Index: NEWS.txt
===================================================================
--- NEWS.txt (revision 4395)
+++ NEWS.txt (working copy)
@@ -103,6 +103,11 @@
* ...
+ * Backend rights: It is now possible to configure fileoperation permissions for groups.
+ Default permissions for new records moved from users to groups: Enabled default values
+ for new group records are file operations (Upload,Copy,Move,Delete,Rename,New,Edit),
+ file unzip and directory operations (Move,Delete,Rename,New). No default permissions
+ are enabled for new backend user records.
Backend skin
============
Index: t3lib/stddb/tables.php
===================================================================
--- t3lib/stddb/tables.php (revision 4395)
+++ t3lib/stddb/tables.php (working copy)
@@ -316,7 +316,7 @@
'disabled' => 'hidden'
),
'title' => 'LLL:EXT:lang/locallang_tca.php:be_groups',
- 'useColumnsForDefaultValues' => 'lockToDomain',
+ 'useColumnsForDefaultValues' => 'lockToDomain, fileoper_perms',
'dividers2tabs' => true,
'dynamicConfigFile' => 'T3LIB:tbl_be.php',
'versioningWS_alwaysAllowLiveEdit' => TRUE
Index: t3lib/stddb/tables.sql
===================================================================
--- t3lib/stddb/tables.sql (revision 4395)
+++ t3lib/stddb/tables.sql (working copy)
@@ -22,6 +22,7 @@
cruser_id int(11) unsigned DEFAULT '0' NOT NULL,
groupMods text,
file_mountpoints varchar(255) DEFAULT '' NOT NULL,
+ fileoper_perms tinyint(4) DEFAULT '0' NOT NULL,
hidden tinyint(1) unsigned DEFAULT '0' NOT NULL,
inc_access_lists tinyint(3) unsigned DEFAULT '0' NOT NULL,
description text,
Index: t3lib/stddb/tbl_be.php
===================================================================
--- t3lib/stddb/tbl_be.php (revision 4395)
+++ t3lib/stddb/tbl_be.php (working copy)
@@ -240,7 +240,7 @@
array('LLL:EXT:lang/locallang_tca.xml:be_users.fileoper_perms_diroper_perms_copy', 0),
array('LLL:EXT:lang/locallang_tca.xml:be_users.fileoper_perms_diroper_perms_delete', 0),
),
- 'default' => '7'
+ 'default' => '0'
)
),
'workspace_perms' => array(
@@ -406,7 +406,7 @@
$TCA['be_groups'] = array(
'ctrl' => $TCA['be_groups']['ctrl'],
'interface' => array(
- 'showRecordFieldList' => 'title,db_mountpoints,file_mountpoints,inc_access_lists,tables_select,tables_modify,pagetypes_select,non_exclude_fields,groupMods,lockToDomain,description'
+ 'showRecordFieldList' => 'title,db_mountpoints,file_mountpoints,fileoper_perms,inc_access_lists,tables_select,tables_modify,pagetypes_select,non_exclude_fields,groupMods,lockToDomain,description'
),
'columns' => array(
'title' => array(
@@ -476,6 +476,20 @@
)
)
),
+ 'fileoper_perms' => array(
+ 'label' => 'LLL:EXT:lang/locallang_tca.xml:be_groups.fileoper_perms',
+ 'config' => array(
+ 'type' => 'check',
+ 'items' => array(
+ array('LLL:EXT:lang/locallang_tca.xml:be_groups.fileoper_perms_general', 0),
+ array('LLL:EXT:lang/locallang_tca.xml:be_groups.fileoper_perms_unzip', 0),
+ array('LLL:EXT:lang/locallang_tca.xml:be_groups.fileoper_perms_diroper_perms', 0),
+ array('LLL:EXT:lang/locallang_tca.xml:be_groups.fileoper_perms_diroper_perms_copy', 0),
+ array('LLL:EXT:lang/locallang_tca.xml:be_groups.fileoper_perms_diroper_perms_delete', 0),
+ ),
+ 'default' => '7'
+ )
+ ),
'workspace_perms' => array(
'label' => 'LLL:EXT:lang/locallang_tca.xml:workspace_perms',
'config' => array(
@@ -649,8 +663,18 @@
)
),
'types' => array(
- '0' => array('showitem' => 'hidden;;;;1-1-1, title;;;;2-2-2,description, subgroup;;;;3-3-3, --div--;LLL:EXT:lang/locallang_tca.xml:be_groups.tabs.base_rights, inc_access_lists;;;;1-1-1, --div--;LLL:EXT:lang/locallang_tca.xml:be_groups.tabs.mounts_and_workspaces, db_mountpoints;;;;1-1-1,file_mountpoints, workspace_perms;;;;2-2-2, , --div--;LLL:EXT:lang/locallang_tca.xml:be_groups.tabs.options, lockToDomain;;;;1-1-1, hide_in_lists;;;;2-2-2, TSconfig;;;;3-3-3, --div--;LLL:EXT:lang/locallang_tca.xml:be_groups.tabs.extended'),
- '1' => array('showitem' => 'hidden;;;;1-1-1, title;;;;2-2-2,description, subgroup;;;;3-3-3, --div--;LLL:EXT:lang/locallang_tca.xml:be_groups.tabs.base_rights, inc_access_lists;;;;1-1-1, groupMods, tables_select, tables_modify, pagetypes_select, non_exclude_fields, explicit_allowdeny , allowed_languages;;;;2-2-2, custom_options;;;;3-3-3, --div--;LLL:EXT:lang/locallang_tca.xml:be_groups.tabs.mounts_and_workspaces, db_mountpoints;;;;1-1-1,file_mountpoints, workspace_perms;;;;2-2-2, --div--;LLL:EXT:lang/locallang_tca.xml:be_groups.tabs.options, lockToDomain;;;;1-1-1, hide_in_lists;;;;2-2-2, TSconfig;;;;3-3-3, --div--;LLL:EXT:lang/locallang_tca.xml:be_groups.tabs.extended')
+ '0' => array('showitem' => 'hidden;;;;1-1-1, title;;;;2-2-2, description, subgroup;;;;3-3-3,
+ --div--;LLL:EXT:lang/locallang_tca.xml:be_groups.tabs.base_rights, inc_access_lists;;;;1-1-1,
+ --div--;LLL:EXT:lang/locallang_tca.xml:be_groups.tabs.mounts_and_workspaces, workspace_perms;;;;1-1-1, db_mountpoints;;;;2-2-2, file_mountpoints;;;;3-3-3, fileoper_perms,
+ --div--;LLL:EXT:lang/locallang_tca.xml:be_groups.tabs.options, lockToDomain;;;;1-1-1, hide_in_lists;;;;2-2-2, TSconfig;;;;3-3-3,
+ --div--;LLL:EXT:lang/locallang_tca.xml:be_groups.tabs.extended'
+ ),
+ '1' => array('showitem' => 'hidden;;;;1-1-1, title;;;;2-2-2, description, subgroup;;;;3-3-3,
+ --div--;LLL:EXT:lang/locallang_tca.xml:be_groups.tabs.base_rights, inc_access_lists;;;;1-1-1, groupMods, tables_select, tables_modify, pagetypes_select, non_exclude_fields, explicit_allowdeny , allowed_languages;;;;2-2-2, custom_options;;;;3-3-3,
+ --div--;LLL:EXT:lang/locallang_tca.xml:be_groups.tabs.mounts_and_workspaces, workspace_perms;;;;1-1-1, db_mountpoints;;;;2-2-2, file_mountpoints;;;;3-3-3, fileoper_perms,
+ --div--;LLL:EXT:lang/locallang_tca.xml:be_groups.tabs.options, lockToDomain;;;;1-1-1, hide_in_lists;;;;2-2-2, TSconfig;;;;3-3-3,
+ --div--;LLL:EXT:lang/locallang_tca.xml:be_groups.tabs.extended'
+ )
)
);
Index: t3lib/class.t3lib_extfilefunc.php
===================================================================
--- t3lib/class.t3lib_extfilefunc.php (revision 4395)
+++ t3lib/class.t3lib_extfilefunc.php (working copy)
@@ -175,9 +175,9 @@
/**
* Sets up permission to perform file/directory operations.
- * See below or the be_user-table for the significanse of the various bits in $setup ($BE_USER->user['fileoper_perms'])
+ * See below or the be_user-table for the significanse of the various bits in $setup.
*
- * @param integer File permission integer from BE_USER object.
+ * @param integer File permission integer from BE_USER OR'ed with fileoper_perms of BE groups this user is member of
* @return void
*/
function init_actionPerms($setup) {
Index: t3lib/class.t3lib_userauthgroup.php
===================================================================
--- t3lib/class.t3lib_userauthgroup.php (revision 4395)
+++ t3lib/class.t3lib_userauthgroup.php (working copy)
@@ -149,6 +149,7 @@
var $dataLists=array( // Used internally to accumulate data for the user-group. DONT USE THIS EXTERNALLY! Use $this->groupData instead
'webmount_list'=>'',
'filemount_list'=>'',
+ 'fileoper_perms' => 0,
'modList'=>'',
'tables_select'=>'',
'tables_modify'=>'',
@@ -1013,6 +1014,21 @@
}
/**
+ * Returns an integer bitmask that represents the permissions for fileoperations.
+ * Permissions are OR'ed from fileoper_perms of user and groups the user is member of.
+ * 1 - Files: Upload,Copy,Move,Delete,Rename
+ * 2 - Files: Unzip
+ * 4 - Directory: Move,Delete,Rename,New
+ * 8 - Directory: Copy
+ * 16 - Directory: Delete recursively (rm -Rf)
+ *
+ * @return integer Bitmask
+ */
+ public function getFileoperationPermissions() {
+ return $this->groupData['fileoper_perms'];
+ }
+
+ /**
* Returns true or false, depending if an alert popup (a javascript confirmation) should be shown
* call like $GLOBALS['BE_USER']->jsConfirmation($BITMASK)
*
@@ -1072,6 +1088,7 @@
$this->dataLists['workspace_perms'] = $this->user['workspace_perms']; // Set user value for workspace permissions.
