[FEATURE] Split file permission for be_users and be_groups 13/24613/12
authorNicole Cordes <typo3@cordes.co>
Fri, 11 Oct 2013 08:46:26 +0000 (10:46 +0200)
committerHelmut Hummel <helmut.hummel@typo3.org>
Sun, 13 Oct 2013 21:12:45 +0000 (23:12 +0200)
Since TYPO3 6.0 you can set specific file and folder permissions by
userTSconfig. This patch adds a new field for every table to be able to
set detailed access in the backend record. Any userTSconfig will take
privilege over user and group data. An update step converts the
old binary values to string list.
Deprecated functions to support the binary values of the old fields
are removed completly. Unit tests were adapted.

Resolves: #52716
Resolves: #50574
Releases: 6.2
Change-Id: I064887c60e215e9c394d484a4afd3faef51ee324
Reviewed-on: https://review.typo3.org/24613
Reviewed-by: Alexander Opitz
Tested-by: Alexander Opitz
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
18 files changed:
typo3/sysext/backend/Classes/Controller/File/FileController.php
typo3/sysext/core/Classes/Authentication/BackendUserAuthentication.php
typo3/sysext/core/Classes/Utility/File/ExtendedFileUtility.php
typo3/sysext/core/Configuration/TCA/be_groups.php
typo3/sysext/core/Configuration/TCA/be_users.php
typo3/sysext/core/Tests/Functional/Fixtures/be_users.xml
typo3/sysext/core/Tests/Unit/Authentication/BackendUserAuthenticationTest.php
typo3/sysext/core/ext_tables.sql
typo3/sysext/extbase/ext_typoscript_setup.txt
typo3/sysext/filelist/Classes/Controller/FileListController.php
typo3/sysext/impexp/Classes/Controller/ImportExportController.php
typo3/sysext/impexp/Classes/ImportExport.php
typo3/sysext/install/Classes/Updates/FilePermissionUpdate.php [new file with mode: 0644]
typo3/sysext/install/ext_localconf.php
typo3/sysext/lang/locallang_csh_be_groups.xlf
typo3/sysext/lang/locallang_csh_be_users.xlf
typo3/sysext/lang/locallang_tca.xlf
typo3/sysext/lowlevel/Classes/RteImagesCommand.php

index 4168287..38c2082 100644 (file)
@@ -118,7 +118,7 @@ class FileController {
                // Initializing:
                $this->fileProcessor = GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Utility\\File\\ExtendedFileUtility');
                $this->fileProcessor->init($GLOBALS['FILEMOUNTS'], $GLOBALS['TYPO3_CONF_VARS']['BE']['fileExtensions']);
-               $this->fileProcessor->init_actionPerms($GLOBALS['BE_USER']->getFileoperationPermissions());
+               $this->fileProcessor->setActionPermissions();
                $this->fileProcessor->dontCheckForUnique = $this->overwriteExistingFiles ? 1 : 0;
                // Checking referrer / executing:
                $refInfo = parse_url(GeneralUtility::getIndpEnv('HTTP_REFERER'));
index 7782913..7e9ca52 100644 (file)
@@ -99,7 +99,7 @@ class BackendUserAuthentication extends \TYPO3\CMS\Core\Authentication\AbstractU
        public $dataLists = array(
                'webmount_list' => '',
                'filemount_list' => '',
-               'fileoper_perms' => 0,
+               'file_permissions' => '',
                'modList' => '',
                'tables_select' => '',
                'tables_modify' => '',
@@ -1241,7 +1241,7 @@ class BackendUserAuthentication extends \TYPO3\CMS\Core\Authentication\AbstractU
                        // File mountpoints
                        $this->dataLists['filemount_list'] = $this->user['file_mountpoints'];
                        // Fileoperation permissions
-                       $this->dataLists['fileoper_perms'] = (int) $this->user['fileoper_perms'];
+                       $this->dataLists['file_permissions'] = $this->user['file_permissions'];
                        // Setting default User TSconfig:
                        $this->TSdataArray[] = $this->addTScomment('From $GLOBALS["TYPO3_CONF_VARS"]["BE"]["defaultUserTSconfig"]:') . $GLOBALS['TYPO3_CONF_VARS']['BE']['defaultUserTSconfig'];
                        // Default TSconfig for admin-users
@@ -1310,7 +1310,7 @@ class BackendUserAuthentication extends \TYPO3\CMS\Core\Authentication\AbstractU
                        $this->groupData['allowed_languages'] = GeneralUtility::uniqueList($this->dataLists['allowed_languages']);
                        $this->groupData['custom_options'] = GeneralUtility::uniqueList($this->dataLists['custom_options']);
                        $this->groupData['modules'] = GeneralUtility::uniqueList($this->dataLists['modList']);
-                       $this->groupData['fileoper_perms'] = $this->dataLists['fileoper_perms'];
+                       $this->groupData['file_permissions'] = GeneralUtility::uniqueList($this->dataLists['file_permissions']);
                        $this->groupData['workspace_perms'] = $this->dataLists['workspace_perms'];
                        // Populating the $this->userGroupsUID -array with the groups in the order in which they were LAST included.!!
                        $this->userGroupsUID = array_reverse(array_unique(array_reverse($this->includeGroupArray)));
@@ -1404,8 +1404,7 @@ class BackendUserAuthentication extends \TYPO3\CMS\Core\Authentication\AbstractU
                                        $this->dataLists['allowed_languages'] .= ',' . $row['allowed_languages'];
                                        $this->dataLists['custom_options'] .= ',' . $row['custom_options'];
                                }
-                               // Setting fileoperation permissions
-                               $this->dataLists['fileoper_perms'] |= (int) $row['fileoper_perms'];
+                               $this->dataLists['file_permissions'] .= ',' . $row['file_permissions'];
                                // Setting workspace permissions:
                                $this->dataLists['workspace_perms'] |= $row['workspace_perms'];
                                // If this function is processing the users OWN group-list (not subgroups) AND if the ->firstMainGroup is not set, then the ->firstMainGroup will be set.
@@ -1576,9 +1575,9 @@ class BackendUserAuthentication extends \TYPO3\CMS\Core\Authentication\AbstractU
        }
 
