Feature #17112 » 5203_4.diff
NEWS.txt (working copy) | ||
---|---|---|
* ...
|
||
* Backend rights: It is now possible to configure fileoperation permissions for groups.
|
||
Default permissions for new records moved from users to groups: Enabled default values
|
||
for new group records are file operations (Upload,Copy,Move,Delete,Rename,New,Edit),
|
||
file unzip and directory operations (Move,Delete,Rename,New). No default permissions
|
||
are enabled for new backend user records.
|
||
Backend skin
|
||
============
|
t3lib/stddb/tables.php (working copy) | ||
---|---|---|
'disabled' => 'hidden'
|
||
),
|
||
'title' => 'LLL:EXT:lang/locallang_tca.php:be_groups',
|
||
'useColumnsForDefaultValues' => 'lockToDomain',
|
||
'useColumnsForDefaultValues' => 'lockToDomain, fileoper_perms',
|
||
'dividers2tabs' => true,
|
||
'dynamicConfigFile' => 'T3LIB:tbl_be.php',
|
||
'versioningWS_alwaysAllowLiveEdit' => TRUE
|
t3lib/stddb/tables.sql (working copy) | ||
---|---|---|
cruser_id int(11) unsigned DEFAULT '0' NOT NULL,
|
||
groupMods text,
|
||
file_mountpoints varchar(255) DEFAULT '' NOT NULL,
|
||
fileoper_perms tinyint(4) DEFAULT '0' NOT NULL,
|
||
hidden tinyint(1) unsigned DEFAULT '0' NOT NULL,
|
||
inc_access_lists tinyint(3) unsigned DEFAULT '0' NOT NULL,
|
||
description text,
|
t3lib/stddb/tbl_be.php (working copy) | ||
---|---|---|
array('LLL:EXT:lang/locallang_tca.xml:be_users.fileoper_perms_diroper_perms_copy', 0),
|
||
array('LLL:EXT:lang/locallang_tca.xml:be_users.fileoper_perms_diroper_perms_delete', 0),
|
||
),
|
||
'default' => '7'
|
||
'default' => '0'
|
||
)
|
||
),
|
||
'workspace_perms' => array(
|
||
... | ... | |
$TCA['be_groups'] = array(
|
||
'ctrl' => $TCA['be_groups']['ctrl'],
|
||
'interface' => array(
|
||
'showRecordFieldList' => 'title,db_mountpoints,file_mountpoints,inc_access_lists,tables_select,tables_modify,pagetypes_select,non_exclude_fields,groupMods,lockToDomain,description'
|
||
'showRecordFieldList' => 'title,db_mountpoints,file_mountpoints,fileoper_perms,inc_access_lists,tables_select,tables_modify,pagetypes_select,non_exclude_fields,groupMods,lockToDomain,description'
|
||
),
|
||
'columns' => array(
|
||
'title' => array(
|
||
... | ... | |
)
|
||
)
|
||
),
|
||
'fileoper_perms' => array(
|
||
'label' => 'LLL:EXT:lang/locallang_tca.xml:be_groups.fileoper_perms',
|
||
'config' => array(
|
||
'type' => 'check',
|
||
'items' => array(
|
||
array('LLL:EXT:lang/locallang_tca.xml:be_groups.fileoper_perms_general', 0),
|
||
array('LLL:EXT:lang/locallang_tca.xml:be_groups.fileoper_perms_unzip', 0),
|
||
array('LLL:EXT:lang/locallang_tca.xml:be_groups.fileoper_perms_diroper_perms', 0),
|
||
array('LLL:EXT:lang/locallang_tca.xml:be_groups.fileoper_perms_diroper_perms_copy', 0),
|
||
array('LLL:EXT:lang/locallang_tca.xml:be_groups.fileoper_perms_diroper_perms_delete', 0),
|
||
),
|
||
'default' => '7'
|
||
)
|
||
),
|
||
'workspace_perms' => array(
|
||
'label' => 'LLL:EXT:lang/locallang_tca.xml:workspace_perms',
|
||
'config' => array(
|
||
... | ... | |
)
|
||
),
|
||
'types' => array(
|
||
'0' => array('showitem' => 'hidden;;;;1-1-1, title;;;;2-2-2,description, subgroup;;;;3-3-3, --div--;LLL:EXT:lang/locallang_tca.xml:be_groups.tabs.base_rights, inc_access_lists;;;;1-1-1, --div--;LLL:EXT:lang/locallang_tca.xml:be_groups.tabs.mounts_and_workspaces, db_mountpoints;;;;1-1-1,file_mountpoints, workspace_perms;;;;2-2-2, , --div--;LLL:EXT:lang/locallang_tca.xml:be_groups.tabs.options, lockToDomain;;;;1-1-1, hide_in_lists;;;;2-2-2, TSconfig;;;;3-3-3, --div--;LLL:EXT:lang/locallang_tca.xml:be_groups.tabs.extended'),
|
||
'1' => array('showitem' => 'hidden;;;;1-1-1, title;;;;2-2-2,description, subgroup;;;;3-3-3, --div--;LLL:EXT:lang/locallang_tca.xml:be_groups.tabs.base_rights, inc_access_lists;;;;1-1-1, groupMods, tables_select, tables_modify, pagetypes_select, non_exclude_fields, explicit_allowdeny , allowed_languages;;;;2-2-2, custom_options;;;;3-3-3, --div--;LLL:EXT:lang/locallang_tca.xml:be_groups.tabs.mounts_and_workspaces, db_mountpoints;;;;1-1-1,file_mountpoints, workspace_perms;;;;2-2-2, --div--;LLL:EXT:lang/locallang_tca.xml:be_groups.tabs.options, lockToDomain;;;;1-1-1, hide_in_lists;;;;2-2-2, TSconfig;;;;3-3-3, --div--;LLL:EXT:lang/locallang_tca.xml:be_groups.tabs.extended')
|
||
'0' => array('showitem' => 'hidden;;;;1-1-1, title;;;;2-2-2, description, subgroup;;;;3-3-3,
|
||
--div--;LLL:EXT:lang/locallang_tca.xml:be_groups.tabs.base_rights, inc_access_lists;;;;1-1-1,
|
||
--div--;LLL:EXT:lang/locallang_tca.xml:be_groups.tabs.mounts_and_workspaces, workspace_perms;;;;1-1-1, db_mountpoints;;;;2-2-2, file_mountpoints;;;;3-3-3, fileoper_perms,
|
||
--div--;LLL:EXT:lang/locallang_tca.xml:be_groups.tabs.options, lockToDomain;;;;1-1-1, hide_in_lists;;;;2-2-2, TSconfig;;;;3-3-3,
|
||
--div--;LLL:EXT:lang/locallang_tca.xml:be_groups.tabs.extended'
|
||
),
|
||
'1' => array('showitem' => 'hidden;;;;1-1-1, title;;;;2-2-2, description, subgroup;;;;3-3-3,
|
||
--div--;LLL:EXT:lang/locallang_tca.xml:be_groups.tabs.base_rights, inc_access_lists;;;;1-1-1, groupMods, tables_select, tables_modify, pagetypes_select, non_exclude_fields, explicit_allowdeny , allowed_languages;;;;2-2-2, custom_options;;;;3-3-3,
|
||
--div--;LLL:EXT:lang/locallang_tca.xml:be_groups.tabs.mounts_and_workspaces, workspace_perms;;;;1-1-1, db_mountpoints;;;;2-2-2, file_mountpoints;;;;3-3-3, fileoper_perms,
|
||
--div--;LLL:EXT:lang/locallang_tca.xml:be_groups.tabs.options, lockToDomain;;;;1-1-1, hide_in_lists;;;;2-2-2, TSconfig;;;;3-3-3,
|
||
--div--;LLL:EXT:lang/locallang_tca.xml:be_groups.tabs.extended'
|
||
)
|
||
)
|
||
);
|
||
t3lib/class.t3lib_extfilefunc.php (working copy) | ||
---|---|---|
/**
|
||
* Sets up permission to perform file/directory operations.
|
||
* See below or the be_user-table for the significanse of the various bits in $setup ($BE_USER->user['fileoper_perms'])
|
||
* See below or the be_user-table for the significanse of the various bits in $setup.
|
||
*
|
||
* @param integer File permission integer from BE_USER object.
