Bug #71319
closedIRRE in sys_file_metadata doesn't work for normal users
0%
Description
I extended the sys_file_metadata table with an inline field to add some object relations to a file's meta data. This doesn't work for normal users (admins have no problems). By adding a new Relation with the ajax call comes an error and no relation is generated. This causes an "access denied" pop up for the user.
I found the reason for this in the class TYPO3\CMS\Backend\Form\Element\InlineElement. The function checkAccess() returns false in every case because of these lines (2111 to 2114):
$calcPRec = BackendUtility::getRecord('pages', $this->inlineFirstPid); if (!is_array($calcPRec)) { return FALSE; }
$this->inlineFirstPid is 0 in case of adding an inline element.
The popup message is called in line 1266 in the createNewRecord() function (TYPO3\CMS\Backend\Form\Element\InlineElement), which is called by ajax in this case.
$item = $this->renderForeignRecord($parent['uid'], $record, $config); if ($item === FALSE) { return $this->getErrorMessageForAJAX('Access denied'); }
Updated by Sebastian Hofer about 9 years ago
- Target version set to next-patchlevel
Updated by Mathias Schreiber about 9 years ago
- Target version deleted (
next-patchlevel)
Updated by Frans Saris over 8 years ago
- Status changed from New to Needs Feedback
A normal editor isn't allowed to add records to root level. This is where sys_file_metadata and your IRRE records get saved.
It should be possible to disable this security check with TCA like:
$GLOBALS['TCA']['your_table']['ctrl']['security']['ignoreRootLevelRestriction'] = true; $GLOBALS['TCA']['your_table']['ctrl']['security']['ignoreWebMountRestriction'] = true; $GLOBALS['TCA']['your_table']['ctrl']['rootLevel'] = -1;
Updated by Ephraim Härer about 8 years ago
Hi, I tried it with the TCA changes but it wont't work with TYPO3 6.2.x.
Is there any other possibility?
Updated by Alexander Opitz almost 8 years ago
- Status changed from Needs Feedback to New
Updated by Riccardo De Contardi almost 7 years ago
- Related to Bug #81308: Deleting a referenced file via filelist module, definined in sys_file_metadata added
Updated by Riccardo De Contardi almost 7 years ago
- Status changed from New to Closed
We're sorry, but we close this issue for now - please look at https://forge.typo3.org/issues/81308#change-356775
if you think that this is the wrong decision, please reopen it or open a new issue with a reference to this one.
Or, as suggested, open a discussion on Slack or decisions.typo3.org
Thank you.