        /**
-        * Returns the information about file permissions
-        * previously, this was stored in the DB fields (fileoper_perms)
-        * but is now handled via userTSconfig
+        * Returns the information about file permissions.
+        * Previously, this was stored in the DB field fileoper_perms now it is file_permissions.
+        * Besides it can be handled via userTSconfig
         *
         * permissions.file.default {
         * addFile = 1
@@ -1614,60 +1613,49 @@ class BackendUserAuthentication extends \TYPO3\CMS\Core\Authentication\AbstractU
         */
        public function getFilePermissions() {
                if (!isset($this->filePermissions)) {
-                       $defaultOptions = array(
+                       $filePermissions = array(
                                // File permissions
-                               'addFile' => TRUE,
-                               'readFile' => TRUE,
-                               'writeFile' => TRUE,
-                               'copyFile' => TRUE,
-                               'moveFile' => TRUE,
-                               'renameFile' => TRUE,
-                               'unzipFile' => TRUE,
-                               'deleteFile' => TRUE,
+                               'addFile' => FALSE,
+                               'readFile' => FALSE,
+                               'writeFile' => FALSE,
+                               'copyFile' => FALSE,
+                               'moveFile' => FALSE,
+                               'renameFile' => FALSE,
+                               'unzipFile' => FALSE,
+                               'deleteFile' => FALSE,
                                // Folder permissions
-                               'addFolder' => TRUE,
-                               'readFolder' => TRUE,
-                               'writeFolder' => TRUE,
-                               'copyFolder' => TRUE,
-                               'moveFolder' => TRUE,
-                               'renameFolder' => TRUE,
-                               'deleteFolder' => TRUE,
-                               'recursivedeleteFolder' => TRUE
+                               'addFolder' => FALSE,
+                               'readFolder' => FALSE,
+                               'writeFolder' => FALSE,
+                               'copyFolder' => FALSE,
+                               'moveFolder' => FALSE,
+                               'renameFolder' => FALSE,
+                               'deleteFolder' => FALSE,
+                               'recursivedeleteFolder' => FALSE
                        );
-                       if (!$this->isAdmin()) {
-                               $defaultPermissionsTsConfig = $this->getTSConfigProp('permissions.file.default');
-                               if (!empty($defaultPermissionsTsConfig)) {
-                                       $defaultOptions = $defaultPermissionsTsConfig;
-                               } else {
-                                       $oldFileOperationPermissions = $this->getFileoperationPermissions();
-                                       // Lower permissions if the old file operation permissions are not set
-                                       if (!($oldFileOperationPermissions & 1)) {
-                                               $defaultOptions['addFile'] = FALSE;
-                                               $defaultOptions['writeFile'] = FALSE;
-                                               $defaultOptions['copyFile'] = FALSE;
-                                               $defaultOptions['moveFile'] = FALSE;
-                                               $defaultOptions['renameFile'] = FALSE;
-                                               $defaultOptions['deleteFile'] = FALSE;
-                                       }
-                                       if (!($oldFileOperationPermissions & 2)) {
-                                               $defaultOptions['unzipFile'] = FALSE;
-                                       }
-                                       if (!($oldFileOperationPermissions & 4)) {
-                                               $defaultOptions['addFolder'] = FALSE;
-                                               $defaultOptions['writeFolder'] = FALSE;
-                                               $defaultOptions['moveFolder'] = FALSE;
-                                               $defaultOptions['renameFolder'] = FALSE;
-                                               $defaultOptions['deleteFolder'] = FALSE;
-                                       }
-                                       if (!($oldFileOperationPermissions & 8)) {
-                                               $defaultOptions['copyFolder'] = FALSE;
-                                       }
-                                       if (!($oldFileOperationPermissions & 16)) {
-                                               $defaultOptions['recursivedeleteFolder'] = FALSE;
+                       if ($this->isAdmin()) {
+                               $filePermissions = array_map('is_bool', $filePermissions);
+                       } else {
+                               $userGroupRecordPermissions = GeneralUtility::trimExplode(',', $this->groupData['file_permissions'], TRUE);
+                               array_walk(
+                                       $userGroupRecordPermissions,
+                                       function($permission) use (&$filePermissions) {
+                                               $filePermissions[$permission] = TRUE;
                                        }
+                               );
+
+                               // Finally overlay any userTSconfig
+                               $permissionsTsConfig = $this->getTSConfigProp('permissions.file.default');
+                               if (!empty($permissionsTsConfig)) {
+                                       array_walk(
+                                               $permissionsTsConfig,
+                                               function($value, $permission) use (&$filePermissions) {
+                                                       $filePermissions[$permission] = (bool) $value;
+                                               }
+                                       );
                                }
                        }
-                       $this->filePermissions = $defaultOptions;
+                       $this->filePermissions = $filePermissions;
                }
                return $this->filePermissions;
        }
@@ -1687,7 +1675,12 @@ class BackendUserAuthentication extends \TYPO3\CMS\Core\Authentication\AbstractU
                if (!$this->isAdmin()) {
                        $storageFilePermissions = $this->getTSConfigProp('permissions.file.storage.' . $storageObject->getUid());
                        if (!empty($storageFilePermissions)) {
-                               $finalUserPermissions = array_merge($finalUserPermissions, $storageFilePermissions);
+                               array_walk(
+                                       $storageFilePermissions,
+                                       function($value, $permission) use (&$finalUserPermissions) {
+                                               $finalUserPermissions[$permission] = (bool) $value;
+                                       }
+                               );
                        }
                }
                return $finalUserPermissions;
@@ -1727,29 +1720,6 @@ class BackendUserAuthentication extends \TYPO3\CMS\Core\Authentication\AbstractU
        }
 
        /**
-        * Returns an integer bitmask that represents the permissions for file operations.
-        * Permissions of the user and groups the user is a member of were combined by a logical OR.
-        *
-        * Meaning of each bit:
-        * 1 - Files: Upload,Copy,Move,Delete,Rename
-        * 2 - Files: Unzip
-        * 4 - Directory: Move,Delete,Rename,New
-        * 8 - Directory: Copy
-        * 16 - Directory: Delete recursively (rm -Rf)
-        *
-        * @return integer File operation permission bitmask
-        * @deprecated since TYPO3 6.0, use the TSconfig settings instead
-        */
-       public function getFileoperationPermissions() {
-               GeneralUtility::logDeprecatedFunction();
-               if ($this->isAdmin()) {
-                       return 31;
-               } else {
-                       return $this->groupData['fileoper_perms'];
-               }
-       }
-
-       /**
         * Adds a filemount to the users array of filemounts, $this->groupData['filemounts'][hash_key] = Array ('name'=>$name, 'path'=>$path, 'type'=>$type);
         * Is a part of the authentication proces of the user.
         * A final requirement for a path being mounted is that a) it MUST return TRUE on is_dir(), b) must contain either PATH_site+'fileadminDir' OR 'lockRootPath' - if lockRootPath is set - as first part of string!
index 92e7d43..3f2a094 100644 (file)
@@ -80,30 +80,30 @@ class ExtendedFileUtility extends \TYPO3\CMS\Core\Utility\File\BasicFileUtility
         */
        protected $indexerService = NULL;
 
