Bug #81308
closed
Epic #83669: Improve file list / file browser
Deleting a referenced file via filelist module, definined in sys_file_metadata
0%
Description
We extended the sys_file_metadata table to add references to existing files in normal filelist entries. For admin Users everything is ok. Unfortunately for non-admin users the "delete" button to remove the reference is missing.
Our TCA changes:
<?php
\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::addTCAcolumns('sys_file_metadata', array(
'attachments' => array(
'exclude' => 1,
'label' => 'LLL:EXT:as_formular_center/Resources/Private/Language/locallang_be.xlf:sys_file_metadata.as_attachments',
'config' => \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::getFileFieldTCAConfig(
'files',
array(
'appearance' => array(
'createNewRelationLinkTitle' => 'LLL:EXT:cms/locallang_ttc.xlf:files.addFileReference'
)
)
)
)
));
\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::addToAllTCAtypes('sys_file_metadata', 'attachments', '', 'after:source');
Applied the following changes and the button is shown:
diff --git a/typo3/sysext/backend/Classes/Form/Container/InlineRecordContainer.php b/typo3/sysext/backend/Classes/Form/Container/InlineRecordContainer.php
index a67800777d..835bc8b470 100644
--- a/typo3/sysext/backend/Classes/Form/Container/InlineRecordContainer.php
+++ b/typo3/sysext/backend/Classes/Form/Container/InlineRecordContainer.php
@@ -525,7 +525,11 @@ class InlineRecordContainer extends AbstractContainer
// "Delete" link:
if ($enabledControls['delete'] && ($isPagesTable && $localCalcPerms & Permission::PAGE_DELETE
|| !$isPagesTable && $calcPerms & Permission::CONTENT_EDIT
- || $isSysFileReferenceTable && $calcPerms & Permission::PAGE_EDIT)
+ || $isSysFileReferenceTable && (
+ ( $calcPerms & Permission::PAGE_EDIT )
+ || ( $rec['table_local'] === 'sys_file' && $rec ['pid'] === 0)
+ )
+ )
) {
$title = htmlspecialchars($languageService->sL('LLL:EXT:lang/Resources/Private/Language/locallang_mod_web_list.xlf:delete'));
$icon = $this->iconFactory->getIcon('actions-edit-delete', Icon::SIZE_SMALL)->render();
Problem is, calPerms will not work on rows with pid == 0.
Files
Updated by Sascha Maier over 7 years ago
Enhanced patch to use the same security checks, which used to display the edit pencil:
diff --git a/typo3/sysext/backend/Classes/Form/Container/InlineRecordContainer.php b/typo3/sysext/backend/Classes/Form/Container/InlineRecordContainer.php
index a67800777d..aeac65a9a6 100644
--- a/typo3/sysext/backend/Classes/Form/Container/InlineRecordContainer.php
+++ b/typo3/sysext/backend/Classes/Form/Container/InlineRecordContainer.php
@@ -522,10 +522,24 @@ class InlineRecordContainer extends AbstractContainer
</a>';
}
}
+
// "Delete" link:
+
+ // Use the same security checks like above used to check the access to edit the file
+ $isWriteableSysFileReferenceInSysFileTable = false;
+ if ( $rec['table_local'] === 'sys_file' && $rec ['pid'] === 0 ) {
+ if ($backendUser->check('tables_modify', 'sys_file_metadata')) {
+ $isWriteableSysFileReferenceInSysFileTable = true;
+ }
+ }
+
if ($enabledControls['delete'] && ($isPagesTable && $localCalcPerms & Permission::PAGE_DELETE
|| !$isPagesTable && $calcPerms & Permission::CONTENT_EDIT
- || $isSysFileReferenceTable && $calcPerms & Permission::PAGE_EDIT)
+ || $isSysFileReferenceTable && (
+ ( $calcPerms & Permission::PAGE_EDIT )
+ || $isWriteableSysFileReferenceInSysFileTable
+ )
+ )
) {
$title = htmlspecialchars($languageService->sL('LLL:EXT:lang/Resources/Private/Language/locallang_mod_web_list.xlf:delete'));
$icon = $this->iconFactory->getIcon('actions-edit-delete', Icon::SIZE_SMALL)->render();
Updated by Gerrit Code Review over 7 years ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/52927
Updated by Gerrit Code Review over 7 years ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/52927
Updated by Gerrit Code Review over 7 years ago
Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/52927
Updated by
Updated by Mathias Schreiber almost 7 years ago
- Status changed from Under Review to Closed
We won't support these kinds of back and forth loops.
There are a couple of reasons for that.
- We will merge sys_file and sys_file_metadata soon anyways. In this case this would result in references from sys_file to sys_file.
- When in need of bundling (or building a collection) of files, File Collections should be used.
- If you want to solve a pure UI related issue (as in attaching files to another file) you're better of with a dedicated FormEngine type that will result in the respective UI.
From reading through the issue I can't help but think you actually want to solve a different issue here.
Let's discuss your usecase on Slack or decisions.typo3.org and then come up with a solution that doesn't feel so tucked together.
Updated by Riccardo De Contardi almost 7 years ago
- Related to Bug #71319: IRRE in sys_file_metadata doesn't work for normal users added
Updated by Riccardo De Contardi almost 7 years ago
- Related to Bug #75332: Saving relations to files in sys_file_metadata does not work for normal users added
Updated by Riccardo De Contardi almost 7 years ago
- Related to Bug #75748: Editor can't remove images attached to other images added
Updated by Georg Ringer 5 months ago
- Related to Bug #99516: Editors can't delete or disable file references attached to sys_file_metadata added