Bug #85079

You are not allowed to access the given folder: "user_upload"

Added by Claus Harup about 1 year ago. Updated 11 months ago.

Status:
Closed
Priority:
Must have
Assignee:
Category:
Backend API
Target version:
-
Start date:
2018-05-25
Due date:
% Done:

100%

TYPO3 Version:
8
PHP Version:
Tags:
Complexity:
Is Regression:
Yes
Sprint Focus:

Description

After upgrading to 8.7.15 from 8.7.13 my editors suddenly cannot delete files in their folders..... - They have no problem creating folders or files, but they are not allowed to delete them again (files with no references, that is :-))

See attached image

Greatings

Claus

bug.png View (63.4 KB) Claus Harup, 2018-05-25 11:13


Related issues

Related to TYPO3 Core - Bug #81836: deleting a file inside _recycler_ folder generates new file with preview_ prefix Closed 2017-07-11
Related to TYPO3 Core - Bug #85108: Deletion of file is impossible, if filemount isn't / Closed 2018-05-29
Related to TYPO3 Core - Bug #85243: stuck in infinite loop when deleting a file Closed 2018-06-12
Related to TYPO3 Core - Bug #88632: File cannot be deleted from a storage that is not browsable Resolved 2019-06-26
Duplicated by TYPO3 Core - Bug #85185: Non-Admin BE user cannot delete own files on filemount Closed 2018-06-08
Duplicated by TYPO3 Core - Bug #85141: #1375955684: You are not allowed to access the given folder: "user_upload" Closed 2018-06-01

Associated revisions

Revision a52ca0e9 (diff)
Added by Nicole Cordes about 1 year ago

[BUGFIX] Handle access restrictions on recycler search

Fetching a parent folder may throws an error if the user hasn't
access to the parent. This exception needs to be caught and the
search for an existing recycler folder needs to be stopped
immediately.

Furthermore the patch removes the comparison with the root level
folder but checks the parent folder doesn't equal the folder itself.

Another loop is fixed by calling moveFile on the correct
ResourceStorge and not the current one.

Resolves: #85079
Related: #81836
Releases: master, 8.7
Change-Id: I51f5e20d7fa7da9b350ac0ca60cab05866a4d337
Reviewed-on: https://review.typo3.org/57052
Tested-by: TYPO3com <>
Reviewed-by: Markus Klein <>
Tested-by: Markus Klein <>
Reviewed-by: Frans Saris <>
Tested-by: Frans Saris <>

Revision 68c78a75 (diff)
Added by Nicole Cordes about 1 year ago

[BUGFIX] Handle access restrictions on recycler search

Fetching a parent folder may throws an error if the user hasn't
access to the parent. This exception needs to be caught and the
search for an existing recycler folder needs to be stopped
immediately.

Furthermore the patch removes the comparison with the root level
folder but checks the parent folder doesn't equal the folder itself.

Another loop is fixed by calling moveFile on the correct
ResourceStorge and not the current one.

Resolves: #85079
Related: #81836
Releases: master, 8.7
Change-Id: I51f5e20d7fa7da9b350ac0ca60cab05866a4d337
Reviewed-on: https://review.typo3.org/57105
Reviewed-by: Frans Saris <>
Tested-by: Frans Saris <>

History

#1 Updated by Markus Klein about 1 year ago

  • Target version deleted (Candidate for patchlevel)

According to the screenshot the user_upload folder (which is the default for a BE user if not changed via user TSconfig) is not within the file mounts.

Sounds like a misconfiguration.

#2 Updated by Claus Harup about 1 year ago

Markus Klein wrote:

According to the screenshot the user_upload folder (which is the default for a BE user if not changed via user TSconfig) is not within the file mounts.

Sounds like a misconfiguration.

It has been working fine in ALL 8 branches...... - rolling back to 8.7.13 all works again?!?!?!

The file storage (Fileadmin): fileadmin/

The file mount: choosing "Fileadmin" and choosing folder: /user_upload/Editor/

#3 Updated by Typoheads GmbH about 1 year ago

I can confirm that.

Tested with 8.7.13 and 8.7.15 with the same user, same data, same configuration.

8.7.13 -> works fine

8.7.15 -> Exception You are not allowed to access the given folder: "inhalte"

So it seems not to be related with "user_upload".

