Actions
Bug #84554
closedUser that has NO permission in group to delete files or folders in FAL can delete files and folders anyway
Status:
Closed
Priority:
Must have
Assignee:
-
Category:
File Abstraction Layer (FAL)
Target version:
-
Start date:
2018-03-29
Due date:
% Done:
0%
Estimated time:
TYPO3 Version:
8
PHP Version:
7.1
Tags:
Complexity:
Is Regression:
Sprint Focus:
Description
By setting up a storage and a brandnew user and removing the group the permission to just READ files and NOT to delete those the user can delete files or folders anyway. That shouldn't be!
I tried it to set it in the BE user group
and by deny him the permissions in the files and folder permissions by disable this on
plus adding the PageTS Script to disallow him to deny the user on the shared storage (i.e. the storage 1)
permissions.file.storage.1 {
addFile = 1
readFile = 1
writeFile = 0
copyFile = 0
moveFile = 0
renameFile = 0
unzipFile = 0
deleteFile = 0
addFolder = 0
readFolder = 0
writeFolder = 0
copyFolder = 0
moveFolder = 0
renameFolder = 0
deleteFolder = 1
recursivedeleteFolder = 0
}
But afterthat the user is still able to DELETE files and folders everywhere!
The set upped permission seems not to work at all! No matter what you set as permissions - nothing works!
Files
Actions