Bug #85079

You are not allowed to access the given folder: "user_upload"

Added by Claus Harup 11 months ago. Updated 7 months ago.

Status:
Closed
Priority:
Must have
Assignee:
Category:
Backend API
Target version:
-
Start date:
2018-05-25
Due date:
% Done:

100%

TYPO3 Version:
8
PHP Version:
Tags:
Complexity:
Is Regression:
Yes
Sprint Focus:

Description

After upgrading to 8.7.15 from 8.7.13 my editors suddenly cannot delete files in their folders..... - They have no problem creating folders or files, but they are not allowed to delete them again (files with no references, that is :-))

See attached image

Greatings

Claus

bug.png View (63.4 KB) Claus Harup, 2018-05-25 11:13


Related issues

Related to TYPO3 Core - Bug #81836: deleting a file inside _recycler_ folder generates new file with preview_ prefix Closed 2017-07-11
Related to TYPO3 Core - Bug #85108: Deletion of file is impossible, if filemount isn't / Needs Feedback 2018-05-29
Related to TYPO3 Core - Bug #85243: stuck in infinite loop when deleting a file Closed 2018-06-12
Duplicated by TYPO3 Core - Bug #85185: Non-Admin BE user cannot delete own files on filemount Closed 2018-06-08
Duplicated by TYPO3 Core - Bug #85141: #1375955684: You are not allowed to access the given folder: "user_upload" Closed 2018-06-01

Associated revisions

Revision a52ca0e9 (diff)
Added by Nicole Cordes 11 months ago

[BUGFIX] Handle access restrictions on recycler search

Fetching a parent folder may throws an error if the user hasn't
access to the parent. This exception needs to be caught and the
search for an existing recycler folder needs to be stopped
immediately.

Furthermore the patch removes the comparison with the root level
folder but checks the parent folder doesn't equal the folder itself.

Another loop is fixed by calling moveFile on the correct
ResourceStorge and not the current one.

Resolves: #85079
Related: #81836
Releases: master, 8.7
Change-Id: I51f5e20d7fa7da9b350ac0ca60cab05866a4d337
Reviewed-on: https://review.typo3.org/57052
Tested-by: TYPO3com <>
Reviewed-by: Markus Klein <>
Tested-by: Markus Klein <>
Reviewed-by: Frans Saris <>
Tested-by: Frans Saris <>

Revision 68c78a75 (diff)
Added by Nicole Cordes 11 months ago

[BUGFIX] Handle access restrictions on recycler search

Fetching a parent folder may throws an error if the user hasn't
access to the parent. This exception needs to be caught and the
search for an existing recycler folder needs to be stopped
immediately.

Furthermore the patch removes the comparison with the root level
folder but checks the parent folder doesn't equal the folder itself.

Another loop is fixed by calling moveFile on the correct
ResourceStorge and not the current one.

Resolves: #85079
Related: #81836
Releases: master, 8.7
Change-Id: I51f5e20d7fa7da9b350ac0ca60cab05866a4d337
Reviewed-on: https://review.typo3.org/57105
Reviewed-by: Frans Saris <>
Tested-by: Frans Saris <>

History

#1 Updated by Markus Klein 11 months ago

  • Target version deleted (Candidate for patchlevel)

According to the screenshot the user_upload folder (which is the default for a BE user if not changed via user TSconfig) is not within the file mounts.

Sounds like a misconfiguration.

#2 Updated by Claus Harup 11 months ago

Markus Klein wrote:

According to the screenshot the user_upload folder (which is the default for a BE user if not changed via user TSconfig) is not within the file mounts.

Sounds like a misconfiguration.

It has been working fine in ALL 8 branches...... - rolling back to 8.7.13 all works again?!?!?!

The file storage (Fileadmin): fileadmin/

The file mount: choosing "Fileadmin" and choosing folder: /user_upload/Editor/

#3 Updated by Typoheads GmbH 11 months ago

I can confirm that.

Tested with 8.7.13 and 8.7.15 with the same user, same data, same configuration.

