Index: NEWS.txt
===================================================================
--- NEWS.txt	(revision 4395)
+++ NEWS.txt	(working copy)
@@ -103,6 +103,11 @@
 
 	* ...
 
+	* Backend rights: It is now possible to configure fileoperation permissions for groups.
+	  Default permissions for new records moved from users to groups: Enabled default values
+	  for new group records are file operations (Upload,Copy,Move,Delete,Rename,New,Edit),
+	  file unzip and directory operations (Move,Delete,Rename,New). No default permissions
+	  are enabled for new backend user records.
 
 Backend skin
 ============
Index: t3lib/stddb/tables.php
===================================================================
--- t3lib/stddb/tables.php	(revision 4395)
+++ t3lib/stddb/tables.php	(working copy)
@@ -316,7 +316,7 @@
 			'disabled' => 'hidden'
 		),
 		'title' => 'LLL:EXT:lang/locallang_tca.php:be_groups',
-		'useColumnsForDefaultValues' => 'lockToDomain',
+		'useColumnsForDefaultValues' => 'lockToDomain, fileoper_perms',
 		'dividers2tabs' => true,
 		'dynamicConfigFile' => 'T3LIB:tbl_be.php',
 		'versioningWS_alwaysAllowLiveEdit' => TRUE
Index: t3lib/stddb/tables.sql
===================================================================
--- t3lib/stddb/tables.sql	(revision 4395)
+++ t3lib/stddb/tables.sql	(working copy)
@@ -22,6 +22,7 @@
   cruser_id int(11) unsigned DEFAULT '0' NOT NULL,
   groupMods text,
   file_mountpoints varchar(255) DEFAULT '' NOT NULL,
+  fileoper_perms tinyint(4) DEFAULT '0' NOT NULL,
   hidden tinyint(1) unsigned DEFAULT '0' NOT NULL,
   inc_access_lists tinyint(3) unsigned DEFAULT '0' NOT NULL,
   description text,
Index: t3lib/stddb/tbl_be.php
===================================================================
--- t3lib/stddb/tbl_be.php	(revision 4395)
+++ t3lib/stddb/tbl_be.php	(working copy)
@@ -240,7 +240,7 @@
 					array('LLL:EXT:lang/locallang_tca.xml:be_users.fileoper_perms_diroper_perms_copy', 0),
 					array('LLL:EXT:lang/locallang_tca.xml:be_users.fileoper_perms_diroper_perms_delete', 0),
 				),
-				'default' => '7'
+				'default' => '0'
 			)
 		),
 		'workspace_perms' => array(
@@ -406,7 +406,7 @@
 $TCA['be_groups'] = array(
 	'ctrl' => $TCA['be_groups']['ctrl'],
 	'interface' => array(
-		'showRecordFieldList' => 'title,db_mountpoints,file_mountpoints,inc_access_lists,tables_select,tables_modify,pagetypes_select,non_exclude_fields,groupMods,lockToDomain,description'
+		'showRecordFieldList' => 'title,db_mountpoints,file_mountpoints,fileoper_perms,inc_access_lists,tables_select,tables_modify,pagetypes_select,non_exclude_fields,groupMods,lockToDomain,description'
 	),
 	'columns' => array(
 		'title' => array(
@@ -476,6 +476,20 @@
 				)
 			)
 		),
+		'fileoper_perms' => array(
+			'label' => 'LLL:EXT:lang/locallang_tca.xml:be_groups.fileoper_perms',
+			'config' => array(
+				'type' => 'check',
+				'items' => array(
+					array('LLL:EXT:lang/locallang_tca.xml:be_groups.fileoper_perms_general', 0),
+					array('LLL:EXT:lang/locallang_tca.xml:be_groups.fileoper_perms_unzip', 0),
+					array('LLL:EXT:lang/locallang_tca.xml:be_groups.fileoper_perms_diroper_perms', 0),
+					array('LLL:EXT:lang/locallang_tca.xml:be_groups.fileoper_perms_diroper_perms_copy', 0),
+					array('LLL:EXT:lang/locallang_tca.xml:be_groups.fileoper_perms_diroper_perms_delete', 0),
+				),
+				'default' => '7'
+			)
+		),
 		'workspace_perms' => array(
 			'label' => 'LLL:EXT:lang/locallang_tca.xml:workspace_perms',
 			'config' => array(
@@ -649,8 +663,18 @@
 		)
 	),
 	'types' => array(
-		'0' => array('showitem' => 'hidden;;;;1-1-1, title;;;;2-2-2,description, subgroup;;;;3-3-3, --div--;LLL:EXT:lang/locallang_tca.xml:be_groups.tabs.base_rights, inc_access_lists;;;;1-1-1, --div--;LLL:EXT:lang/locallang_tca.xml:be_groups.tabs.mounts_and_workspaces, db_mountpoints;;;;1-1-1,file_mountpoints, workspace_perms;;;;2-2-2, , --div--;LLL:EXT:lang/locallang_tca.xml:be_groups.tabs.options, lockToDomain;;;;1-1-1, hide_in_lists;;;;2-2-2, TSconfig;;;;3-3-3, --div--;LLL:EXT:lang/locallang_tca.xml:be_groups.tabs.extended'),
-		'1' => array('showitem' => 'hidden;;;;1-1-1, title;;;;2-2-2,description, subgroup;;;;3-3-3, --div--;LLL:EXT:lang/locallang_tca.xml:be_groups.tabs.base_rights, inc_access_lists;;;;1-1-1, groupMods, tables_select, tables_modify, pagetypes_select, non_exclude_fields, explicit_allowdeny , allowed_languages;;;;2-2-2, custom_options;;;;3-3-3, --div--;LLL:EXT:lang/locallang_tca.xml:be_groups.tabs.mounts_and_workspaces, db_mountpoints;;;;1-1-1,file_mountpoints, workspace_perms;;;;2-2-2, --div--;LLL:EXT:lang/locallang_tca.xml:be_groups.tabs.options, lockToDomain;;;;1-1-1, hide_in_lists;;;;2-2-2, TSconfig;;;;3-3-3, --div--;LLL:EXT:lang/locallang_tca.xml:be_groups.tabs.extended')
+		'0' => array('showitem' => 'hidden;;;;1-1-1, title;;;;2-2-2, description, subgroup;;;;3-3-3,
+			--div--;LLL:EXT:lang/locallang_tca.xml:be_groups.tabs.base_rights, inc_access_lists;;;;1-1-1,
+			--div--;LLL:EXT:lang/locallang_tca.xml:be_groups.tabs.mounts_and_workspaces, workspace_perms;;;;1-1-1, db_mountpoints;;;;2-2-2, file_mountpoints;;;;3-3-3, fileoper_perms,
+			--div--;LLL:EXT:lang/locallang_tca.xml:be_groups.tabs.options, lockToDomain;;;;1-1-1, hide_in_lists;;;;2-2-2, TSconfig;;;;3-3-3,
+			--div--;LLL:EXT:lang/locallang_tca.xml:be_groups.tabs.extended'
+		),
+		'1' => array('showitem' => 'hidden;;;;1-1-1, title;;;;2-2-2, description, subgroup;;;;3-3-3,
+			--div--;LLL:EXT:lang/locallang_tca.xml:be_groups.tabs.base_rights, inc_access_lists;;;;1-1-1, groupMods, tables_select, tables_modify, pagetypes_select, non_exclude_fields, explicit_allowdeny , allowed_languages;;;;2-2-2, custom_options;;;;3-3-3,
+			--div--;LLL:EXT:lang/locallang_tca.xml:be_groups.tabs.mounts_and_workspaces, workspace_perms;;;;1-1-1, db_mountpoints;;;;2-2-2, file_mountpoints;;;;3-3-3, fileoper_perms,
+			--div--;LLL:EXT:lang/locallang_tca.xml:be_groups.tabs.options, lockToDomain;;;;1-1-1, hide_in_lists;;;;2-2-2, TSconfig;;;;3-3-3,
+			--div--;LLL:EXT:lang/locallang_tca.xml:be_groups.tabs.extended'
+		)
 	)
 );
 