$this->dataLists['webmount_list'] = $this->user['db_mountpoints']; // Database mountpoints
$this->dataLists['filemount_list'] = $this->user['file_mountpoints']; // File mountpoints
+ $this->dataLists['fileoper_perms'] = (int)$this->user['fileoper_perms']; // Fileoperation permissions
// Setting default User TSconfig:
$this->TSdataArray[]=$this->addTScomment('From $GLOBALS["TYPO3_CONF_VARS"]["BE"]["defaultUserTSconfig"]:').
@@ -1161,6 +1178,7 @@
$this->groupData['allowed_languages'] = t3lib_div::uniqueList($this->dataLists['allowed_languages']);
$this->groupData['custom_options'] = t3lib_div::uniqueList($this->dataLists['custom_options']);
$this->groupData['modules'] = t3lib_div::uniqueList($this->dataLists['modList']);
+ $this->groupData['fileoper_perms'] = $this->dataLists['fileoper_perms'];
$this->groupData['workspace_perms'] = $this->dataLists['workspace_perms'];
// populating the $this->userGroupsUID -array with the groups in the order in which they were LAST included.!!
@@ -1265,6 +1283,9 @@
$this->dataLists['custom_options'].= ','.$row['custom_options'];
}
+ // Setting fileoperation permissions
+ $this->dataLists['fileoper_perms'] |= (int)$row['fileoper_perms'];
+
// Setting workspace permissions:
$this->dataLists['workspace_perms'] |= $row['workspace_perms'];
Index: typo3/file_list.php
===================================================================
--- typo3/file_list.php (revision 4395)
+++ typo3/file_list.php (working copy)
@@ -207,7 +207,7 @@
// Init file processing object for deleting and pass the cmd array.
$fileProcessor = t3lib_div::makeInstance('t3lib_extFileFunctions');
$fileProcessor->init($FILEMOUNTS, $TYPO3_CONF_VARS['BE']['fileExtensions']);
- $fileProcessor->init_actionPerms($BE_USER->user['fileoper_perms']);
+ $fileProcessor->init_actionPerms($GLOBALS['BE_USER']->getFileoperationPermissions());
$fileProcessor->dontCheckForUnique = $this->overwriteExistingFiles ? 1 : 0;
$fileProcessor->start($FILE);
$fileProcessor->processData();
Index: typo3/tce_file.php
===================================================================
--- typo3/tce_file.php (revision 4395)
+++ typo3/tce_file.php (working copy)
@@ -141,7 +141,7 @@
// Initializing:
$this->fileProcessor = t3lib_div::makeInstance('t3lib_extFileFunctions');
$this->fileProcessor->init($FILEMOUNTS, $TYPO3_CONF_VARS['BE']['fileExtensions']);
- $this->fileProcessor->init_actionPerms($BE_USER->user['fileoper_perms']);
+ $this->fileProcessor->init_actionPerms($GLOBALS['BE_USER']->getFileoperationPermissions());
$this->fileProcessor->dontCheckForUnique = $this->overwriteExistingFiles ? 1 : 0;
// Checking referer / executing:
Index: typo3/sysext/lowlevel/clmods/class.rte_images.php
===================================================================
--- typo3/sysext/lowlevel/clmods/class.rte_images.php (revision 4395)
+++ typo3/sysext/lowlevel/clmods/class.rte_images.php (working copy)
@@ -297,16 +297,16 @@
* @return object File processor object
*/
function &getFileProcObj() {
- global $FILEMOUNTS, $TYPO3_CONF_VARS, $BE_USER;
+ global $FILEMOUNTS, $TYPO3_CONF_VARS;
if (!is_object($this->fileProcObj)) {
$this->fileProcObj = t3lib_div::makeInstance('t3lib_extFileFunctions');
$this->fileProcObj->init($FILEMOUNTS, $TYPO3_CONF_VARS['BE']['fileExtensions']);
- $this->fileProcObj->init_actionPerms($BE_USER->user['fileoper_perms']);
+ $this->fileProcObj->init_actionPerms($GLOBALS['BE_USER']->getFileoperationPermissions());
}
return $this->fileProcObj;
}
}
-?>
\ No newline at end of file
+?>
Index: typo3/sysext/lang/locallang_csh_be_groups.xml
===================================================================
--- typo3/sysext/lang/locallang_csh_be_groups.xml (revision 4395)
+++ typo3/sysext/lang/locallang_csh_be_groups.xml (working copy)
@@ -55,6 +55,13 @@
This is the page tree of the "admin" user. Notice the folder "user_upload" which is the folder referred to by the File Mount record.
This shows the mounted folder as seen by a user who was member of the group.
Filemount records are also created in the page tree root.
+
+
+
@@ -153,4 +160,4 @@
-
\ No newline at end of file
+
Index: typo3/sysext/lang/locallang_csh_be_users.xml
===================================================================
--- typo3/sysext/lang/locallang_csh_be_users.xml (revision 4395)
+++ typo3/sysext/lang/locallang_csh_be_users.xml (working copy)
@@ -103,8 +103,11 @@
-
-
+
+