-       // This array is self-explaining (look in the class below).
-       // It grants access to the functions. This could be set from outside in order to enabled functions to users.
-       // See also the function init_actionPerms() which takes input directly from the user-record
        /**
-        * @todo Define visibility
+        * This array is self-explaining (look in the class below).
+        * It grants access to the functions. This could be set from outside in order to enabled functions to users.
+        * See also the function setActionPermissions() which takes input directly from the user-record
         */
        public $actionPerms = array(
-               'deleteFile' => 0,
-               // Deleting files physically
-               'deleteFolder' => 0,
-               // Deleting folders physically
-               'deleteFolderRecursively' => 0,
-               // normally folders are deleted by the PHP-function rmdir(), but with this option a user deletes with 'rm -Rf ....' which is pretty wild!
-               'moveFile' => 0,
-               'moveFolder' => 0,
-               'copyFile' => 0,
-               'copyFolder' => 0,
-               'newFolder' => 0,
-               'newFile' => 0,
-               'editFile' => 0,
-               'unzipFile' => 0,
-               'uploadFile' => 0,
-               'renameFile' => 0,
-               'renameFolder' => 0
+               // File permissions
+               'addFile' => FALSE,
+               'readFile' => FALSE,
+               'writeFile' => FALSE,
+               'copyFile' => FALSE,
+               'moveFile' => FALSE,
+               'renameFile' => FALSE,
+               'unzipFile' => FALSE,
+               'deleteFile' => FALSE,
+               // Folder permissions
+               'addFolder' => FALSE,
+               'readFolder' => FALSE,
+               'writeFolder' => FALSE,
+               'copyFolder' => FALSE,
+               'moveFolder' => FALSE,
+               'renameFolder' => FALSE,
+               'deleteFolder' => FALSE,
+               'recursivedeleteFolder' => FALSE
        );
 
        // This is regarded to be the recycler folder
@@ -177,40 +177,25 @@ class ExtendedFileUtility extends \TYPO3\CMS\Core\Utility\File\BasicFileUtility
         * Sets up permission to perform file/directory operations.
         * See below or the be_user-table for the significance of the various bits in $setup.
         *
-        * @param integer $setup File permission integer from BE_USER OR'ed with permissions of back-end groups this user is a member of
         * @return void
-        * @todo Define visibility
+        * @deprecated since 6.2 will be removed two versions later. Use ExtendedFileUtility::setActionPermissions() instead
         */
-       public function init_actionPerms($setup) {
-               // Files: Upload,Copy,Move,Delete,Rename
-               if (($setup & 1) == 1) {
-                       $this->actionPerms['uploadFile'] = 1;
-                       $this->actionPerms['copyFile'] = 1;
-                       $this->actionPerms['moveFile'] = 1;
-                       $this->actionPerms['deleteFile'] = 1;
-                       $this->actionPerms['renameFile'] = 1;
-                       $this->actionPerms['editFile'] = 1;
-                       $this->actionPerms['newFile'] = 1;
-               }
-               // Files: Unzip
-               if (($setup & 2) == 2) {
-                       $this->actionPerms['unzipFile'] = 1;
-               }
-               // Directory: Move,Delete,Rename,New
-               if (($setup & 4) == 4) {
-                       $this->actionPerms['moveFolder'] = 1;
-                       $this->actionPerms['deleteFolder'] = 1;
-                       $this->actionPerms['renameFolder'] = 1;
-                       $this->actionPerms['newFolder'] = 1;
-               }
-               // Directory: Copy
-               if (($setup & 8) == 8) {
-                       $this->actionPerms['copyFolder'] = 1;
-               }
-               // Directory: Delete recursively (rm -Rf)
-               if (($setup & 16) == 16) {
-                       $this->actionPerms['deleteFolderRecursively'] = 1;
+       public function init_actionPerms() {
+               GeneralUtility::logDeprecatedFunction();
+               $this->setActionPermissions();
+       }
+
+       /**
+        * Sets the file action permissions.
+        * If no argument is given, permissions of the currently logged in backend user are taken into account.
+        *
+        * @param array $permissions File Permissions.
+        */
+       public function setActionPermissions(array $permissions = array()) {
+               if (empty($permissions)) {
+                       $permissions = $GLOBALS['BE_USER']->getFilePermissions();
                }
+               $this->actionPerms = $permissions;
        }
 
        /**
index 02bb6c7..62fadf0 100644 (file)
@@ -22,13 +22,13 @@ return array(
                        'disabled' => 'hidden'
                ),
                'title' => 'LLL:EXT:lang/locallang_tca.xlf:be_groups',
-               'useColumnsForDefaultValues' => 'lockToDomain, fileoper_perms',
+               'useColumnsForDefaultValues' => 'lockToDomain, file_permissions',
                'dividers2tabs' => TRUE,
                'versioningWS_alwaysAllowLiveEdit' => TRUE,
                'searchFields' => 'title'
        ),
        'interface' => array(
-               'showRecordFieldList' => 'title, db_mountpoints, file_mountpoints, fileoper_perms, inc_access_lists, tables_select, tables_modify, pagetypes_select, non_exclude_fields, groupMods, lockToDomain, description'
+               'showRecordFieldList' => 'title, db_mountpoints, file_mountpoints, file_permissions, inc_access_lists, tables_select, tables_modify, pagetypes_select, non_exclude_fields, groupMods, lockToDomain, description'
        ),
        'columns' => array(
                'title' => array(
@@ -102,18 +102,36 @@ return array(
                                )
                        )
                ),
-               'fileoper_perms' => array(
+               'file_permissions' => array(
                        'label' => 'LLL:EXT:lang/locallang_tca.xlf:be_groups.fileoper_perms',
                        'config' => array(
-                               'type' => 'check',
+                               'type' => 'select',
                                'items' => array(
-                                       array('LLL:EXT:lang/locallang_tca.xlf:be_groups.fileoper_perms_general', 0),
-                                       array('LLL:EXT:lang/locallang_tca.xlf:be_groups.fileoper_perms_unzip', 0),
-                                       array('LLL:EXT:lang/locallang_tca.xlf:be_groups.fileoper_perms_diroper_perms', 0),
-                                       array('LLL:EXT:lang/locallang_tca.xlf:be_groups.fileoper_perms_diroper_perms_copy', 0),
-                                       array('LLL:EXT:lang/locallang_tca.xlf:be_groups.fileoper_perms_diroper_perms_delete', 0)
+                                       array('LLL:EXT:lang/locallang_tca.xlf:be_groups.file_permissions.folder', '--div--', 'apps-filetree-folder-default'),
+                                       array('LLL:EXT:lang/locallang_tca.xlf:be_groups.file_permissions.folder_read', 'readFolder', 'apps-filetree-folder-default'),
+                                       array('LLL:EXT:lang/locallang_tca.xlf:be_groups.file_permissions.folder_write', 'writeFolder', 'apps-filetree-folder-default'),
+                                       array('LLL:EXT:lang/locallang_tca.xlf:be_groups.file_permissions.folder_add', 'addFolder', 'apps-filetree-folder-default'),
+                                       array('LLL:EXT:lang/locallang_tca.xlf:be_groups.file_permissions.folder_rename', 'renameFolder', 'apps-filetree-folder-default'),
+                                       array('LLL:EXT:lang/locallang_tca.xlf:be_groups.file_permissions.folder_move', 'moveFolder', 'apps-filetree-folder-default'),
+                                       array('LLL:EXT:lang/locallang_tca.xlf:be_groups.file_permissions.folder_copy', 'copyFolder', 'apps-filetree-folder-default'),
+                                       array('LLL:EXT:lang/locallang_tca.xlf:be_groups.file_permissions.folder_delete', 'deleteFolder', 'apps-filetree-folder-default'),
+                                       array('LLL:EXT:lang/locallang_tca.xlf:be_groups.file_permissions.folder_recursivedelete', 'folder_recursivedelete', 'apps-filetree-folder-default'),
+                                       array('LLL:EXT:lang/locallang_tca.xlf:be_groups.file_permissions.files', '--div--', 'mimetypes-other-other'),
+                                       array('LLL:EXT:lang/locallang_tca.xlf:be_groups.file_permissions.files_read', 'readFile', 'mimetypes-other-other'),
+                                       array('LLL:EXT:lang/locallang_tca.xlf:be_groups.file_permissions.files_write', 'writeFile', 'mimetypes-other-other'),
+                                       array('LLL:EXT:lang/locallang_tca.xlf:be_groups.file_permissions.files_add', 'addFile', 'mimetypes-other-other'),
+                                       array('LLL:EXT:lang/locallang_tca.xlf:be_groups.file_permissions.files_upload', 'files_upload', 'mimetypes-other-other'),
+                                       array('LLL:EXT:lang/locallang_tca.xlf:be_groups.file_permissions.files_rename', 'renameFile', 'mimetypes-other-other'),
+                                       array('LLL:EXT:lang/locallang_tca.xlf:be_groups.file_permissions.files_move', 'moveFile', 'mimetypes-other-other'),
+                                       array('LLL:EXT:lang/locallang_tca.xlf:be_groups.file_permissions.files_copy', 'copyFile', 'mimetypes-other-other'),
+                                       array('LLL:EXT:lang/locallang_tca.xlf:be_groups.fileoper_perms_unzip', 'unzipFile', 'mimetypes-other-other'),
+                                       array('LLL:EXT:lang/locallang_tca.xlf:be_groups.file_permissions.files_delete', 'deleteFile', 'mimetypes-other-other')
                                ),
-                               'default' => '7'
+                               'renderMode' => $GLOBALS['TYPO3_CONF_VARS']['BE']['accessListRenderMode'],
+                               'size' => 16,
+                               'maxitems' => 16,
+                               'itemListStyle' => 'width:500px',
+                               'default' => 'readFolder,writeFolder,addFolder,renameFolder,moveFolder,deleteFolder,readFile,writeFile,addFile,renameFile,moveFile,files_copy,deleteFile'
                        )
                ),
                'workspace_perms' => array(
@@ -278,12 +296,12 @@ return array(
        'types' => array(
                '0' => array('showitem' => 'hidden;;;;1-1-1, title;;;;2-2-2, description, subgroup;;;;3-3-3,
                        --div--;LLL:EXT:lang/locallang_tca.xlf:be_groups.tabs.base_rights, inc_access_lists;;;;1-1-1,
-                       --div--;LLL:EXT:lang/locallang_tca.xlf:be_groups.tabs.mounts_and_workspaces, workspace_perms;;;;1-1-1, db_mountpoints;;;;2-2-2, file_mountpoints;;;;3-3-3, fileoper_perms,
+                       --div--;LLL:EXT:lang/locallang_tca.xlf:be_groups.tabs.mounts_and_workspaces, workspace_perms;;;;1-1-1, db_mountpoints;;;;2-2-2, file_mountpoints;;;;3-3-3, file_permissions,
                        --div--;LLL:EXT:lang/locallang_tca.xlf:be_groups.tabs.options, lockToDomain;;;;1-1-1, hide_in_lists;;;;2-2-2, TSconfig;;;;3-3-3,
                        --div--;LLL:EXT:lang/locallang_tca.xlf:be_groups.tabs.extended'),
                '1' => array('showitem' => 'hidden;;;;1-1-1, title;;;;2-2-2, description, subgroup;;;;3-3-3,
                        --div--;LLL:EXT:lang/locallang_tca.xlf:be_groups.tabs.base_rights, inc_access_lists;;;;1-1-1, groupMods, tables_select, tables_modify, pagetypes_select, non_exclude_fields, explicit_allowdeny , allowed_languages;;;;2-2-2, custom_options;;;;3-3-3,
-                       --div--;LLL:EXT:lang/locallang_tca.xlf:be_groups.tabs.mounts_and_workspaces, workspace_perms;;;;1-1-1, db_mountpoints;;;;2-2-2, file_mountpoints;;;;3-3-3, fileoper_perms,
+                       --div--;LLL:EXT:lang/locallang_tca.xlf:be_groups.tabs.mounts_and_workspaces, workspace_perms;;;;1-1-1, db_mountpoints;;;;2-2-2, file_mountpoints;;;;3-3-3, file_permissions,
                        --div--;LLL:EXT:lang/locallang_tca.xlf:be_groups.tabs.options, lockToDomain;;;;1-1-1, hide_in_lists;;;;2-2-2, TSconfig;;;;3-3-3,
                        --div--;LLL:EXT:lang/locallang_tca.xlf:be_groups.tabs.extended')
        )
index 9eaf6b1..6ad7439 100644 (file)
@@ -27,13 +27,13 @@ return array(
                        'default' => 'status-user-backend'
                ),
                'mainpalette' => '1',
-               'useColumnsForDefaultValues' => 'usergroup,lockToDomain,options,db_mountpoints,file_mountpoints,fileoper_perms,userMods',
+               'useColumnsForDefaultValues' => 'usergroup,lockToDomain,options,db_mountpoints,file_mountpoints,file_permissions,userMods',
                'dividers2tabs' => TRUE,
                'versioningWS_alwaysAllowLiveEdit' => TRUE,
                'searchFields' => 'username,email,realName'
        ),
        'interface' => array(
-               'showRecordFieldList' => 'username,usergroup,db_mountpoints,file_mountpoints,admin,options,fileoper_perms,userMods,lockToDomain,realName,email,disable,starttime,endtime,lastlogin'
+               'showRecordFieldList' => 'username,usergroup,db_mountpoints,file_mountpoints,admin,options,file_permissions,userMods,lockToDomain,realName,email,disable,starttime,endtime,lastlogin'
        ),
        'columns' => array(
                'username' => array(
@@ -219,18 +219,36 @@ return array(
                                'default' => '3'
                        )
                ),
-               'fileoper_perms' => array(
-                       'label' => 'LLL:EXT:lang/locallang_tca.xlf:be_users.fileoper_perms',
+               'file_permissions' => array(
+                       'label' => 'LLL:EXT:lang/locallang_tca.xlf:be_groups.fileoper_perms',
                        'config' => array(
-                               'type' => 'check',
+                               'type' => 'select',
                                'items' => array(
-                                       array('LLL:EXT:lang/locallang_tca.xlf:be_users.fileoper_perms_general', 0),
-                                       array('LLL:EXT:lang/locallang_tca.xlf:be_users.fileoper_perms_unzip', 0),
-                                       array('LLL:EXT:lang/locallang_tca.xlf:be_users.fileoper_perms_diroper_perms', 0),
-                                       array('LLL:EXT:lang/locallang_tca.xlf:be_users.fileoper_perms_diroper_perms_copy', 0),
-                                       array('LLL:EXT:lang/locallang_tca.xlf:be_users.fileoper_perms_diroper_perms_delete', 0)
+                                       array('LLL:EXT:lang/locallang_tca.xlf:be_groups.file_permissions.folder', '--div--', 'apps-filetree-folder-default'),
+                                       array('LLL:EXT:lang/locallang_tca.xlf:be_groups.file_permissions.folder_read', 'readFolder', 'apps-filetree-folder-default'),
+                                       array('LLL:EXT:lang/locallang_tca.xlf:be_groups.file_permissions.folder_write', 'writeFolder', 'apps-filetree-folder-default'),
+                                       array('LLL:EXT:lang/locallang_tca.xlf:be_groups.file_permissions.folder_add', 'addFolder', 'apps-filetree-folder-default'),
+                                       array('LLL:EXT:lang/locallang_tca.xlf:be_groups.file_permissions.folder_rename', 'renameFolder', 'apps-filetree-folder-default'),
+                                       array('LLL:EXT:lang/locallang_tca.xlf:be_groups.file_permissions.folder_move', 'moveFolder', 'apps-filetree-folder-default'),
+                                       array('LLL:EXT:lang/locallang_tca.xlf:be_groups.file_permissions.folder_copy', 'copyFolder', 'apps-filetree-folder-default'),
+                                       array('LLL:EXT:lang/locallang_tca.xlf:be_groups.file_permissions.folder_delete', 'deleteFolder', 'apps-filetree-folder-default'),
+                                       array('LLL:EXT:lang/locallang_tca.xlf:be_groups.file_permissions.folder_recursivedelete', 'folder_recursivedelete', 'apps-filetree-folder-default'),
+                                       array('LLL:EXT:lang/locallang_tca.xlf:be_groups.file_permissions.files', '--div--', 'mimetypes-other-other'),
+                                       array('LLL:EXT:lang/locallang_tca.xlf:be_groups.file_permissions.files_read', 'readFile', 'mimetypes-other-other'),
+                                       array('LLL:EXT:lang/locallang_tca.xlf:be_groups.file_permissions.files_write', 'writeFile', 'mimetypes-other-other'),
+                                       array('LLL:EXT:lang/locallang_tca.xlf:be_groups.file_permissions.files_add', 'addFile', 'mimetypes-other-other'),
+                                       array('LLL:EXT:lang/locallang_tca.xlf:be_groups.file_permissions.files_upload', 'files_upload', 'mimetypes-other-other'),
+                                       array('LLL:EXT:lang/locallang_tca.xlf:be_groups.file_permissions.files_rename', 'renameFile', 'mimetypes-other-other'),
+                                       array('LLL:EXT:lang/locallang_tca.xlf:be_groups.file_permissions.files_move', 'moveFile', 'mimetypes-other-other'),
+                                       array('LLL:EXT:lang/locallang_tca.xlf:be_groups.file_permissions.files_copy', 'copyFile', 'mimetypes-other-other'),
+                                       array('LLL:EXT:lang/locallang_tca.xlf:be_groups.fileoper_perms_unzip', 'unzipFile', 'mimetypes-other-other'),
+                                       array('LLL:EXT:lang/locallang_tca.xlf:be_groups.file_permissions.files_delete', 'deleteFile', 'mimetypes-other-other')
                                ),
-                               'default' => '0'
+                               'renderMode' => $GLOBALS['TYPO3_CONF_VARS']['BE']['accessListRenderMode'],
+                               'size' => 16,
+                               'maxitems' => 16,
+                               'itemListStyle' => 'width:500px',
+                               'default' => 'readFolder,writeFolder,addFolder,renameFolder,moveFolder,deleteFolder,readFile,writeFile,addFile,renameFile,moveFile,files_copy,deleteFile'
                        )
                ),
                'workspace_perms' => array(
@@ -325,7 +343,7 @@ return array(
        'types' => array(
                '0' => array('showitem' => 'disable;;;;1-1-1, username;;;;2-2-2, password, usergroup;;;;3-3-3, admin;;;;1-1-1, realName;;;;3-3-3, email, lang, lastlogin;;;;1-1-1,
                        --div--;LLL:EXT:lang/locallang_tca.xlf:be_users.tabs.rights, userMods;;;;2-2-2, allowed_languages,
-                       --div--;LLL:EXT:lang/locallang_tca.xlf:be_users.tabs.mounts_and_workspaces, workspace_perms;;;;1-1-1, db_mountpoints;;;;2-2-2, options, file_mountpoints;;;;3-3-3, fileoper_perms,
+                       --div--;LLL:EXT:lang/locallang_tca.xlf:be_users.tabs.mounts_and_workspaces, workspace_perms;;;;1-1-1, db_mountpoints;;;;2-2-2, options, file_mountpoints;;;;3-3-3, file_permissions,
                        --div--;LLL:EXT:lang/locallang_tca.xlf:be_users.tabs.options, lockToDomain;;;;1-1-1, disableIPlock, TSconfig;;;;2-2-2,
                        --div--;LLL:EXT:lang/locallang_tca.xlf:be_users.tabs.access, starttime;;;;1-1-1,endtime,
                        --div--;LLL:EXT:lang/locallang_tca.xlf:be_users.tabs.extended'),
index ac380cc..9611be2 100644 (file)
@@ -13,7 +13,6 @@
                <options>0</options>
                <crdate>1366642540</crdate>
                <cruser_id>0</cruser_id>
-               <fileoper_perms>0</fileoper_perms>
                <workspace_perms>1</workspace_perms>
                <disableIPlock>1</disableIPlock>
                <deleted>0</deleted>
index 57dc758..567f758 100644 (file)
@@ -30,6 +30,30 @@ namespace TYPO3\CMS\Core\Tests\Unit\Authentication;
  * @author Oliver Klee <typo3-coding@oliverklee.de>
  */
 class BackendUserAuthenticationTest extends \TYPO3\CMS\Core\Tests\UnitTestCase {
+       /**
+        * @var array
+        */
+       protected $defaultFilePermissions = array(
+               // File permissions
+               'addFile' => FALSE,
+               'readFile' => FALSE,
+               'writeFile' => FALSE,
+               'copyFile' => FALSE,
+               'moveFile' => FALSE,
+               'renameFile' => FALSE,
+               'unzipFile' => FALSE,
+               'deleteFile' => FALSE,
+               // Folder permissions
+               'addFolder' => FALSE,
+               'readFolder' => FALSE,
+               'writeFolder' => FALSE,
+               'copyFolder' => FALSE,
+               'moveFolder' => FALSE,
+               'renameFolder' => FALSE,
+               'deleteFolder' => FALSE,
+               'recursivedeleteFolder' => FALSE
+       );
+
 