Index: t3lib/class.t3lib_extfilefunc.php
===================================================================
--- t3lib/class.t3lib_extfilefunc.php	(revision 4395)
+++ t3lib/class.t3lib_extfilefunc.php	(working copy)
@@ -175,9 +175,9 @@
 
 	/**
 	 * Sets up permission to perform file/directory operations.
-	 * See below or the be_user-table for the significanse of the various bits in $setup ($BE_USER->user['fileoper_perms'])
+	 * See below or the be_user-table for the significanse of the various bits in $setup.
 	 *
-	 * @param	integer		File permission integer from BE_USER object.
+	 * @param	integer		File permission integer from BE_USER OR'ed with fileoper_perms of BE groups this user is member of
 	 * @return	void
 	 */
 	function init_actionPerms($setup)	{
Index: t3lib/class.t3lib_userauthgroup.php
===================================================================
--- t3lib/class.t3lib_userauthgroup.php	(revision 4395)
+++ t3lib/class.t3lib_userauthgroup.php	(working copy)
@@ -149,6 +149,7 @@
 	var $dataLists=array(				// Used internally to accumulate data for the user-group. DONT USE THIS EXTERNALLY! Use $this->groupData instead
 		'webmount_list'=>'',
 		'filemount_list'=>'',
+		'fileoper_perms' => 0,
 		'modList'=>'',
 		'tables_select'=>'',
 		'tables_modify'=>'',
@@ -1013,6 +1014,21 @@
 	}
 
 	/**
+	 * Returns an integer bitmask that represents the permissions for fileoperations.
+	 * Permissions are OR'ed from fileoper_perms of user and groups the user is member of.
+	 * 	1 - Files: Upload,Copy,Move,Delete,Rename
+	 * 	2 - Files: Unzip
+	 * 	4 - Directory: Move,Delete,Rename,New
+	 * 	8 - Directory: Copy
+	 * 	16 - Directory: Delete recursively (rm -Rf)
+	 *
+	 * @return integer Bitmask
+	 */
+	public function getFileoperationPermissions() {
+		return $this->groupData['fileoper_perms'];
+	}
+
+	/**
 	 * Returns true or false, depending if an alert popup (a javascript confirmation) should be shown
 	 * call like $GLOBALS['BE_USER']->jsConfirmation($BITMASK)
 	 *
@@ -1072,6 +1088,7 @@
 			$this->dataLists['workspace_perms'] = $this->user['workspace_perms'];					// Set user value for workspace permissions.
 			$this->dataLists['webmount_list'] = $this->user['db_mountpoints'];		// Database mountpoints
 			$this->dataLists['filemount_list'] = $this->user['file_mountpoints'];	// File mountpoints
+			$this->dataLists['fileoper_perms'] = (int)$this->user['fileoper_perms'];	// Fileoperation permissions
 
 				// Setting default User TSconfig:
 			$this->TSdataArray[]=$this->addTScomment('From $GLOBALS["TYPO3_CONF_VARS"]["BE"]["defaultUserTSconfig"]:').
@@ -1161,6 +1178,7 @@
 			$this->groupData['allowed_languages'] = t3lib_div::uniqueList($this->dataLists['allowed_languages']);
 			$this->groupData['custom_options'] = t3lib_div::uniqueList($this->dataLists['custom_options']);
 			$this->groupData['modules'] = t3lib_div::uniqueList($this->dataLists['modList']);
+			$this->groupData['fileoper_perms'] = $this->dataLists['fileoper_perms'];
 			$this->groupData['workspace_perms'] = $this->dataLists['workspace_perms'];
 
 				// populating the $this->userGroupsUID -array with the groups in the order in which they were LAST included.!!
@@ -1265,6 +1283,9 @@
 					$this->dataLists['custom_options'].= ','.$row['custom_options'];
 				}
 
+				// Setting fileoperation permissions
+				$this->dataLists['fileoper_perms'] |= (int)$row['fileoper_perms'];
+
 					// Setting workspace permissions:
 				$this->dataLists['workspace_perms'] |= $row['workspace_perms'];
 
Index: typo3/file_list.php
===================================================================
--- typo3/file_list.php	(revision 4395)
+++ typo3/file_list.php	(working copy)
@@ -207,7 +207,7 @@
 						// Init file processing object for deleting and pass the cmd array.
 					$fileProcessor = t3lib_div::makeInstance('t3lib_extFileFunctions');
 					$fileProcessor->init($FILEMOUNTS, $TYPO3_CONF_VARS['BE']['fileExtensions']);
-					$fileProcessor->init_actionPerms($BE_USER->user['fileoper_perms']);
+					$fileProcessor->init_actionPerms($GLOBALS['BE_USER']->getFileoperationPermissions());
 					$fileProcessor->dontCheckForUnique = $this->overwriteExistingFiles ? 1 : 0;
 					$fileProcessor->start($FILE);
 					$fileProcessor->processData();
Index: typo3/tce_file.php
===================================================================
--- typo3/tce_file.php	(revision 4395)
+++ typo3/tce_file.php	(working copy)
@@ -141,7 +141,7 @@
 			// Initializing:
 		$this->fileProcessor = t3lib_div::makeInstance('t3lib_extFileFunctions');
 		$this->fileProcessor->init($FILEMOUNTS, $TYPO3_CONF_VARS['BE']['fileExtensions']);
-		$this->fileProcessor->init_actionPerms($BE_USER->user['fileoper_perms']);
+		$this->fileProcessor->init_actionPerms($GLOBALS['BE_USER']->getFileoperationPermissions());
 		$this->fileProcessor->dontCheckForUnique = $this->overwriteExistingFiles ? 1 : 0;
 
 			// Checking referer / executing:
Index: typo3/sysext/lowlevel/clmods/class.rte_images.php
===================================================================
--- typo3/sysext/lowlevel/clmods/class.rte_images.php	(revision 4395)
+++ typo3/sysext/lowlevel/clmods/class.rte_images.php	(working copy)
@@ -297,16 +297,13 @@
 	 * @return	object		File processor object
 	 */
 	function &getFileProcObj()	{
-		global $FILEMOUNTS, $TYPO3_CONF_VARS, $BE_USER;
-
 		if (!is_object($this->fileProcObj))	{
 			$this->fileProcObj = t3lib_div::makeInstance('t3lib_extFileFunctions');
-			$this->fileProcObj->init($FILEMOUNTS, $TYPO3_CONF_VARS['BE']['fileExtensions']);
-			$this->fileProcObj->init_actionPerms($BE_USER->user['fileoper_perms']);
+			$this->fileProcObj->init($GLOBALS['FILEMOUNTS'], $GLOBALS['TYPO3_CONF_VARS']['BE']['fileExtensions']);
+			$this->fileProcObj->init_actionPerms($GLOBALS['BE_USER']->getFileoperationPermissions());
 		}
-
 		return $this->fileProcObj;
 	}
 }
 
-?>
\ No newline at end of file
+?>
Index: typo3/sysext/lang/locallang_csh_be_groups.xml
===================================================================
--- typo3/sysext/lang/locallang_csh_be_groups.xml	(revision 4395)
+++ typo3/sysext/lang/locallang_csh_be_groups.xml	(working copy)
@@ -55,6 +55,13 @@
 This is the page tree of the "admin" user. Notice the folder "user_upload" which is the folder referred to by the File Mount record.
 This shows the mounted folder as seen by a user who was member of the group.
 Filemount records are also created in the page tree root.</label>
+			<label index="fileoper_perms.description">Select file operation permissions for the group members.</label>
+			<label index="fileoper_perms.details">These settings relates to the functions found in the File&gt;Filelist module as well as general upload of files.
+			
+&lt;strong&gt;Notice&lt;/strong&gt; that this list adds to the fields selected in other member groups and fields selected of a user.</label>
+			<label index="_fileoper_perms.seeAlso">be_groups:file_mountpoints,
+be_users:file_mountpoints,
+be_users:fileoper_perms</label>
 			<label index="pagetypes_select.description">Select which 'Types' of Pages the members may set.</label>
 			<label index="pagetypes_select.details">This option limits the number of valid choices for the user when he is about to select a page type.
 Choice of Page types (doktype) for a page is associated with a) a special icon for the page, b) permitted tables on the page (see $PAGES_TYPES global variable) and c) if the page is a web page or &quot;system folder&quot; type.</label>
@@ -153,4 +160,4 @@
 			<label index="custom_options.image_descr">This is just an example from an internal test application. It shows how checkboxes are added by a custom module under its own header. You can also show a description text with each checkbox to explain its function.</label>
 		</languageKey>
 	</data>
-</T3locallang>
\ No newline at end of file
+</T3locallang>
Index: typo3/sysext/lang/locallang_csh_be_users.xml
===================================================================
--- typo3/sysext/lang/locallang_csh_be_users.xml	(revision 4395)
+++ typo3/sysext/lang/locallang_csh_be_users.xml	(working copy)
@@ -103,8 +103,11 @@
 			<label index="_options.seeAlso">be_users:db_mountpoints,
 be_users:file_mountpoints</label>
 			<label index="fileoper_perms.description">Select file operation permissions for the user.</label>
-			<label index="fileoper_perms.details">These settings relates to the functions found in the File&gt;List module as well as general upload of files.</label>
-			<label index="_fileoper_perms.seeAlso">be_users:file_mountpoints</label>
+			<label index="fileoper_perms.details">These settings relates to the functions found in the File&gt;List module as well as general upload of files.
+
+&lt;strong&gt;Notice&lt;/strong&gt; that backend user groups also has fileoperation permissions which can be inherited by the user. So if you want a group of users share identical fileoperation permissions, you should probably set them in a user group which they share instead.</label>
+			<label index="_fileoper_perms.seeAlso">be_users:file_mountpoints,
+be_group:fileoper_perms</label>
 			<label index="starttime.description">Enter the date from which the account is active.</label>
 			<label index="_starttime.seeAlso">be_users:disable,
 be_users:endtime,
@@ -136,4 +139,4 @@
 			<label index="_allowed_languages.image">EXT:lang/cshimages/be_groups_18.png</label>
 		</languageKey>
 	</data>
-</T3locallang>
\ No newline at end of file
+</T3locallang>
Index: typo3/sysext/lang/locallang_tca.xml
===================================================================
--- typo3/sysext/lang/locallang_tca.xml	(revision 4395)
+++ typo3/sysext/lang/locallang_tca.xml	(working copy)
@@ -55,6 +55,12 @@
 			<label index="be_groups.subgroup">Sub Groups:</label>
 			<label index="be_groups.tabs.base_rights">Access Lists</label>
 			<label index="be_groups.tabs.mounts_and_workspaces">Mounts and Workspaces</label>
+			<label index="be_groups.fileoper_perms">Fileoperation permissions:</label>
+			<label index="be_groups.fileoper_perms_general">Files: Upload,Copy,Move,Delete,Rename,New,Edit</label>
+			<label index="be_groups.fileoper_perms_unzip">Files: Unzip</label>
+			<label index="be_groups.fileoper_perms_diroper_perms">Directory: Move,Delete,Rename,New</label>
+			<label index="be_groups.fileoper_perms_diroper_perms_copy">Directory: Copy</label>
+			<label index="be_groups.fileoper_perms_diroper_perms_delete">Directory: Delete recursively (rm -Rf)</label>
 			<label index="be_groups.tabs.options">Options</label>
 			<label index="be_groups.tabs.extended">Extended</label>
 			<label index="sys_filemounts.tabs.users">Users</label>
Index: typo3/sysext/impexp/app/index.php
===================================================================
--- typo3/sysext/impexp/app/index.php	(revision 4395)
+++ typo3/sysext/impexp/app/index.php	(working copy)
@@ -1590,7 +1590,7 @@
 			// Initializing:
 		$this->fileProcessor = t3lib_div::makeInstance('t3lib_extFileFunctions');
 		$this->fileProcessor->init($FILEMOUNTS, $TYPO3_CONF_VARS['BE']['fileExtensions']);
-		$this->fileProcessor->init_actionPerms($BE_USER->user['fileoper_perms']);
+		$this->fileProcessor->init_actionPerms($GLOBALS['BE_USER']->getFileoperationPermissions());
 		$this->fileProcessor->dontCheckForUnique = t3lib_div::_GP('overwriteExistingFiles') ? 1 : 0;
 
