Bug #79640
closedUser is able to rename file mount base folder
0%
Description
Hey everyone,
I just experienced this issue:
- A non-admin user who only has a certain filemount (e.g. fileadmin/EditorBaseFilemount mounted under the name of "Editor") included
- He clicks on the icon of that filemount (his "root" of the file tree)
- He clicks "Rename"
- In the name field, "EditorBaseFilemount" (so the name of the physical directory) is pre-filled
- He changes it to "Editor" or whatever else and clicks "Rename"
- The script runs for quite a while. The physical folder gets renamed from "EditorBaseFilemount" to "Editor", and Typo3 shows an error that access to the folder "EditorBaseFilemount" is denied
So my guess is: The physical folder gets renamed, but the filemount still points to the original folder name (user has no write access to sys_filemounts anyway). Since the physical folder has been renamed, it cannot be found anymore, thus everything is broken. As soon as I rename the physical folder back to its original name, everything works fine.
The user has all file access rights including Directory Rename because he should be able to create, move, rename, delete directories inside the filemount. But it seems like he can also rename the directory of the filemount, and that should be forbidden, correct?
Am I mistaken about access rights, or is this a real bug?
Typo3 7.6.15 on a Debian Jessie-driven nginx webserver, PHP-FPM 5.6.