Project

General

Profile

Actions

Bug #75332

closed

Saving relations to files in sys_file_metadata does not work for normal users

Added by Anonymous about 8 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
File Abstraction Layer (FAL)
Target version:
-
Start date:
2016-03-31
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
6.2
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

TYPO3 6.2.19

I have extended the sys_file_metadata table with a field which is a file relation.
When I am logged in as admin user everything works fine, I can create relations to other files and store them.
When I am logged in as a normal, nonadmin user (with all possible access rights), I get an "Access Denied" alert and can not save the relation.

Here a minimal setup:

myext/Configuration/Overrides/sys_file_reference.php

<?php
if (!defined('TYPO3_MODE')) die ('Access denied.');

$tca = array(
    'ctrl' => array(
        'rootLevel' => -1, // Otherwise File Reference will not work between files.
    ),
);

// Disable the File Upload in IRRE since it can not be configured the target storage.
$GLOBALS['TCA']['sys_file_reference']['columns']['uid_local']['config']['appearance']['fileUploadAllowed'] = FALSE;

\TYPO3\CMS\Core\Utility\ArrayUtility::mergeRecursiveWithOverrule($GLOBALS['TCA']['sys_file_reference'], $tca);

myext/Configuration/Overrides/sys_file_metadata.php

<?php
if (!defined('TYPO3_MODE')) die ('Access denied.');

if (\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::isLoaded('filemetadata')) {
    $configuration = '--div--;LLL:EXT:hszg_documents/Resources/Private/Language/locallang.xlf:tab.documents, files';
    \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::addToAllTCAtypes('sys_file_metadata', $configuration);
}


Files

parent_file.png (55.8 KB) parent_file.png Parent file opened in filelist Sascha Maier, 2017-05-23 18:04
referenced_file.png (75.5 KB) referenced_file.png Referenced file opened out from parent file form Sascha Maier, 2017-05-23 18:04
parent_file_override_metadata.png (56.7 KB) parent_file_override_metadata.png Override metadata in of referenced file in parent file form Sascha Maier, 2017-05-23 18:04

Related issues 3 (0 open3 closed)

Related to TYPO3 Core - Bug #71319: IRRE in sys_file_metadata doesn't work for normal usersClosed2015-11-04

Actions
Related to TYPO3 Core - Bug #81308: Deleting a referenced file via filelist module, definined in sys_file_metadataClosed2017-05-22

Actions
Has duplicate TYPO3 Core - Bug #76229: Missing edit options for non-admin users on references to sys_file_metadataClosed2016-05-18

Actions
Actions #1

Updated by Anonymous about 8 years ago

there is already a discussion with also some possible reasons about that here: https://forum.typo3.org/index.php?t=msg&th=208963

Actions #2

Updated by Stephan Großberndt about 8 years ago

  • Subject changed from FAL realtions between files in sys_file_metadata does not work an editor to Saving relations to files in sys_file_metadata do not work for normal users
  • Category set to File Abstraction Layer (FAL)
Actions #3

Updated by Stephan Großberndt about 8 years ago

  • Subject changed from Saving relations to files in sys_file_metadata do not work for normal users to Saving relations to files in sys_file_metadata does not work for normal users
Actions #4

Updated by Ephraim Härer almost 8 years ago

Hello,
are there any updates or bugfixes I can implement to fix this problem?

Actions #5

Updated by Frans Saris almost 8 years ago

Could you try to add this to your TCA overrides:

$GLOBALS['TCA']['your_table']['ctrl']['security']['ignoreRootLevelRestriction'] = true;
$GLOBALS['TCA']['your_table']['ctrl']['security']['ignoreWebMountRestriction'] = true;
$GLOBALS['TCA']['your_table']['ctrl']['rootLevel'] = -1;

so for sys_file_reference:

$GLOBALS['TCA']['sys_file_reference']['ctrl']['security']['ignoreRootLevelRestriction'] = true;
$GLOBALS['TCA']['sys_file_reference']['ctrl']['security']['ignoreWebMountRestriction'] = true;
$GLOBALS['TCA']['sys_file_reference']['ctrl']['rootLevel'] = -1;
Actions #6

Updated by Martin Voss almost 8 years ago

@Frans Saris I just tested the TCA overrides you suggest - unfortunately, they do not help. I think the problem lies elsewhere: #76229 (which you closed as a duplicate of this issue).

Actions #7

Updated by Ephraim Härer almost 8 years ago

I couldn't get it work with this TCA settings, too.

Actions #8

Updated by Online Now! GmbH about 7 years ago

The file references on file meta data are stored with the page uid of the parent record. This is page uid 0. Only admin users have access to that page. Therefore normal editors cant edit any inline file references on file meta data stored on page 0.

The extenstion "DAM" handled this differently with storing the file and meta data on a normal sys folder. The relations did not even use a pid.

I tried to implement a workaround in 7.6 LTS by using the "tceformsInlineHook", but i cant really rebuild the missing icons with that, because of limited incoming data to the hook. Basically missing is creating the correct object id for the data attribute on the buttons.

Another workaround would be the TCA option "foreign_record_defaults". But unfortunately, the field "pid" is not allowed there.

The suggested TCA settings dont work.

So last option is to hack the core ( bypass permission check "sys_file_reference" table ) until there is a solution for this behavior.

Possible solutions:

- Store file meta data on a regular page / folder like DAM
- Allow the attribute "pid" in TCA option "foreign_record_defaults"
- Bypass permission check in file list when using inline relation for "sys_file_reference" / "sys_file_metadata" table

Actions #9

Updated by Sascha Maier about 7 years ago

Checked on a fresh install version 8 LTS and 9.0.0-dev with the following TCA:

\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::addTCAcolumns('sys_file_metadata', array(
    'attachments' => array(
        'exclude' => 1,
        'label' => 'LLL:EXT:as_formular_center/Resources/Private/Language/locallang_be.xlf:sys_file_metadata.as_attachments',
        'config' => \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::getFileFieldTCAConfig(
            'files',
            array(
                'appearance' => array(
                    'createNewRelationLinkTitle' => 'LLL:EXT:cms/locallang_ttc.xlf:files.addFileReference'
                )
            )
        )
    )
));
\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::addToAllTCAtypes('sys_file_metadata', 'attachments', '', 'after:source');

got a edit button in the backend and can edit the metadata with a "non-admin" user. May be the problem is solved in newer versions and could be closed?

Unfortunately the delete button is missing, i will open a separate bug ticket for this.

Actions #10

Updated by Anonymous about 7 years ago

Good news! But it would be nice to fix this in at least TYPO3 7. Our client suffers now a long time already AND will still because it will take a long while until this project will be V.8 !!!

Updated by Sascha Maier about 7 years ago

Checked out a fresh 7.6.19-dev, and the relations working. Only the delete button is missing, opened bug #81308 on this.

My workflow:
  • checked out: git clone git://git.typo3.org/Packages/TYPO3.CMS.git .
  • switched to branch TYPO3_7-6
  • installed via install tool with new database
  • created a non admin-user
  • installed out extension with the referenced files (see former post)
  • installed extension advanced metadata
  • created a group with access to the needed tables
  • assign group to user
  • switch to non admin user
  • uploaded a file
  • add referenced files to the uploaded via TBE file selector
  • saved file
  • opened referenced file by click on the pencil, in the opened parent file form.
  • changed metadata
  • saved

All testet in a "TYPO3 Docker Boilerplate". Attached a few screenshost to avoid talking about different problems. Hope this helps you.

Actions #12

Updated by Anonymous about 7 years ago

I will try to confirm this - when I find time

Actions #13

Updated by Riccardo De Contardi over 6 years ago

  • Related to Bug #81308: Deleting a referenced file via filelist module, definined in sys_file_metadata added
Actions #14

Updated by Riccardo De Contardi over 6 years ago

  • Status changed from New to Closed

We're sorry, but we close this issue for now - please look at https://forge.typo3.org/issues/81308#change-356775

if you think that this is the wrong decision, please reopen it or open a new issue with a reference to this one.
Or, as suggested, open a discussion on Slack or decisions.typo3.org
Thank you.

Actions

Also available in: Atom PDF