TYPO3 Core

Many options are defined in the groups and can be overridden by user settings. Simply moving won't do because of backwards compatibility.

So I would propose:
- Extend be_groups table by field fileoper_perms (BLOB)
- edit typo3/tce_file.php around line 144 (v4.1) so that
if fileoper_perms are set in be_users
use those,
else
use fileoper_perms from be_groups

One could also think about more complex schemes such as default to group rights and "extend" them by user rights. Meaning: applicable rights are:

be_users.fileoper_perms | be_groups.fileoper_perms (bitwise OR)

Or - even more complex: introduce explicit deny options for rights, overriding an allow in any other group/ user setting. (I don't know if this is implemented anywhere in Typo3)

some news about it? i think this is a must with a large number of BE users, too.

This is a must must! Please do us all a favor and let someone implement it.
I suppose it would not be very tricky.
Greetings to all
eventhorizon

+1 on the feature.

I will try to compile a patch.

Attached a patch to implement this feature.

Values of groups and user settings are OR'ed, so backwards compatibility is not broken.

- Added field fileoper_perms to be_groups table
- Added / adapted TCA, locallang and CSH stuff
- Added handling in t3lib/class.t3lib_userauthgroup.php to OR permissions of groups with user permissions
- Introduced function returnFileoperationPermissions() in t3lib/class.t3lib_userauthgroup.php
- Use returnFileoperationPermissions() instead of $BE_USER->user['fileoper_perms'] in core files

Attached a new patch:
- Renamed function returnFileoperationPermissions() to getFileoperationPermissions()
- As discussed with Stucki and Masi the database defaults for both users
and groups file permissions are 0, the default TCA permissions for new
records moved from users to groups (new users get 0 instead of 7 and new
groups get 7 by default).
- Added an entry in NEWS.txt to document above change.
- Fixed a missing comma in TCA['be_groups']['types']['0'].

The patch doesn't work right for me. The "OR"-merging has to be fixed.

Example 1:

User: U
Group: G
U is in group G.

User has the following permissions:
- DIR: move, remove, rename, new
- DIR: copy
- DIR: delete recursively

Group has the following permissions:
- Files: upload, copy, move, remove, rename, new, edit
- Files: unzip

With the given permissions, a user should now be able to do all those things, because permissions are merged with OR.

But he can only do this things:
- DIR: move, remove, rename, new

Example 2:

User: S
Group: R
S is in group R.

S has no permissions.
R has all permissions.

Everything works for S.

I would love to have this feature very very much.

Uschi (poor admin of a site with many users)

Added 5203_3.diff:

- Use explicit cast to int to work correctly with bitwise OR operator (thanks to Daniel for pointing this out)
- Changed the install tool to add admin users with default 0 file permissions (admin has all rights anyway).

Patch is in the core list. Please test and vote.

5203_5.diff:

- Removed global declaration in tiny function getFileProcObj in typo3/sysext/impexp/class.tx_impexp.php and typo3/sysext/lowlevel/clmods/class.rte_images.php

I have tested the new attached patch (5203_5.diff) and everything works fine! I have tried many possible combinations of user and user group permissions and all of them worked like expected. So there is a +1 from me (none core member vote) on this patch for TYPO3 4.3.

Committed to SVN Trunk (rev. 4579)