Bug #77856

BackendUserAuthentication::getDefaultUploadFolder checks the wrong permission flag

Added by Felix Rauch over 2 years ago. Updated 6 months ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2016-09-05
Due date:
% Done:

100%

TYPO3 Version:
7
PHP Version:
Tags:
Complexity:
easy
Is Regression:
No
Sprint Focus:

Description

In BackendUserAuthentication::getDefaultUploadFolder, the addFolder permission flag is checked instead of the writeFolder permission flag in determining whether the folder is writable and thus suitable as an upload target.

I found this issue while checking #77841, which would lead to users not getting the IRRE "Upload file" button if they didn't have the "addFolder" permission.

The steps from the other ticket can be used to reproduce this too:
  1. Create a BE user with any mix of file operation permissions, as long as the "Folder/Directory Add" permission is not given, and "Write Folder" + "Add File" are given.
  2. As the BE user, create a CE of the type "Text and Media".
  3. Switch to the "Media" tab in the CE form
  4. The button is not visible. Via the "Add media" button, files can still be uploaded.

In this case (with #77841 fixed) the button is not visible, due to (as can be seen when stepping through with e.g. XDebug) no folder suitable for uploading files can be found.


Related issues

Blocked by TYPO3 Core - Bug #77857: Uploading files is not possible Closed 2016-09-05
Blocks TYPO3 Core - Bug #77841: BE user doesn't get file upload button in inline FAL fields if the "Add Folder" permission is not set Closed 2016-09-04

Associated revisions

Revision 7be5ced3 (diff)
Added by Felix Rauch over 2 years ago

[BUGFIX] BackendUserAuthentication checks wrong BE user permission

In BackendUserAuthentication::getDefaultUploadFolder, the addFolder
permission flag is checked instead of the writeFolder permission flag in
determining whether the folder is writable and thus suitable as an
upload target.

This fix changes the behaviour to check for the BE user's "writeFolder"
permission flag.

Resolves: #77856
Releases: master, 7.6
Change-Id: Ib78f8f3d371780e2687b30bd402a7beaa44ec700
Reviewed-on: https://review.typo3.org/49866
Reviewed-by: Frans Saris <>
Tested-by: Frans Saris <>
Tested-by: TYPO3com <>
Reviewed-by: Nicole Cordes <>
Tested-by: Nicole Cordes <>
Reviewed-by: Michael Oehlhof <>
Reviewed-by: Stefan Neufeind <>
Tested-by: Stefan Neufeind <>
Reviewed-by: Wouter Wolters <>
Tested-by: Wouter Wolters <>

Revision 59a8dee7 (diff)
Added by Felix Rauch over 2 years ago

[BUGFIX] BackendUserAuthentication checks wrong BE user permission

In BackendUserAuthentication::getDefaultUploadFolder, the addFolder
permission flag is checked instead of the writeFolder permission flag in
determining whether the folder is writable and thus suitable as an
upload target.

This fix changes the behaviour to check for the BE user's "writeFolder"
permission flag.

Resolves: #77856
Releases: master, 7.6
Change-Id: Ib78f8f3d371780e2687b30bd402a7beaa44ec700
Reviewed-on: https://review.typo3.org/50054
Tested-by: TYPO3com <>
Reviewed-by: Wouter Wolters <>
Tested-by: Wouter Wolters <>

History

#1 Updated by Gerrit Code Review over 2 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/49866

#2 Updated by Gerrit Code Review over 2 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/49866

#3 Updated by Felix Rauch over 2 years ago

  • Description updated (diff)

#4 Updated by Gerrit Code Review over 2 years ago

Patch set 1 for branch TYPO3_7-6 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50054

#5 Updated by Felix Rauch over 2 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100

#6 Updated by Benni Mack 6 months ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF