Bug #39949
Local file not editable (as admin) - User right 'edit' vs. 'update'
| Status: | Resolved | Start date: | 2012-08-19 | |
|---|---|---|---|---|
| Priority: | Must have | Due date: | ||
| Assigned To: | Andreas Wolf | % Done: | 0% |
|
| Category: | File Abstraction Layer (FAL) | Spent time: | - | |
| Target version: | 6.0.0-beta2 | |||
| TYPO3 Version: | 6.0 | Is Regression: | ||
| PHP Version: | Sprint Focus: | |||
| Complexity: |
Description
When editing a local file (as admin user without any rights set up), there is a mismatch between the granted defaults and the checked permission. This results in an exception when trying to save a text file.
In t3lib_file_Storage the permission to 'update' is checked
public function setFileContents(t3lib_file_AbstractFile $file, $contents) {
// Check if user is allowed to update
if (!$this->checkUserActionPermission('update', 'File')) {
throw new t3lib_file_exception_InsufficientUserPermissionsException('Updating file "'
. $file->getIdentifier() . '" not allowed for user.', 1330121117);
}
But the default permissions in t3lib_beUserAuth->getFilePermissions do not include 'update', only 'edit'
if (!isset($this->filePermissions)) {
$defaultOptions = array(
'addFile' => TRUE, // new option
'readFile' => TRUE, // new option, generic check of the user rights
'editFile' => TRUE, // new option
'writeFile' => TRUE, // new option, generic check of the user rights
'uploadFile' => TRUE,
'copyFile' => TRUE,
'moveFile' => TRUE,
'renameFile' => TRUE,
'unzipFile' => TRUE,
'removeFile' => TRUE,
'addFolder' => TRUE,
'browseFolder' => TRUE, // new option,, generic check of the user rights
'moveFolder' => TRUE,
'renameFolder' => TRUE,
'writeFolder' => TRUE, // new option, generic check of the user rights
'removeFolder' => TRUE,
'removeSubfolders' => TRUE // was "delete recursively" previously
);
Related issues
Associated revisions
[BUGFIX] Files contents cannot be changed
Setting file contents failed for two reasons:
a) The permissions were incorrectly read from TSconfig and
b) We used a new "update" permission that was not present
in the default configuration, so without manually setting it,
a file could never be updated, even by admins.
This commit changes the "update" permission back to "edit", which was
also used in the pre-FAL era.
Change-Id: I408a19257a50868f7978ffac32eefbd410117e2d
Resolves: #37812
Resolves: #39860
Resolves: #39949
Releases: 6.0
Reviewed-on: http://review.typo3.org/14257
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
History
#1 Updated by Andreas Wolf almost 3 years ago
- Project changed from File Abstraction Layer to Core
#2 Updated by Andreas Wolf almost 3 years ago
- Category set to File Abstraction Layer (FAL)
- TYPO3 Version set to 6.0
#3 Updated by Andreas Wolf almost 3 years ago
- Status changed from New to Accepted
Patch for this is pending at #37812.
#4 Updated by Andreas Wolf almost 3 years ago
- Status changed from Accepted to Under Review
#5 Updated by Gerrit Code Review almost 3 years ago
Patch set 2 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/14257
#6 Updated by Gerrit Code Review almost 3 years ago
Patch set 3 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/14257
#7 Updated by Steffen Ritter almost 3 years ago
- Assigned To set to Andreas Wolf
#8 Updated by Steffen Ritter almost 3 years ago
- Target version set to 6.0.0-beta2
#9 Updated by Gerrit Code Review almost 3 years ago
Patch set 4 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/14257
#10 Updated by Anonymous almost 3 years ago
- Status changed from Under Review to Resolved
Applied in changeset cfd107268c3173f1fe8e05027bc7d049e9293fff.