 			// Checking referer / executing:
Index: typo3/sysext/impexp/class.tx_impexp.php
===================================================================
--- typo3/sysext/impexp/class.tx_impexp.php	(revision 4395)
+++ typo3/sysext/impexp/class.tx_impexp.php	(working copy)
@@ -3279,14 +3279,11 @@
 	 * @return	object		File processor object
 	 */
 	function &getFileProcObj()	{
-		global $FILEMOUNTS, $TYPO3_CONF_VARS, $BE_USER;
-
 		if (!is_object($this->fileProcObj))	{
 			$this->fileProcObj = t3lib_div::makeInstance('t3lib_extFileFunctions');
-			$this->fileProcObj->init($FILEMOUNTS, $TYPO3_CONF_VARS['BE']['fileExtensions']);
-			$this->fileProcObj->init_actionPerms($BE_USER->user['fileoper_perms']);
+			$this->fileProcObj->init($GLOBALS['FILEMOUNTS'], $GLOBALS['TYPO3_CONF_VARS']['BE']['fileExtensions']);
+			$this->fileProcObj->init_actionPerms($GLOBALS['BE_USER']->getFileoperationPermissions());
 		}
-
 		return $this->fileProcObj;
 	}
 
@@ -3329,4 +3326,4 @@
 if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['ext/impexp/class.tx_impexp.php'])	{
 	include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['ext/impexp/class.tx_impexp.php']);
 }
-?>
\ No newline at end of file
+?>
Index: typo3/sysext/install/mod/class.tx_install.php
===================================================================
--- typo3/sysext/install/mod/class.tx_install.php	(revision 4395)
+++ typo3/sysext/install/mod/class.tx_install.php	(working copy)
@@ -3681,7 +3681,7 @@
 										'password' => md5($pass),
 										'admin' => 1,
 										'uc' => '',
-										'fileoper_perms' => 7,
+										'fileoper_perms' => 0,
 										'tstamp' => time(),
 										'crdate' => time()
 									);
@@ -3799,7 +3799,7 @@
 										'password' => md5($pass),
 										'admin' => 1,
 										'uc' => '',
-										'fileoper_perms' => 7,
+										'fileoper_perms' => 0,
 										'tstamp' => time(),
 										'crdate' => time()
 									);