|
||
* @param integer File permission integer from BE_USER OR'ed with fileoper_perms of BE groups this user is member of
|
||
* @return void
|
||
*/
|
||
function init_actionPerms($setup) {
|
t3lib/class.t3lib_userauthgroup.php (working copy) | ||
---|---|---|
var $dataLists=array( // Used internally to accumulate data for the user-group. DONT USE THIS EXTERNALLY! Use $this->groupData instead
|
||
'webmount_list'=>'',
|
||
'filemount_list'=>'',
|
||
'fileoper_perms' => 0,
|
||
'modList'=>'',
|
||
'tables_select'=>'',
|
||
'tables_modify'=>'',
|
||
... | ... | |
}
|
||
/**
|
||
* Returns an integer bitmask that represents the permissions for fileoperations.
|
||
* Permissions are OR'ed from fileoper_perms of user and groups the user is member of.
|
||
* 1 - Files: Upload,Copy,Move,Delete,Rename
|
||
* 2 - Files: Unzip
|
||
* 4 - Directory: Move,Delete,Rename,New
|
||
* 8 - Directory: Copy
|
||
* 16 - Directory: Delete recursively (rm -Rf)
|
||
*
|
||
* @return integer Bitmask
|
||
*/
|
||
public function getFileoperationPermissions() {
|
||
return $this->groupData['fileoper_perms'];
|
||
}
|
||
/**
|
||
* Returns true or false, depending if an alert popup (a javascript confirmation) should be shown
|
||
* call like $GLOBALS['BE_USER']->jsConfirmation($BITMASK)
|
||
*
|
||
... | ... | |
$this->dataLists['workspace_perms'] = $this->user['workspace_perms']; // Set user value for workspace permissions.
|
||
$this->dataLists['webmount_list'] = $this->user['db_mountpoints']; // Database mountpoints
|
||
$this->dataLists['filemount_list'] = $this->user['file_mountpoints']; // File mountpoints
|
||
$this->dataLists['fileoper_perms'] = (int)$this->user['fileoper_perms']; // Fileoperation permissions
|
||
// Setting default User TSconfig:
|
||
$this->TSdataArray[]=$this->addTScomment('From $GLOBALS["TYPO3_CONF_VARS"]["BE"]["defaultUserTSconfig"]:').
|
||
... | ... | |
$this->groupData['allowed_languages'] = t3lib_div::uniqueList($this->dataLists['allowed_languages']);
|
||
$this->groupData['custom_options'] = t3lib_div::uniqueList($this->dataLists['custom_options']);
|
||
$this->groupData['modules'] = t3lib_div::uniqueList($this->dataLists['modList']);
|
||
$this->groupData['fileoper_perms'] = $this->dataLists['fileoper_perms'];
|
||
$this->groupData['workspace_perms'] = $this->dataLists['workspace_perms'];
|
||
// populating the $this->userGroupsUID -array with the groups in the order in which they were LAST included.!!
|
||
... | ... | |
$this->dataLists['custom_options'].= ','.$row['custom_options'];
|
||
}
|
||
// Setting fileoperation permissions
|
||
$this->dataLists['fileoper_perms'] |= (int)$row['fileoper_perms'];
|
||
// Setting workspace permissions:
|
||
$this->dataLists['workspace_perms'] |= $row['workspace_perms'];
|
||
typo3/file_list.php (working copy) | ||
---|---|---|
// Init file processing object for deleting and pass the cmd array.
|
||
$fileProcessor = t3lib_div::makeInstance('t3lib_extFileFunctions');
|
||
$fileProcessor->init($FILEMOUNTS, $TYPO3_CONF_VARS['BE']['fileExtensions']);
|
||
$fileProcessor->init_actionPerms($BE_USER->user['fileoper_perms']);
|
||
$fileProcessor->init_actionPerms($GLOBALS['BE_USER']->getFileoperationPermissions());
|
||
$fileProcessor->dontCheckForUnique = $this->overwriteExistingFiles ? 1 : 0;
|
||
$fileProcessor->start($FILE);
|
||
$fileProcessor->processData();
|
typo3/tce_file.php (working copy) | ||
---|---|---|
// Initializing:
|
||
$this->fileProcessor = t3lib_div::makeInstance('t3lib_extFileFunctions');
|
||
$this->fileProcessor->init($FILEMOUNTS, $TYPO3_CONF_VARS['BE']['fileExtensions']);
|
||
$this->fileProcessor->init_actionPerms($BE_USER->user['fileoper_perms']);
|
||
$this->fileProcessor->init_actionPerms($GLOBALS['BE_USER']->getFileoperationPermissions());
|
||
$this->fileProcessor->dontCheckForUnique = $this->overwriteExistingFiles ? 1 : 0;
|
||
// Checking referer / executing:
|
typo3/sysext/lowlevel/clmods/class.rte_images.php (working copy) | ||
---|---|---|
* @return object File processor object
|
||
*/
|
||
function &getFileProcObj() {
|
||
global $FILEMOUNTS, $TYPO3_CONF_VARS, $BE_USER;
|
||
global $FILEMOUNTS, $TYPO3_CONF_VARS;
|
||
if (!is_object($this->fileProcObj)) {
|
||
$this->fileProcObj = t3lib_div::makeInstance('t3lib_extFileFunctions');
|
||
$this->fileProcObj->init($FILEMOUNTS, $TYPO3_CONF_VARS['BE']['fileExtensions']);
|
||
$this->fileProcObj->init_actionPerms($BE_USER->user['fileoper_perms']);
|
||
$this->fileProcObj->init_actionPerms($GLOBALS['BE_USER']->getFileoperationPermissions());
|
||
}
|
||
return $this->fileProcObj;
|
||
}
|
||
}
|
||
?>
|
||
?>
|
typo3/sysext/lang/locallang_csh_be_groups.xml (working copy) | ||
---|---|---|
This is the page tree of the "admin" user. Notice the folder "user_upload" which is the folder referred to by the File Mount record.
|
||
This shows the mounted folder as seen by a user who was member of the group.
|
||
Filemount records are also created in the page tree root.</label>
|
||
<label index="fileoper_perms.description">Select file operation permissions for the group members.</label>
|
||
<label index="fileoper_perms.details">These settings relates to the functions found in the File>Filelist module as well as general upload of files.
|
||
|
||
<strong>Notice</strong> that this list adds to the fields selected in other member groups and fields selected of a user.</label>
|
||
<label index="_fileoper_perms.seeAlso">be_groups:file_mountpoints,
|
||
be_users:file_mountpoints,
|
||
be_users:fileoper_perms</label>
|
||
<label index="pagetypes_select.description">Select which 'Types' of Pages the members may set.</label>
|
||
<label index="pagetypes_select.details">This option limits the number of valid choices for the user when he is about to select a page type.
|
||
Choice of Page types (doktype) for a page is associated with a) a special icon for the page, b) permitted tables on the page (see $PAGES_TYPES global variable) and c) if the page is a web page or "system folder" type.</label>
|
||
... | ... | |
<label index="custom_options.image_descr">This is just an example from an internal test application. It shows how checkboxes are added by a custom module under its own header. You can also show a description text with each checkbox to explain its function.</label>
|
||
</languageKey>
|
||
</data>
|
||
</T3locallang>
|
||
</T3locallang>
|
typo3/sysext/lang/locallang_csh_be_users.xml (working copy) | ||
---|---|---|
<label index="_options.seeAlso">be_users:db_mountpoints,
|
||
be_users:file_mountpoints</label>
|
||
<label index="fileoper_perms.description">Select file operation permissions for the user.</label>
|
||
<label index="fileoper_perms.details">These settings relates to the functions found in the File>List module as well as general upload of files.</label>
|
||
<label index="_fileoper_perms.seeAlso">be_users:file_mountpoints</label>
|
||
<label index="fileoper_perms.details">These settings relates to the functions found in the File>List module as well as general upload of files.
