Task #77188
open
Improve error-message for access to files outside of allowed filemounts
0%
Description
- Have images in a file-storage somewhere
- Create a text-with-image content and add that image
- Edit that content with a user with limited rights
- Make sure that user only has filemounts so that he/she can't access the above added image
- User should have access to sys_file_metadata and sys_file_reference
- Image is shown in the content-element
- File-metadata can be overridden (sys_file_reference)
- But clicking the edit-icon the original metadata for that file cannot be edited because the file is outside of allowed filemounts
Currently only a very generic error is shown:
"Access to table sys_file_metadata for user 2 was denied by a makeEditForm_accessCheck hook"
(which is an AccessDeniedHookException)
How specific could we be in this case? I assume we may not disclose the original path the user does not have access to. So maybe just some "That file is outside of the allowed filemounts for this user"?
Updated by Christian Toffolo almost 7 years ago
My editors encountered this bug in TYPO3 8 LTS too, please update TYPO3 Version to 8.
The practical problem for the editors is that if they edit the content element with X modifications without saving, when they try to edit the sys_file_metadata they get the error and (if they don't know the trick to navigate back in the browser) they loose all the X modifications.
A flash alert should be the way to go.
Updated by
Updated by Anonymous over 3 years ago
- TYPO3 Version changed from 8 to 10
Just encountered this problem in TYPO3 10.4.11