Bug #76229
closed
Missing edit options for non-admin users on references to sys_file_metadata
0%
Description
We have extended the sys_file_metadata table with an inline FAL field 'assets' (to be used as preview image for the original file):
$extraMetaColumns = [
'assets' => [
'config' => \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::getFileFieldTCAConfig('assets', [...], ...),
],
];
\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::addTCAcolumns('sys_file_metadata', $extraMetaColumns);
\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::addToAllTCAtypes('sys_file_metadata', ...);
This works great for admin-users. Non-admin users, however, cannot delete, hide, or move these references, because the respective buttons are not rendered. This is NOT a permission problem - the user group has all required permissions.
I have tracked this down to the following code in typo3/sysext/backend/Classes/Form/Container/InlineRecordContainer.php::renderForeignRecordHeaderControl() :
$calcPerms = $backendUser->calcPerms(BackendUtility::readPageAccess($rec['pid'], $backendUser->getPagePermsClause(1)));
This always returns 0 for non-admin users working on files, not pages (which apparently is what this check is made for). As a consequence, the following checks using $calcPerms also return false:
// "Delete" link:
if ($enabledControls['delete'] && ($isPagesTable && $localCalcPerms & Permission::PAGE_DELETE
|| !$isPagesTable && $calcPerms & Permission::CONTENT_EDIT
|| $isSysFileReferenceTable && $calcPerms & Permission::PAGE_EDIT)
) {
// and some more checks
so the buttons are not rendered.
Any ideas on how to fix this? Maybe $backendUser->calcPerms() should be replaced by $backendUser->getFilePermissions() if the table is sys_file_reference?
Thank you!
Updated by 
Updated by 
Updated by 
Updated by