|
||
<strong>Notice</strong> that backend user groups also has fileoperation permissions which can be inherited by the user. So if you want a group of users share identical fileoperation permissions, you should probably set them in a user group which they share instead.</label>
|
||
<label index="_fileoper_perms.seeAlso">be_users:file_mountpoints,
|
||
be_group:fileoper_perms</label>
|
||
<label index="starttime.description">Enter the date from which the account is active.</label>
|
||
<label index="_starttime.seeAlso">be_users:disable,
|
||
be_users:endtime,
|
||
... | ... | |
<label index="_allowed_languages.image">EXT:lang/cshimages/be_groups_18.png</label>
|
||
</languageKey>
|
||
</data>
|
||
</T3locallang>
|
||
</T3locallang>
|
typo3/sysext/lang/locallang_tca.xml (working copy) | ||
---|---|---|
<label index="be_groups.subgroup">Sub Groups:</label>
|
||
<label index="be_groups.tabs.base_rights">Access Lists</label>
|
||
<label index="be_groups.tabs.mounts_and_workspaces">Mounts and Workspaces</label>
|
||
<label index="be_groups.fileoper_perms">Fileoperation permissions:</label>
|
||
<label index="be_groups.fileoper_perms_general">Files: Upload,Copy,Move,Delete,Rename,New,Edit</label>
|
||
<label index="be_groups.fileoper_perms_unzip">Files: Unzip</label>
|
||
<label index="be_groups.fileoper_perms_diroper_perms">Directory: Move,Delete,Rename,New</label>
|
||
<label index="be_groups.fileoper_perms_diroper_perms_copy">Directory: Copy</label>
|
||
<label index="be_groups.fileoper_perms_diroper_perms_delete">Directory: Delete recursively (rm -Rf)</label>
|
||
<label index="be_groups.tabs.options">Options</label>
|
||
<label index="be_groups.tabs.extended">Extended</label>
|
||
<label index="sys_filemounts.tabs.users">Users</label>
|
typo3/sysext/impexp/app/index.php (working copy) | ||
---|---|---|
// Initializing:
|
||
$this->fileProcessor = t3lib_div::makeInstance('t3lib_extFileFunctions');
|
||
$this->fileProcessor->init($FILEMOUNTS, $TYPO3_CONF_VARS['BE']['fileExtensions']);
|
||
$this->fileProcessor->init_actionPerms($BE_USER->user['fileoper_perms']);
|
||
$this->fileProcessor->init_actionPerms($GLOBALS['BE_USER']->getFileoperationPermissions());
|
||
$this->fileProcessor->dontCheckForUnique = t3lib_div::_GP('overwriteExistingFiles') ? 1 : 0;
|
||
// Checking referer / executing:
|
typo3/sysext/impexp/class.tx_impexp.php (working copy) | ||
---|---|---|
* @return object File processor object
|
||
*/
|
||
function &getFileProcObj() {
|
||
global $FILEMOUNTS, $TYPO3_CONF_VARS, $BE_USER;
|
||
if (!is_object($this->fileProcObj)) {
|
||
$this->fileProcObj = t3lib_div::makeInstance('t3lib_extFileFunctions');
|
||
$this->fileProcObj->init($FILEMOUNTS, $TYPO3_CONF_VARS['BE']['fileExtensions']);
|
||
$this->fileProcObj->init_actionPerms($BE_USER->user['fileoper_perms']);
|
||
$this->fileProcObj->init($GLOBALS['FILEMOUNTS'], $GLOBALS['TYPO3_CONF_VARS']['BE']['fileExtensions']);
|
||
$this->fileProcObj->init_actionPerms($GLOBALS['BE_USER']->getFileoperationPermissions());
|
||
}
|
||
return $this->fileProcObj;
|
||
}
|
||
... | ... | |
if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['ext/impexp/class.tx_impexp.php']) {
|
||
include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['ext/impexp/class.tx_impexp.php']);
|
||
}
|
||
?>
|
||
?>
|
typo3/sysext/install/mod/class.tx_install.php (working copy) | ||
---|---|---|
'password' => md5($pass),
|
||
'admin' => 1,
|
||
'uc' => '',
|
||
'fileoper_perms' => 7,
|
||
'fileoper_perms' => 0,
|
||
'tstamp' => time(),
|
||
'crdate' => time()
|
||
);
|
||
... | ... | |
'password' => md5($pass),
|
||
'admin' => 1,
|
||
'uc' => '',
|
||
'fileoper_perms' => 7,
|
||
'fileoper_perms' => 0,
|
||
'tstamp' => time(),
|
||
'crdate' => time()
|
||
);
|