Bug #76229

Missing edit options for non-admin users on references to sys_file_metadata

Added by Martin Voss over 4 years ago. Updated about 4 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
File Abstraction Layer (FAL)
Target version:
-
Start date:
2016-05-18
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
7
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

We have extended the sys_file_metadata table with an inline FAL field 'assets' (to be used as preview image for the original file):

$extraMetaColumns = [
        'assets' => [
            'config' => \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::getFileFieldTCAConfig('assets', [...], ...),
        ],
];
\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::addTCAcolumns('sys_file_metadata', $extraMetaColumns);
\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::addToAllTCAtypes('sys_file_metadata', ...);

This works great for admin-users. Non-admin users, however, cannot delete, hide, or move these references, because the respective buttons are not rendered. This is NOT a permission problem - the user group has all required permissions.

I have tracked this down to the following code in typo3/sysext/backend/Classes/Form/Container/InlineRecordContainer.php::renderForeignRecordHeaderControl() :

$calcPerms = $backendUser->calcPerms(BackendUtility::readPageAccess($rec['pid'], $backendUser->getPagePermsClause(1)));

This always returns 0 for non-admin users working on files, not pages (which apparently is what this check is made for). As a consequence, the following checks using $calcPerms also return false:

// "Delete" link:
if ($enabledControls['delete'] && ($isPagesTable && $localCalcPerms & Permission::PAGE_DELETE
        || !$isPagesTable && $calcPerms & Permission::CONTENT_EDIT
        || $isSysFileReferenceTable && $calcPerms & Permission::PAGE_EDIT)
    ) {

// and some more checks

so the buttons are not rendered.

Any ideas on how to fix this? Maybe $backendUser->calcPerms() should be replaced by $backendUser->getFilePermissions() if the table is sys_file_reference?

Thank you!

Possibly related: https://forge.typo3.org/projects/typo3cms-core/issues?set_filter=1&f[]=subject&op[subject]=~&v[subject][]=sys_file_metadata&f[]=&c[]=tracker&c[]=status&c[]=priority&c[]=subject&c[]=assigned_to&c[]=category&c[]=fixed_version&group_by=


Related issues

Related to TYPO3 Core - Bug #71319: IRRE in sys_file_metadata doesn't work for normal usersClosed2015-11-04

Actions
Is duplicate of TYPO3 Core - Bug #75332: Saving relations to files in sys_file_metadata does not work for normal usersClosed2016-03-31

Actions
#1

Updated by Wouter Wolters over 4 years ago

  • Assignee deleted (Benni Mack)

Please do not assign tickets directly

#2

Updated by Martin Voss over 4 years ago

Is there anything I can do to get this issue some attention? Thank you!

#3

Updated by Riccardo De Contardi over 4 years ago

  • Category set to File Abstraction Layer (FAL)
#4

Updated by Frans Saris about 4 years ago

  • Status changed from New to Closed

This is a duplicate of #75332.

Also available in: Atom PDF