Bug #88175: Exception thrown when searching for files: You are not allowed to access the given folder - TYPO3 Core - TYPO3 Forge

TYPO3 Core (Archived Projects)

Bug #88175

Exception thrown when searching for files: You are not allowed to access the given folder

Added by Chinnu Leela about 1 month ago. Updated about 20 hours ago.

Status:

New

Priority:

Should have

Assignee:

Category:

Target version:

Start date:

2019-04-18

Due date:

% Done:

TYPO3 Version:

PHP Version:

Tags:

Complexity:

Is Regression:

Sprint Focus:

Description

After upgrading to TYPO3 9.5.5 while editors search in File list an exception is thrown.
It seems that the system searches files in file mounts that are not assigned to the editor.

folder_access_issue.png View (146 KB) Chinnu Leela, 2019-04-18 14:52

screenshot-folder-access-permission.png View (144 KB) Chinnu Leela, 2019-04-22 06:54

History

#1 Updated by Michael Stucki about 1 month ago

Project changed from forge.typo3.org to TYPO3 Core
TYPO3 Version set to 9

Wrong project.

#2 Updated by Stephan Großberndt about 1 month ago

Subject changed from While search : You are not allowed to access the given folder to Exception thrown when searching for files: You are not allowed to access the given folder
Description updated (diff)

#3 Updated by Stephan Großberndt about 1 month ago

Status changed from New to Needs Feedback

Could you please add some information on the permissions set to storage and folder and on the permissions assigned to the user.

#4 Updated by Chinnu Leela about 1 month ago

File screenshot-folder-access-permission.png View added

To explain the situation suppose two folder structure exist
FolderOne->abc.pdf
FolderTwo->abcdef.pdf

The editor has access permission only to 'FolderTwo'.
Once he/she searches 'abc' in data folder list, triggers an error
'You are not allowed to access the given folder: "FolderOne"'

#5 Updated by Chinnu Leela 26 days ago

Gentle remainder.

#6 Updated by Chinnu Leela 10 days ago

The issue persists in TYPO3 9.5.6 release also.
Can you share the current status.

#7 Updated by Riccardo De Contardi about 20 hours ago

Status changed from Needs Feedback to New

The problem still occurs on both 9.5.7 and 10.0.0-dev with the following Steps

1. Create a folder /fileadmin/Images
1.1 Upload in there a file e.g. sample.jpg
2 Create a folder /fileadmin/Images_2
2.1 Upload in there a file e.g. sample_other.jpg
3. Create a filemount "Images" that points to 1. (/fileadmin/Images)
4. Create a filemount "Images_2" that points to 2. (/fileadmin/Images_2)
5. Create a usergroup "Editors"
5.1 Assign only the filemount 4. ("Images")
5.2 Assign to it enough permissions (e.g. the "Filelist module)
6. Create a user "editor" and assign to it the group 5 ("Editors")

Test Execution¶

1. Switch to "Editor" user
2. Go to Filelist module
3. Try to search for "Sample"

Test results:¶

The exception

You are not allowed to access the given folder: "Images_2"

Is thrown

Expected results:¶

- no exception should be thrown
- the search should only be executed on the allowed folders.

Also available in: Atom PDF

TYPO3 Core

Issues

Custom queries