8.7.13 -> works fine

8.7.15 -> Exception You are not allowed to access the given folder: "inhalte"

So it seems not to be related with "user_upload".

#4 Updated by Claus Harup 11 months ago

Typoheads GmbH wrote:

I can confirm that.

Tested with 8.7.13 and 8.7.15 with the same user, same data, same configuration.

8.7.13 -> works fine

8.7.15 -> Exception You are not allowed to access the given folder: "inhalte"

So it seems not to be related with "user_upload".

....so your path would be "fileadmin/user_upload/inhalte/"?

#5 Updated by Typoheads GmbH 11 months ago

No, "fileadmin/inhalte".

The problem seems to come from this commit https://github.com/TYPO3/TYPO3.CMS/commit/0d583b438880fe72b35deb784fe7469b42e32096

When deleting a file, TYPO3 searches for the nearest recycler folder by accessing the parent folder of the current folder. When the user has no access to this folder -> Exception.

#6 Updated by Claus Harup 11 months ago

Typoheads GmbH wrote:

No, "fileadmin/inhalte".

The problem seems to come from this commit https://github.com/TYPO3/TYPO3.CMS/commit/0d583b438880fe72b35deb784fe7469b42e32096

When deleting a file, TYPO3 searches for the nearest recycler folder by accessing the parent folder of the current folder. When the user has no access to this folder -> Exception.

Aha.... - so it wasnt just me :-|

#7 Updated by Nicole Cordes 11 months ago

  • Assignee set to Nicole Cordes

#8 Updated by Nicole Cordes 11 months ago

  • Status changed from New to Accepted
  • Is Regression set to Yes

#9 Updated by Nicole Cordes 11 months ago

  • Related to Bug #81836: deleting a file inside _recycler_ folder generates new file with preview_ prefix added

#10 Updated by Gerrit Code Review 11 months ago

  • Status changed from Accepted to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57052

#11 Updated by Gerrit Code Review 11 months ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57052

#12 Updated by Gerrit Code Review 11 months ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57052

#13 Updated by Gerrit Code Review 11 months ago

Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57052

#14 Updated by Gerrit Code Review 11 months ago

Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57052

#15 Updated by Gerrit Code Review 11 months ago

Patch set 6 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57052

#16 Updated by Gerrit Code Review 11 months ago

Patch set 7 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57052

#17 Updated by Gerrit Code Review 11 months ago

Patch set 8 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57052

#18 Updated by Michael Binder 11 months ago

  • Related to Bug #85108: Deletion of file is impossible, if filemount isn't / added

#19 Updated by Gerrit Code Review 11 months ago

Patch set 1 for branch TYPO3_8-7 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57105

#20 Updated by Nicole Cordes 11 months ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100

#21 Updated by Stefan P 11 months ago

Will there be an out-of-plan release for this? Because this is affecting a lot of our installations and we are constantly getting reports that users can not delete their files anymore.

#22 Updated by Christoph Lehmann 11 months ago

  • Related to Bug #85141: #1375955684: You are not allowed to access the given folder: "user_upload" added

#23 Updated by Claus Harup 11 months ago

Stefan P wrote:

Will there be an out-of-plan release for this? Because this is affecting a lot of our installations and we are constantly getting reports that users can not delete their files anymore.

Im in the exact same position - have to tell my clients to be patient :-|

#24 Updated by Nicole Cordes 11 months ago

There will be a new release of TYPO3 8.7 on Tuesday, 12.06

#25 Updated by Presedo Roberto 11 months ago

  • Duplicated by Bug #85185: Non-Admin BE user cannot delete own files on filemount added

#26 Updated by Mathias Brodala 11 months ago

  • Related to deleted (Bug #85141: #1375955684: You are not allowed to access the given folder: "user_upload")

#27 Updated by Mathias Brodala 11 months ago

  • Duplicated by Bug #85141: #1375955684: You are not allowed to access the given folder: "user_upload" added

#28 Updated by Simon Gilli 10 months ago

  • Related to Bug #85243: stuck in infinite loop when deleting a file added

#29 Updated by Benni Mack 7 months ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF