Bug #106838
closed
Editors can not delete folders in filelist
0%
Description
Admins can delete folders, editors can't - even if they have permission to do so in the "Directory" settings of the user itself or the group the file mounts are inherited from.
Reproduce on demo.typo3.org (v13.4.13):
1. create empty folder
2. try to delete empty folder
It works in every typo3 v12 version.
Files
Updated by taywa gmbh 14 days ago
More observations:
- The Folder can be cut / pasted to a different location
- Folder can be drag'n'droped to a different location in tree
- Deleting does not work in tiles or list view or the context menu
- Filesystem level permissions are not the cause - www user has rwx
- Happens in Composer and classic installation
Updated by Garvin Hicking 13 days ago
- Status changed from New to Accepted
I could reproduce this locally.
It seems to stem from the fact that read-access is checked on the root-level of a file-storage, which editors may not have in mount scenarios (!).
In this case, TYPO3\CMS\Core\Resource\ResourceStorage->assureFolderReadPermission() gets called with that root, and throws the InsufficientFolderAccessPermissionsException after checkFolderActionPermission('read', '/') failed.
(I think to remember a patch made specifically for mount scenarios, but could not dive deeper into this yet)
Updated by Ralf Hüskes 11 days ago
I can also confirm the behavior in two TYPO3 v13.4.13 versions.
My observations coincide with those of taywa!
All rights are set. Moving, etc... is possible... only deleting does not work
Updated by Garvin Hicking 10 days ago
https://github.com/TYPO3/typo3/commit/1ed4654461bdc88db2511c6a736b9cdc153310cb is the commit that caused this. Most likely because the recycler iteration goes outside the scope of the permissions, I guess (not checked yet).
Updated by Garvin Hicking 10 days ago
- Related to Bug #96863: Directory content does appear outside the folder when using the recycler bin added
Updated by Gerrit Code Review 10 days ago
- Status changed from Accepted to Under Review
Patch set 1 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/89681
Updated by Friedemann Altrock 9 days ago
- Related to Bug #106748: Editors cannot delete folders – getNearestRecyclerFolder throws InsufficientFolderAccessPermissionsException added
Updated by Gerrit Code Review 9 days ago
Patch set 2 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/89681
Updated by Garvin Hicking 9 days ago
- Status changed from Under Review to Closed
Closing this issue due to #106748 which was the initial report (that I... totally forgot about and investigated all of this TWICE :D )