Bug #85185

Non-Admin BE user cannot delete own files on filemount

Added by Presedo Roberto over 1 year ago. Updated over 1 year ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
File Abstraction Layer (FAL)
Target version:
Start date:
2018-06-08
Due date:
% Done:

100%

TYPO3 Version:
8
PHP Version:
7.1
Tags:
Complexity:
medium
Is Regression:
Yes
Sprint Focus:

Description

If a non-admin BE user drops a file on a subfolder filemount (for example /fileadmin/restrictedfolder/), the user can not delete the files he dropped in.
In fact, TYPO3 looks for the nearest recycler by first checking in the root directory (fileadmin), but as the user does not have the rights to that root directory, an error is thrown.
The error should be try/catched and thrown only if not all rootline directories are not available for the user.

Steps to reproduce the problem

1. Create a folder in fileadmin called "restrictedfolder"
2. Create a "Filemount" called "RestrictedFolder Filemount" pointing on Storage "fileadmin/" and "/restrictedfolder/" folder.
3. Create a BE Group called "RestrictedFolder BE Group" with rights on "File>Filelist" module and with acces to "RestrictedFolder Filemount" File Mounts
4. Create a BE User called "RestrictedFolder BE User" attached to "RestrictedFolder BE Group" Group (not admin user!!)
5. Switch to BE User "RestrictedFolder BE User".
6. Upload a file in the "RestrictedFolder Filemount"
7. Check the "Extended view" in File list
8. Click on "Delete" icon

-> Error thrown "1375955684: You are not allowed to access the given folder"

As far as I can see, this has been introduced with this commit : https://github.com/TYPO3/TYPO3.CMS/commit/0d583b438880fe72b35deb784fe7469b42e32096


Related issues

Duplicates TYPO3 Core - Bug #85079: You are not allowed to access the given folder: "user_upload" Closed 2018-05-25

History

#1 Updated by Presedo Roberto over 1 year ago

  • Duplicates Bug #85079: You are not allowed to access the given folder: "user_upload" added

#2 Updated by Presedo Roberto over 1 year ago

  • % Done changed from 0 to 100

#3 Updated by Christian Kuhn over 1 year ago

  • Status changed from New to Closed

closed as dupe of #85079

Also available in: Atom PDF