Bug #88175

Exception thrown when searching for files: You are not allowed to access the given folder

Added by Chinnu Leela over 2 years ago. Updated over 1 year ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
File Abstraction Layer (FAL)
Target version:
-
Start date:
2019-04-18
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
9
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

After upgrading to TYPO3 9.5.5 while editors search in File list an exception is thrown.
It seems that the system searches files in file mounts that are not assigned to the editor.


Files

folder_access_issue.png (146 KB) folder_access_issue.png Chinnu Leela, 2019-04-18 14:52
screenshot-folder-access-permission.png (144 KB) screenshot-folder-access-permission.png Chinnu Leela, 2019-04-22 06:54

Related issues

Related to TYPO3 Core - Bug #87610: Filelist Search - Add constraint to avoid searching of records marked as missing.Closed2019-02-01

Actions
#1

Updated by Michael Stucki over 2 years ago

  • Project changed from forge.typo3.org to TYPO3 Core
  • TYPO3 Version set to 9

Wrong project.

#2

Updated by Stephan Großberndt over 2 years ago

  • Subject changed from While search : You are not allowed to access the given folder to Exception thrown when searching for files: You are not allowed to access the given folder
  • Description updated (diff)
#3

Updated by Stephan Großberndt over 2 years ago

  • Status changed from New to Needs Feedback

Could you please add some information on the permissions set to storage and folder and on the permissions assigned to the user.

#4

Updated by Chinnu Leela over 2 years ago

To explain the situation suppose two folder structure exist
FolderOne->abc.pdf
FolderTwo->abcdef.pdf

The editor has access permission only to 'FolderTwo'.
Once he/she searches 'abc' in data folder list, triggers an error
'You are not allowed to access the given folder: "FolderOne"'

#5

Updated by Chinnu Leela over 2 years ago

Gentle remainder.

#6

Updated by Chinnu Leela over 2 years ago

The issue persists in TYPO3 9.5.6 release also.
Can you share the current status.

#7

Updated by Riccardo De Contardi over 2 years ago

  • Status changed from Needs Feedback to New

The problem still occurs on both 9.5.7 and 10.0.0-dev with the following Steps

1. Create a folder /fileadmin/Images
1.1 Upload in there a file e.g. sample.jpg
2 Create a folder /fileadmin/Images_2
2.1 Upload in there a file e.g. sample_other.jpg
3. Create a filemount "Images" that points to 1. (/fileadmin/Images)
4. Create a filemount "Images_2" that points to 2. (/fileadmin/Images_2)
5. Create a usergroup "Editors"
5.1 Assign only the filemount 4. ("Images")
5.2 Assign to it enough permissions (e.g. the "Filelist module)
6. Create a user "editor" and assign to it the group 5 ("Editors")

Test Execution

1. Switch to "Editor" user
2. Go to Filelist module
3. Try to search for "Sample"

Test results:

The exception

You are not allowed to access the given folder: "Images_2" 

Is thrown

Expected results:

- no exception should be thrown
- the search should only be executed on the allowed folders.

#8

Updated by Karina Helena Reinhardt about 2 years ago

Still occurs in 9.5.8

#9

Updated by Christian Eßl about 2 years ago

  • Category set to File Abstraction Layer (FAL)
#10

Updated by Sybille Peters almost 2 years ago

I had this problem too. The filelist search tries to access files outside of the file mount.

Reproduced with 9.5.11

1. Searching (as editor) in fileadmin/user_upload/a (is filemount)
2. Tries to access file in fileadmin/user_upload/b/images/

It seems to me it is the same problem as Riccardo described.

#11

Updated by Oliver Hader almost 2 years ago

  • Related to Bug #87610: Filelist Search - Add constraint to avoid searching of records marked as missing. added
#12

Updated by Gerrit Code Review almost 2 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/62872

#13

Updated by Gerrit Code Review almost 2 years ago

Patch set 1 for branch 9.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/62943

#14

Updated by Sebastian Hofer almost 2 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
#15

Updated by Benni Mack over 1 year ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF