Bug #75332
closed
Saving relations to files in sys_file_metadata does not work for normal users
0%
Description
TYPO3 6.2.19
I have extended the sys_file_metadata table with a field which is a file relation.
When I am logged in as admin user everything works fine, I can create relations to other files and store them.
When I am logged in as a normal, nonadmin user (with all possible access rights), I get an "Access Denied" alert and can not save the relation.
Here a minimal setup:
myext/Configuration/Overrides/sys_file_reference.php
<?php
if (!defined('TYPO3_MODE')) die ('Access denied.');
$tca = array(
'ctrl' => array(
'rootLevel' => -1, // Otherwise File Reference will not work between files.
),
);
// Disable the File Upload in IRRE since it can not be configured the target storage.
$GLOBALS['TCA']['sys_file_reference']['columns']['uid_local']['config']['appearance']['fileUploadAllowed'] = FALSE;
\TYPO3\CMS\Core\Utility\ArrayUtility::mergeRecursiveWithOverrule($GLOBALS['TCA']['sys_file_reference'], $tca);
myext/Configuration/Overrides/sys_file_metadata.php
<?php
if (!defined('TYPO3_MODE')) die ('Access denied.');
if (\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::isLoaded('filemetadata')) {
$configuration = '--div--;LLL:EXT:hszg_documents/Resources/Private/Language/locallang.xlf:tab.documents, files';
\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::addToAllTCAtypes('sys_file_metadata', $configuration);
}
Files
Updated by Anonymous about 8 years ago
there is already a discussion with also some possible reasons about that here: https://forum.typo3.org/index.php?t=msg&th=208963
Updated by Stephan Großberndt about 8 years ago
- Subject changed from FAL realtions between files in sys_file_metadata does not work an editor to Saving relations to files in sys_file_metadata do not work for normal users
- Category set to File Abstraction Layer (FAL)
Updated by Stephan Großberndt about 8 years ago
- Subject changed from Saving relations to files in sys_file_metadata do not work for normal users to Saving relations to files in sys_file_metadata does not work for normal users
Updated by Ephraim Härer over 7 years ago
Hello,
are there any updates or bugfixes I can implement to fix this problem?
Updated by Frans Saris over 7 years ago
Could you try to add this to your TCA overrides:
$GLOBALS['TCA']['your_table']['ctrl']['security']['ignoreRootLevelRestriction'] = true; $GLOBALS['TCA']['your_table']['ctrl']['security']['ignoreWebMountRestriction'] = true; $GLOBALS['TCA']['your_table']['ctrl']['rootLevel'] = -1;
so for sys_file_reference:
$GLOBALS['TCA']['sys_file_reference']['ctrl']['security']['ignoreRootLevelRestriction'] = true; $GLOBALS['TCA']['sys_file_reference']['ctrl']['security']['ignoreWebMountRestriction'] = true; $GLOBALS['TCA']['sys_file_reference']['ctrl']['rootLevel'] = -1;
Updated by Martin Voss over 7 years ago
@Frans Saris I just tested the TCA overrides you suggest - unfortunately, they do not help. I think the problem lies elsewhere: #76229 (which you closed as a duplicate of this issue).
Updated by Ephraim Härer over 7 years ago
I couldn't get it work with this TCA settings, too.
Updated by Online Now! GmbH almost 7 years ago
The file references on file meta data are stored with the page uid of the parent record. This is page uid 0. Only admin users have access to that page. Therefore normal editors cant edit any inline file references on file meta data stored on page 0.
The extenstion "DAM" handled this differently with storing the file and meta data on a normal sys folder. The relations did not even use a pid.
I tried to implement a workaround in 7.6 LTS by using the "tceformsInlineHook", but i cant really rebuild the missing icons with that, because of limited incoming data to the hook. Basically missing is creating the correct object id for the data attribute on the buttons.
Another workaround would be the TCA option "foreign_record_defaults". But unfortunately, the field "pid" is not allowed there.
The suggested TCA settings dont work.
So last option is to hack the core ( bypass permission check "sys_file_reference" table ) until there is a solution for this behavior.
Possible solutions:
- Store file meta data on a regular page / folder like DAM
- Allow the attribute "pid" in TCA option "foreign_record_defaults"
- Bypass permission check in file list when using inline relation for "sys_file_reference" / "sys_file_metadata" table
Updated by Sascha Maier almost 7 years ago
Checked on a fresh install version 8 LTS and 9.0.0-dev with the following TCA:
\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::addTCAcolumns('sys_file_metadata', array(
'attachments' => array(
'exclude' => 1,
'label' => 'LLL:EXT:as_formular_center/Resources/Private/Language/locallang_be.xlf:sys_file_metadata.as_attachments',
'config' => \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::getFileFieldTCAConfig(
'files',
array(
'appearance' => array(
'createNewRelationLinkTitle' => 'LLL:EXT:cms/locallang_ttc.xlf:files.addFileReference'
)
)
)
)
));
\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::addToAllTCAtypes('sys_file_metadata', 'attachments', '', 'after:source');
got a edit button in the backend and can edit the metadata with a "non-admin" user. May be the problem is solved in newer versions and could be closed?
Unfortunately the delete button is missing, i will open a separate bug ticket for this.
Updated by Anonymous almost 7 years ago
Good news! But it would be nice to fix this in at least TYPO3 7. Our client suffers now a long time already AND will still because it will take a long while until this project will be V.8 !!!
Updated by Sascha Maier almost 7 years ago
- File parent_file.png parent_file.png added
- File referenced_file.png referenced_file.png added
- File parent_file_override_metadata.png parent_file_override_metadata.png added
Checked out a fresh 7.6.19-dev, and the relations working. Only the delete button is missing, opened bug #81308 on this.
My workflow:- checked out: git clone git://git.typo3.org/Packages/TYPO3.CMS.git .
- switched to branch TYPO3_7-6
- installed via install tool with new database
- created a non admin-user
- installed out extension with the referenced files (see former post)
- installed extension advanced metadata
- created a group with access to the needed tables
- assign group to user
- switch to non admin user
- uploaded a file
- add referenced files to the uploaded via TBE file selector
- saved file
- opened referenced file by click on the pencil, in the opened parent file form.
- changed metadata
- saved
All testet in a "TYPO3 Docker Boilerplate". Attached a few screenshost to avoid talking about different problems. Hope this helps you.
Updated by Anonymous almost 7 years ago
I will try to confirm this - when I find time
Updated by Riccardo De Contardi about 6 years ago
- Related to Bug #81308: Deleting a referenced file via filelist module, definined in sys_file_metadata added
Updated by Riccardo De Contardi about 6 years ago
- Status changed from New to Closed
We're sorry, but we close this issue for now - please look at https://forge.typo3.org/issues/81308#change-356775
if you think that this is the wrong decision, please reopen it or open a new issue with a reference to this one.
Or, as suggested, open a discussion on Slack or decisions.typo3.org
Thank you.