#4 Updated by Claus Harup about 1 year ago

Typoheads GmbH wrote:

I can confirm that.

Tested with 8.7.13 and 8.7.15 with the same user, same data, same configuration.

8.7.13 -> works fine

8.7.15 -> Exception You are not allowed to access the given folder: "inhalte"

So it seems not to be related with "user_upload".

....so your path would be "fileadmin/user_upload/inhalte/"?

#5 Updated by Typoheads GmbH about 1 year ago

No, "fileadmin/inhalte".

The problem seems to come from this commit https://github.com/TYPO3/TYPO3.CMS/commit/0d583b438880fe72b35deb784fe7469b42e32096

When deleting a file, TYPO3 searches for the nearest recycler folder by accessing the parent folder of the current folder. When the user has no access to this folder -> Exception.

#6 Updated by Claus Harup about 1 year ago

Typoheads GmbH wrote:

No, "fileadmin/inhalte".

The problem seems to come from this commit https://github.com/TYPO3/TYPO3.CMS/commit/0d583b438880fe72b35deb784fe7469b42e32096

When deleting a file, TYPO3 searches for the nearest recycler folder by accessing the parent folder of the current folder. When the user has no access to this folder -> Exception.

Aha.... - so it wasnt just me :-|

#7 Updated by Nicole Cordes about 1 year ago

  • Assignee set to Nicole Cordes

#8 Updated by Nicole Cordes about 1 year ago

  • Status changed from New to Accepted
  • Is Regression set to Yes

#9 Updated by Nicole Cordes about 1 year ago

  • Related to Bug #81836: deleting a file inside _recycler_ folder generates new file with preview_ prefix added

#10 Updated by Gerrit Code Review about 1 year ago

  • Status changed from Accepted to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57052

#11 Updated by Gerrit Code Review about 1 year ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57052

#12 Updated by Gerrit Code Review about 1 year ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57052

#13 Updated by Gerrit Code Review about 1 year ago

Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57052

#14 Updated by Gerrit Code Review about 1 year ago

Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57052

#15 Updated by Gerrit Code Review about 1 year ago

Patch set 6 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57052

#16 Updated by Gerrit Code Review about 1 year ago

Patch set 7 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57052

#17 Updated by Gerrit Code Review about 1 year ago

Patch set 8 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57052

#18 Updated by Michael Binder about 1 year ago

  • Related to Bug #85108: Deletion of file is impossible, if filemount isn't / added

#19 Updated by Gerrit Code Review about 1 year ago

Patch set 1 for branch TYPO3_8-7 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/57105

#20 Updated by Nicole Cordes about 1 year ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100

#21 Updated by Stefan P about 1 year ago

Will there be an out-of-plan release for this? Because this is affecting a lot of our installations and we are constantly getting reports that users can not delete their files anymore.

#22 Updated by Christoph Lehmann about 1 year ago

  • Related to Bug #85141: #1375955684: You are not allowed to access the given folder: "user_upload" added

#23 Updated by Claus Harup about 1 year ago

Stefan P wrote:

Will there be an out-of-plan release for this? Because this is affecting a lot of our installations and we are constantly getting reports that users can not delete their files anymore.

Im in the exact same position - have to tell my clients to be patient :-|

#24 Updated by Nicole Cordes about 1 year ago

There will be a new release of TYPO3 8.7 on Tuesday, 12.06

#25 Updated by Presedo Roberto about 1 year ago

  • Duplicated by Bug #85185: Non-Admin BE user cannot delete own files on filemount added

#26 Updated by Mathias Brodala about 1 year ago

  • Related to deleted (Bug #85141: #1375955684: You are not allowed to access the given folder: "user_upload")

#27 Updated by Mathias Brodala about 1 year ago

  • Duplicated by Bug #85141: #1375955684: You are not allowed to access the given folder: "user_upload" added

#28 Updated by Simon Gilli about 1 year ago

  • Related to Bug #85243: stuck in infinite loop when deleting a file added

#29 Updated by Benni Mack 11 months ago

  • Status changed from Resolved to Closed

#30 Updated by Markus Klein about 2 months ago

  • Related to Bug #88632: File cannot be deleted from a storage that is not browsable added

Also available in: Atom PDF