann schauen Sie doch mal hier:";}', 'text' => null, 'addImage' => '', 'overwriteMeta' => '', 'singleSRC' => null, 'alt' => '', 'imageTitle' => '', 'size' => '', 'imagemargin' => '', 'imageUrl' => '', 'fullsize' => '', 'caption' => '', 'floating' => 'above', 'html' => null, 'listtype' => '', 'listitems' => null, 'tableitems' => null, 'summary' => '', 'thead' => '', 'tfoot' => '', 'tleft' => '', 'sortable' => '', 'sortIndex' => '0', 'sortOrder' => 'ascending', 'mooHeadline' => '', 'mooStyle' => '', 'mooClasses' => '', 'highlight' => '', 'code' => null, 'url' => '', 'target' => '', 'titleText' => '', 'linkTitle' => '', 'embed' => '', 'rel' => '', 'useImage' => '', 'multiSRC' => null, 'orderSRC' => null, 'useHomeDir' => '', 'perRow' => '4', 'perPage' => '0', 'numberOfItems' => '0', 'sortBy' => '', 'metaIgnore' => '', 'galleryTpl' => '', 'customTpl' => '', 'playerSRC' => null, 'youtube' => '', 'vimeo' => '', 'posterSRC' => null, 'playerSize' => '', 'inline' => '', 'sliderDelay' => '0', 'sliderSpeed' => '300', 'sliderStartSlide' => '0', 'sliderContinuous' => '', 'cteAlias' => '0', 'articleAlias' => '0', 'article' => '0', 'form' => '0', 'module' => '0', 'protected' => '', 'groups' => null, 'guests' => '', 'cssID' => 'a:2:{i:0;s:0:"";i:1;s:0:"";}', 'invisible' => '', 'start' => '', 'stop' => '', 'mm_contentbox_direkt_multi' => null, 'mmcontentbox_direkt_options' => null, 'mmcontentbox_direkt_row' => '2', 'cssStyleSelector' => null, 'cssClasses' => '', 'mm_contenttabs_multi' => null, 'mm_contenttabs_options' => null, 'mmcontentbox_options' => null, 'mmcontentbox_row' => '3', 'mmcontentbox_auswahl' => null, 'mmcontentbox_direkt_intern' => '2', 'youtubeOptions' => null, 'overwriteLink' => '', 'playerOptions' => null, 'vimeoOptions' => null, 'playerStart' => '0', 'playerStop' => '0', 'playerColor' => '', 'playerPreload' => '', 'splashImage' => '', 'playerAspect' => 'none', 'playerCaption' => ''), null, 'Inhaltselement ID 628 verstecken/anzeigen', 'Inhaltselement ID 628 verstecken/anzeigen', 'visible.svg', ' class="toggle" onclick="Backend.getScrollOffset();return AjaxRequest.toggleVisibility(this,628)"', 'tl_content', null, null, false, null, '627', object(DC_Table))
     (vendor/contao/core-bundle/src/Resources/contao/classes/DataContainer.php:790)
  at Contao\DataContainer->generateButtons(array('id' => '628', 'pid' => '271', 'ptable' => 'tl_article', 'sorting' => '64', 'tstamp' => '1583316317', 'type' => 'headline', 'headline' => 'a:2:{s:4:"unit";s:2:"h3";s:5:"value";s:57:"Nicht das Richtige dabei? Dann schauen Sie doch mal hier:";}', 'text' => null, 'addImage' => '', 'overwriteMeta' => '', 'singleSRC' => null, 'alt' => '', 'imageTitle' => '', 'size' => '', 'imagemargin' => '', 'imageUrl' => '', 'fullsize' => '', 'caption' => '', 'floating' => 'above', 'html' => null, 'listtype' => '', 'listitems' => null, 'tableitems' => null, 'summary' => '', 'thead' => '', 'tfoot' => '', 'tleft' => '', 'sortable' => '', 'sortIndex' => '0', 'sortOrder' => 'ascending', 'mooHeadline' => '', 'mooStyle' => '', 'mooClasses' => '', 'highlight' => '', 'code' => null, 'url' => '', 'target' => '', 'titleText' => '', 'linkTitle' => '', 'embed' => '', 'rel' => '', 'useImage' => '', 'multiSRC' => null, 'orderSRC' => null, 'useHomeDir' => '', 'perRow' => '4', 'perPage' => '0', 'numberOfItems' => '0', 'sortBy' => '', 'metaIgnore' => '', 'galleryTpl' => '', 'customTpl' => '', 'playerSRC' => null, 'youtube' => '', 'vimeo' => '', 'posterSRC' => null, 'playerSize' => '', 'inline' => '', 'sliderDelay' => '0', 'sliderSpeed' => '300', 'sliderStartSlide' => '0', 'sliderContinuous' => '', 'cteAlias' => '0', 'articleAlias' => '0', 'article' => '0', 'form' => '0', 'module' => '0', 'protected' => '', 'groups' => null, 'guests' => '', 'cssID' => 'a:2:{i:0;s:0:"";i:1;s:0:"";}', 'invisible' => '', 'start' => '', 'stop' => '', 'mm_contentbox_direkt_multi' => null, 'mmcontentbox_direkt_options' => null, 'mmcontentbox_direkt_row' => '2', 'cssStyleSelector' => null, 'cssClasses' => '', 'mm_contenttabs_multi' => null, 'mm_contenttabs_options' => null, 'mmcontentbox_options' => null, 'mmcontentbox_row' => '3', 'mmcontentbox_auswahl' => null, 'mmcontentbox_direkt_intern' => '2', 'youtubeOptions' => null, 'overwriteLink' => '', 'playerOptions' => null, 'vimeoOptions' => null, 'playerStart' => '0', 'playerStop' => '0', 'playerColor' => '', 'playerPreload' => '', 'splashImage' => '', 'playerAspect' => 'none', 'playerCaption' => ''), 'tl_content', null, false, null, null, '627')
     (vendor/contao/core-bundle/src/Resources/contao/drivers/DC_Table.php:4519)
  at Contao\DC_Table->parentView()
     (vendor/contao/core-bundle/src/Resources/contao/drivers/DC_Table.php:364)
  at Contao\DC_Table->showAll()
     (vendor/contao/core-bundle/src/Resources/contao/classes/Backend.php:644)
  at Contao\Backend->getBackendModule('article', null)
     (vendor/contao/core-bundle/src/Resources/contao/controllers/BackendMain.php:155)
  at Contao\BackendMain->run()
     (vendor/contao/core-bundle/src/Controller/BackendController.php:48)
  at Contao\CoreBundle\Controller\BackendController->mainAction()
     (vendor/symfony/http-kernel/HttpKernel.php:146)
  at Symfony\Component\HttpKernel\HttpKernel->handleRaw(object(Request), 1)
     (vendor/symfony/http-kernel/HttpKernel.php:68)
  at Symfony\Component\HttpKernel\HttpKernel->handle(object(Request), 1, true)
     (vendor/symfony/http-kernel/Kernel.php:201)
  at Symfony\Component\HttpKernel\Kernel->handle(object(Request))
     (web/index.php:31)
  at require('/www/htdocs/xxxxx/web/index.php')
     (web/app.php:4)
aschempp commented 4 years ago

hast du auch die Berechtigungen auf die entsprechenden Datenbankfelder (tl_content.invisible). gesetzt?

Funbug commented 4 years ago

Ich bin gerade auch auf das Problem gestoßen. Diese Änderung löst es aber leider nicht.