Bug #81308

Epic #83669: Improve file list / file browser

Deleting a referenced file via filelist module, definined in sys_file_metadata

Added by Sascha Maier over 2 years ago. Updated almost 2 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2017-05-22
Due date:
% Done:

0%

TYPO3 Version:
8
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

We extended the sys_file_metadata table to add references to existing files in normal filelist entries. For admin Users everything is ok. Unfortunately for non-admin users the "delete" button to remove the reference is missing.

Our TCA changes:

<?php

\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::addTCAcolumns('sys_file_metadata', array(
    'attachments' => array(
        'exclude' => 1,
        'label' => 'LLL:EXT:as_formular_center/Resources/Private/Language/locallang_be.xlf:sys_file_metadata.as_attachments',
        'config' => \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::getFileFieldTCAConfig(
            'files',
            array(
                'appearance' => array(
                    'createNewRelationLinkTitle' => 'LLL:EXT:cms/locallang_ttc.xlf:files.addFileReference'
                )
            )
        )
    )
));
\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::addToAllTCAtypes('sys_file_metadata', 'attachments', '', 'after:source');

Applied the following changes and the button is shown:

diff --git a/typo3/sysext/backend/Classes/Form/Container/InlineRecordContainer.php b/typo3/sysext/backend/Classes/Form/Container/InlineRecordContainer.php
index a67800777d..835bc8b470 100644
--- a/typo3/sysext/backend/Classes/Form/Container/InlineRecordContainer.php
+++ b/typo3/sysext/backend/Classes/Form/Container/InlineRecordContainer.php
@@ -525,7 +525,11 @@ class InlineRecordContainer extends AbstractContainer
             // "Delete" link:
             if ($enabledControls['delete'] && ($isPagesTable && $localCalcPerms & Permission::PAGE_DELETE
                     || !$isPagesTable && $calcPerms & Permission::CONTENT_EDIT
-                    || $isSysFileReferenceTable && $calcPerms & Permission::PAGE_EDIT)
+                    || $isSysFileReferenceTable  && (
+                        ( $calcPerms & Permission::PAGE_EDIT )
+                        || ( $rec['table_local'] === 'sys_file' && $rec ['pid'] === 0)
+                    )
+                )
             ) {
                 $title = htmlspecialchars($languageService->sL('LLL:EXT:lang/Resources/Private/Language/locallang_mod_web_list.xlf:delete'));
                 $icon = $this->iconFactory->getIcon('actions-edit-delete', Icon::SIZE_SMALL)->render();

Problem is, calPerms will not work on rows with pid == 0.

sys_file_metadata_file_reference.png View (4.05 KB) Sascha Maier, 2017-05-22 22:38

patch.diff View (1.21 KB) Sascha Maier, 2017-05-23 08:53


Related issues

Related to TYPO3 Core - Bug #71319: IRRE in sys_file_metadata doesn't work for normal users Closed 2015-11-04
Related to TYPO3 Core - Bug #75332: Saving relations to files in sys_file_metadata does not work for normal users Closed 2016-03-31
Related to TYPO3 Core - Bug #75748: Editor can't remove images attached to other images Closed 2016-04-18

History

#1 Updated by Sascha Maier over 2 years ago

Add patch file.

#2 Updated by Sascha Maier over 2 years ago

Enhanced patch to use the same security checks, which used to display the edit pencil:

diff --git a/typo3/sysext/backend/Classes/Form/Container/InlineRecordContainer.php b/typo3/sysext/backend/Classes/Form/Container/InlineRecordContainer.php
index a67800777d..aeac65a9a6 100644
--- a/typo3/sysext/backend/Classes/Form/Container/InlineRecordContainer.php
+++ b/typo3/sysext/backend/Classes/Form/Container/InlineRecordContainer.php
@@ -522,10 +522,24 @@ class InlineRecordContainer extends AbstractContainer
                         </a>';
                 }
             }
+
             // "Delete" link:
+
+            // Use the same security checks like above used to check the access to edit the file
+            $isWriteableSysFileReferenceInSysFileTable = false;
+            if ( $rec['table_local'] === 'sys_file' && $rec ['pid'] === 0 ) {
+                if ($backendUser->check('tables_modify', 'sys_file_metadata')) {
+                    $isWriteableSysFileReferenceInSysFileTable = true;
+                }
+            }
+
             if ($enabledControls['delete'] && ($isPagesTable && $localCalcPerms & Permission::PAGE_DELETE
                     || !$isPagesTable && $calcPerms & Permission::CONTENT_EDIT
-                    || $isSysFileReferenceTable && $calcPerms & Permission::PAGE_EDIT)
+                    || $isSysFileReferenceTable  && (
+                        ( $calcPerms & Permission::PAGE_EDIT )
+                        || $isWriteableSysFileReferenceInSysFileTable
+                    )
+                )
             ) {
                 $title = htmlspecialchars($languageService->sL('LLL:EXT:lang/Resources/Private/Language/locallang_mod_web_list.xlf:delete'));
                 $icon = $this->iconFactory->getIcon('actions-edit-delete', Icon::SIZE_SMALL)->render();

#3 Updated by Gerrit Code Review over 2 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/52927

#4 Updated by Gerrit Code Review over 2 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/52927

#5 Updated by Gerrit Code Review over 2 years ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/52927

#6 Updated by Stefan P almost 2 years ago

What is the state of this patch?

#7 Updated by Riccardo De Contardi almost 2 years ago

  • Parent task set to #83669

#8 Updated by Mathias Schreiber almost 2 years ago

  • Description updated (diff)

#9 Updated by Mathias Schreiber almost 2 years ago

  • Status changed from Under Review to Closed

We won't support these kinds of back and forth loops.
There are a couple of reasons for that.

  • We will merge sys_file and sys_file_metadata soon anyways. In this case this would result in references from sys_file to sys_file.
  • When in need of bundling (or building a collection) of files, File Collections should be used.
  • If you want to solve a pure UI related issue (as in attaching files to another file) you're better of with a dedicated FormEngine type that will result in the respective UI.

From reading through the issue I can't help but think you actually want to solve a different issue here.
Let's discuss your usecase on Slack or decisions.typo3.org and then come up with a solution that doesn't feel so tucked together.

#10 Updated by Riccardo De Contardi almost 2 years ago

  • Related to Bug #71319: IRRE in sys_file_metadata doesn't work for normal users added

#11 Updated by Riccardo De Contardi almost 2 years ago

  • Related to Bug #75332: Saving relations to files in sys_file_metadata does not work for normal users added

#12 Updated by Riccardo De Contardi almost 2 years ago

  • Related to Bug #75748: Editor can't remove images attached to other images added

Also available in: Atom PDF