        /**
         * @var \TYPO3\CMS\Core\Authentication\BackendUserAuthentication
@@ -266,30 +290,34 @@ class BackendUserAuthenticationTest extends \TYPO3\CMS\Core\Tests\UnitTestCase {
        }
 
        /**
-        * @param array $expectedPermissions
+        * @param array $userTsConfiguration
         * @test
         * @dataProvider getFilePermissionsTakesUserDefaultAndStoragePermissionsIntoAccountIfUserIsNotAdminDataProvider
         */
-       public function getFilePermissionsTakesUserDefaultPermissionsFromTsConfigIntoAccountIfUserIsNotAdmin(array $expectedPermissions) {
-               $this->fixture = $this->getMock('TYPO3\\CMS\\Core\\Authentication\\BackendUserAuthentication', array('isAdmin', 'getFileoperationPermissions'));
+       public function getFilePermissionsTakesUserDefaultPermissionsFromTsConfigIntoAccountIfUserIsNotAdmin(array $userTsConfiguration) {
+               $this->fixture = $this->getMock('TYPO3\\CMS\\Core\\Authentication\\BackendUserAuthentication', array('isAdmin'));
 
                $this->fixture
                        ->expects($this->any())
                        ->method('isAdmin')
                        ->will($this->returnValue(FALSE));
 
-               $this->fixture
-                       ->expects($this->never())
-                       ->method('getFileoperationPermissions');
-
                $this->fixture->userTS = array(
                        'permissions.' => array(
                                'file.' => array(
-                                       'default.' => $expectedPermissions
+                                       'default.' => $userTsConfiguration
                                ),
                        )
                );
 
+               $expectedPermissions = array_merge($this->defaultFilePermissions, $userTsConfiguration);
+               array_walk(
+                       $expectedPermissions,
+                       function(&$value) {
+                               $value = (bool) $value;
+                       }
+               );
+
                $this->assertEquals($expectedPermissions, $this->fixture->getFilePermissions());
        }
 
@@ -298,22 +326,22 @@ class BackendUserAuthenticationTest extends \TYPO3\CMS\Core\Tests\UnitTestCase {
         */
        public function getFilePermissionsFromStorageDataProvider() {
                $defaultPermissions = array(
-                       'addFile' => 1,
-                       'readFile' => 1,
-                       'writeFile' => 1,
-                       'copyFile' => 1,
-                       'moveFile' => 1,
-                       'renameFile' => 1,
-                       'unzipFile' => 1,
-                       'deleteFile' => 1,
-                       'addFolder' => 1,
-                       'readFolder' => 1,
-                       'copyFolder' => 1,
-                       'moveFolder' => 1,
-                       'renameFolder' => 1,
-                       'writeFolder' => 1,
-                       'deleteFolder' => 1,
-                       'recursivedeleteFolder' => 1
+                       'addFile' => TRUE,
+                       'readFile' => TRUE,
+                       'writeFile' => TRUE,
+                       'copyFile' => TRUE,
+                       'moveFile' => TRUE,
+                       'renameFile' => TRUE,
+                       'unzipFile' => TRUE,
+                       'deleteFile' => TRUE,
+                       'addFolder' => TRUE,
+                       'readFolder' => TRUE,
+                       'copyFolder' => TRUE,
+                       'moveFolder' => TRUE,
+                       'renameFolder' => TRUE,
+                       'writeFolder' => TRUE,
+                       'deleteFolder' => TRUE,
+                       'recursivedeleteFolder' => TRUE
                );
 
                return array(
@@ -351,22 +379,22 @@ class BackendUserAuthenticationTest extends \TYPO3\CMS\Core\Tests\UnitTestCase {
                                        'recursivedeleteFolder' =>0
                                ),
                                array(
-                                       'addFile' => 0,
-                                       'readFile' => 1,
-                                       'writeFile' => 1,
-                                       'copyFile' => 1,
-                                       'moveFile' => 1,
-                                       'renameFile' => 1,
-                                       'unzipFile' => 1,
-                                       'deleteFile' => 1,
-                                       'addFolder' => 1,
-                                       'readFolder' => 1,
-                                       'copyFolder' => 1,
-                                       'moveFolder' => 1,
-                                       'renameFolder' => 1,
-                                       'writeFolder' => 1,
-                                       'deleteFolder' => 1,
-                                       'recursivedeleteFolder' => 0
+                                       'addFile' => FALSE,
+                                       'readFile' => TRUE,
+                                       'writeFile' => TRUE,
+                                       'copyFile' => TRUE,
+                                       'moveFile' => TRUE,
+                                       'renameFile' => TRUE,
+                                       'unzipFile' => TRUE,
+                                       'deleteFile' => TRUE,
+                                       'addFolder' => TRUE,
+                                       'readFolder' => TRUE,
+                                       'copyFolder' => TRUE,
+                                       'moveFolder' => TRUE,
+                                       'renameFolder' => TRUE,
+                                       'writeFolder' => TRUE,
+                                       'deleteFolder' => TRUE,
+                                       'recursivedeleteFolder' => FALSE
                                )
                        ),
                        'Returns default permissions if no storage permissions are found' => array(
@@ -374,22 +402,22 @@ class BackendUserAuthenticationTest extends \TYPO3\CMS\Core\Tests\UnitTestCase {
                                1,
                                array(),
                                array(
-                                       'addFile' => 1,
-                                       'readFile' => 1,
-                                       'writeFile' => 1,
-                                       'copyFile' => 1,
-                                       'moveFile' => 1,
-                                       'renameFile' => 1,
-                                       'unzipFile' => 1,
-                                       'deleteFile' => 1,
-                                       'addFolder' => 1,
-                                       'readFolder' => 1,
-                                       'copyFolder' => 1,
-                                       'moveFolder' => 1,
-                                       'renameFolder' => 1,
-                                       'writeFolder' => 1,
-                                       'deleteFolder' => 1,
-                                       'recursivedeleteFolder' => 1
+                                       'addFile' => TRUE,
+                                       'readFile' => TRUE,
+                                       'writeFile' => TRUE,
+                                       'copyFile' => TRUE,
+                                       'moveFile' => TRUE,
+                                       'renameFile' => TRUE,
+                                       'unzipFile' => TRUE,
+                                       'deleteFile' => TRUE,
+                                       'addFolder' => TRUE,
+                                       'readFolder' => TRUE,
+                                       'copyFolder' => TRUE,
+                                       'moveFolder' => TRUE,
+                                       'renameFolder' => TRUE,
+                                       'writeFolder' => TRUE,
+                                       'deleteFolder' => TRUE,
+                                       'recursivedeleteFolder' => TRUE
                                )
                        ),
                );
@@ -471,130 +499,130 @@ class BackendUserAuthenticationTest extends \TYPO3\CMS\Core\Tests\UnitTestCase {
         */
        public function getFilePermissionsTakesUserDefaultPermissionsFromRecordIntoAccountIfUserIsNotAdminDataProvider() {
                return array(
-                       'No old permission' => array(
-                               0,
+                       'No permission' => array(
+                               '',
                                array(
-                                       'addFile' => 0,
-                                       'readFile' => 1,
-                                       'writeFile' => 0,
-                                       'copyFile' => 0,
-                                       'moveFile' => 0,
-                                       'renameFile' => 0,
-                                       'unzipFile' => 0,
-                                       'deleteFile' => 0,
-                                       'addFolder' => 0,
-                                       'readFolder' => 1,
-                                       'copyFolder' => 0,
-                                       'moveFolder' => 0,
-                                       'renameFolder' => 0,
-                                       'writeFolder' => 0,
-                                       'deleteFolder' => 0,
-                                       'recursivedeleteFolder' => 0
+                                       'addFile' => FALSE,
+                                       'readFile' => FALSE,
+                                       'writeFile' => FALSE,
+                                       'copyFile' => FALSE,
+                                       'moveFile' => FALSE,
+                                       'renameFile' => FALSE,
+                                       'unzipFile' => FALSE,
+                                       'deleteFile' => FALSE,
+                                       'addFolder' => FALSE,
+                                       'readFolder' => FALSE,
+                                       'copyFolder' => FALSE,
+                                       'moveFolder' => FALSE,
+                                       'renameFolder' => FALSE,
+                                       'writeFolder' => FALSE,
+                                       'deleteFolder' => FALSE,
+                                       'recursivedeleteFolder' => FALSE
                                )
                        ),
-                       'Uploading allowed' => array(
-                               1,
+                       'Standard file permissions' => array(
+                               'addFile,readFile,writeFile,copyFile,moveFile,renameFile,deleteFile',
                                array(
-                                       'addFile' => 1,
-                                       'readFile' => 1,
-                                       'writeFile' => 1,
-                                       'copyFile' => 1,
-                                       'moveFile' => 1,
-                                       'renameFile' => 1,
-                                       'unzipFile' => 0,
-                                       'deleteFile' => 1,
-                                       'addFolder' => 0,
-                                       'readFolder' => 1,
-                                       'copyFolder' => 0,
-                                       'moveFolder' => 0,
-                                       'renameFolder' => 0,
-                                       'writeFolder' => 0,
-                                       'deleteFolder' => 0,
-                                       'recursivedeleteFolder' => 0
+                                       'addFile' => TRUE,
+                                       'readFile' => TRUE,
+                                       'writeFile' => TRUE,
+                                       'copyFile' => TRUE,
+                                       'moveFile' => TRUE,
+                                       'renameFile' => TRUE,
+                                       'unzipFile' => FALSE,
+                                       'deleteFile' => TRUE,
+                                       'addFolder' => FALSE,
+                                       'readFolder' => FALSE,
+                                       'copyFolder' => FALSE,
+                                       'moveFolder' => FALSE,
+                                       'renameFolder' => FALSE,
+                                       'writeFolder' => FALSE,
+                                       'deleteFolder' => FALSE,
+                                       'recursivedeleteFolder' => FALSE
                                )
                        ),
                        'Unzip allowed' => array(
-                               2,
+                               'readFile,unzipFile',
                                array(
-                                       'addFile' => 0,
-                                       'readFile' => 1,
-                                       'writeFile' => 0,
-                                       'copyFile' => 0,
-                                       'moveFile' => 0,
-                                       'renameFile' => 0,
-                                       'unzipFile' => 1,
-                                       'deleteFile' => 0,
-                                       'addFolder' => 0,
-                                       'readFolder' => 1,
-                                       'copyFolder' => 0,
-                                       'moveFolder' => 0,
-                                       'renameFolder' => 0,
-                                       'writeFolder' => 0,
-                                       'deleteFolder' => 0,
-                                       'recursivedeleteFolder' => 0
+                                       'addFile' => FALSE,
+                                       'readFile' => TRUE,
+                                       'writeFile' => FALSE,
+                                       'copyFile' => FALSE,
+                                       'moveFile' => FALSE,
+                                       'renameFile' => FALSE,
+                                       'unzipFile' => TRUE,
+                                       'deleteFile' => FALSE,
+                                       'addFolder' => FALSE,
+                                       'readFolder' => FALSE,
+                                       'writeFolder' => FALSE,
+                                       'copyFolder' => FALSE,
+                                       'moveFolder' => FALSE,
+                                       'renameFolder' => FALSE,
+                                       'deleteFolder' => FALSE,
+                                       'recursivedeleteFolder' => FALSE
                                )
                        ),
-                       'Write folder allowed' => array(
-                               4,
+                       'Standard folder permissions' => array(
+                               'addFolder,readFolder,moveFolder,renameFolder,writeFolder,deleteFolder',
                                array(
-                                       'addFile' => 0,
-                                       'readFile' => 1,
-                                       'writeFile' => 0,
-                                       'copyFile' => 0,
-                                       'moveFile' => 0,
-                                       'renameFile' => 0,
-                                       'unzipFile' => 0,
-                                       'deleteFile' => 0,
-                                       'addFolder' => 1,
-                                       'readFolder' => 1,
-                                       'copyFolder' => 0,
-                                       'moveFolder' => 1,
-                                       'renameFolder' => 1,
-                                       'writeFolder' => 1,
-                                       'deleteFolder' => 1,
-                                       'recursivedeleteFolder' => 0
+                                       'addFile' => FALSE,
+                                       'readFile' => FALSE,
+                                       'writeFile' => FALSE,
+                                       'copyFile' => FALSE,
+                                       'moveFile' => FALSE,
+                                       'renameFile' => FALSE,
+                                       'unzipFile' => FALSE,
+                                       'deleteFile' => FALSE,
+                                       'addFolder' => TRUE,
+                                       'readFolder' => TRUE,
+                                       'writeFolder' => TRUE,
+                                       'copyFolder' => FALSE,
+                                       'moveFolder' => TRUE,
+                                       'renameFolder' => TRUE,
+                                       'deleteFolder' => TRUE,
+                                       'recursivedeleteFolder' => FALSE
                                )
                        ),
                        'Copy folder allowed' => array(
-                               8,
+                               'readFolder,copyFolder',
                                array(
-                                       'addFile' => 0,
-                                       'readFile' => 1,
-                                       'writeFile' => 0,
-                                       'copyFile' => 0,
-                                       'moveFile' => 0,
-                                       'renameFile' => 0,
-                                       'unzipFile' => 0,
-                                       'deleteFile' => 0,
-                                       'addFolder' => 0,
-                                       'readFolder' => 1,
-                                       'copyFolder' => 1,
-                                       'moveFolder' => 0,
-                                       'renameFolder' => 0,
-                                       'writeFolder' => 0,
-                                       'deleteFolder' => 0,
-                                       'recursivedeleteFolder' => 0
+                                       'addFile' => FALSE,
+                                       'readFile' => FALSE,
+                                       'writeFile' => FALSE,
+                                       'copyFile' => FALSE,
+                                       'moveFile' => FALSE,
+                                       'renameFile' => FALSE,
+                                       'unzipFile' => FALSE,
+                                       'deleteFile' => FALSE,
+                                       'addFolder' => FALSE,
+                                       'readFolder' => TRUE,
+                                       'writeFolder' => FALSE,
+                                       'copyFolder' => TRUE,
+                                       'moveFolder' => FALSE,
+                                       'renameFolder' => FALSE,
+                                       'deleteFolder' => FALSE,
+                                       'recursivedeleteFolder' => FALSE
                                )
                        ),
                        'Copy folder and remove subfolders allowed' => array(
-                               24,
+                               'readFolder,copyFolder,recursivedeleteFolder',
                                array(
-                                       'addFile' => 0,
-                                       'readFile' => 1,
-                                       'writeFile' => 0,
-                                       'copyFile' => 0,
-                                       'moveFile' => 0,
-                                       'renameFile' => 0,
-                                       'unzipFile' => 0,
-                                       'deleteFile' => 0,
-                                       'addFolder' => 0,
-                                       'readFolder' => 1,
-                                       'copyFolder' => 1,
-                                       'moveFolder' => 0,
-                                       'renameFolder' => 0,
-                                       'writeFolder' => 0,
-                                       'deleteFolder' => 0,
-                                       'recursivedeleteFolder' => 1
+                                       'addFile' => FALSE,
+                                       'readFile' => FALSE,
+                                       'writeFile' => FALSE,
+                                       'copyFile' => FALSE,
+                                       'moveFile' => FALSE,
+                                       'renameFile' => FALSE,
+                                       'unzipFile' => FALSE,
+                                       'deleteFile' => FALSE,
+                                       'addFolder' => FALSE,
+                                       'readFolder' => TRUE,
+                                       'writeFolder' => FALSE,
+                                       'copyFolder' => TRUE,
+                                       'moveFolder' => FALSE,
+                                       'renameFolder' => FALSE,
+                                       'deleteFolder' => FALSE,
+                                       'recursivedeleteFolder' => TRUE
                                )
                        ),
                );
@@ -604,20 +632,16 @@ class BackendUserAuthenticationTest extends \TYPO3\CMS\Core\Tests\UnitTestCase {
         * @test
         * @dataProvider getFilePermissionsTakesUserDefaultPermissionsFromRecordIntoAccountIfUserIsNotAdminDataProvider
         */
-       public function getFilePermissionsTakesUserDefaultPermissionsFromRecordIntoAccountIfUserIsNotAdmin($oldPermissionValue, $expectedPermissions) {
-               $this->fixture = $this->getMock('TYPO3\\CMS\\Core\\Authentication\\BackendUserAuthentication', array('isAdmin', 'getFileoperationPermissions'));
+       public function getFilePermissionsTakesUserDefaultPermissionsFromRecordIntoAccountIfUserIsNotAdmin($permissionValue, $expectedPermissions) {
+               $this->fixture = $this->getMock('TYPO3\\CMS\\Core\\Authentication\\BackendUserAuthentication', array('isAdmin'));
 
                $this->fixture
                        ->expects($this->any())
                        ->method('isAdmin')
                        ->will($this->returnValue(FALSE));
 
-               $this->fixture
-                       ->expects($this->any())
-                       ->method('getFileoperationPermissions')
-                       ->will($this->returnValue($oldPermissionValue));
-
                $this->fixture->userTS = array();
+               $this->fixture->groupData['file_permissions'] = $permissionValue;
                $this->assertEquals($expectedPermissions, $this->fixture->getFilePermissions());
        }
 
@@ -625,7 +649,7 @@ class BackendUserAuthenticationTest extends \TYPO3\CMS\Core\Tests\UnitTestCase {
         * @test
         */
        public function getFilePermissionsGrantsAllPermissionsToAdminUsers() {
-               $this->fixture = $this->getMock('TYPO3\\CMS\\Core\\Authentication\\BackendUserAuthentication', array('isAdmin', 'getFileoperationPermissions'));
+               $this->fixture = $this->getMock('TYPO3\\CMS\\Core\\Authentication\\BackendUserAuthentication', array('isAdmin'));
 
                $this->fixture
                        ->expects($this->any())
@@ -643,10 +667,10 @@ class BackendUserAuthenticationTest extends \TYPO3\CMS\Core\Tests\UnitTestCase {
                        'deleteFile' => TRUE,
                        'addFolder' => TRUE,
                        'readFolder' => TRUE,
+                       'writeFolder' => TRUE,
                        'copyFolder' => TRUE,
                        'moveFolder' => TRUE,
                        'renameFolder' => TRUE,
-                       'writeFolder' => TRUE,
                        'deleteFolder' => TRUE,
                        'recursivedeleteFolder' => TRUE
                );
index 1128035..c0262f4 100644 (file)
@@ -20,7 +20,7 @@ CREATE TABLE be_groups (
   cruser_id int(11) unsigned DEFAULT '0' NOT NULL,
   groupMods text,
   file_mountpoints varchar(255) DEFAULT '' NOT NULL,
-  fileoper_perms tinyint(4) DEFAULT '0' NOT NULL,
+  file_permissions text,
   hidden tinyint(1) unsigned DEFAULT '0' NOT NULL,
   inc_access_lists tinyint(3) unsigned DEFAULT '0' NOT NULL,
   description text,
@@ -75,7 +75,7 @@ CREATE TABLE be_users (
   allowed_languages varchar(255) DEFAULT '' NOT NULL,
   uc mediumtext,
   file_mountpoints varchar(255) DEFAULT '' NOT NULL,
-  fileoper_perms tinyint(4) DEFAULT '0' NOT NULL,
+  file_permissions text,
   workspace_perms tinyint(3) DEFAULT '1' NOT NULL,
   lockToDomain varchar(50) DEFAULT '' NOT NULL,
   disableIPlock tinyint(1) unsigned DEFAULT '0' NOT NULL,
index 2363698..2cd5a16 100644 (file)
@@ -60,7 +60,7 @@ config.tx_extbase {
                                                allowed_languages.mapOnProperty = allowedLanguages
                                                workspace_perms.mapOnProperty = workspacePermission
                                                db_mountpoints.mapOnProperty = databaseMounts
-                                               fileoper_perms.mapOnProperty = fileOperationPermissions
+                                               file_permissions.mapOnProperty = fileOperationPermissions
                                                lockToDomain.mapOnProperty = lockToDomain
                                                hide_in_lists.mapOnProperty = hideInList
                                                TSconfig.mapOnProperty = tsConfig
index 9832d2d..7963a9e 100644 (file)
@@ -280,7 +280,7 @@ class FileListController {
                                        // Init file processing object for deleting and pass the cmd array.
                                        $fileProcessor = GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Utility\\File\\ExtendedFileUtility');
                                        $fileProcessor->init($GLOBALS['FILEMOUNTS'], $GLOBALS['TYPO3_CONF_VARS']['BE']['fileExtensions']);
-                                       $fileProcessor->init_actionPerms($GLOBALS['BE_USER']->getFileoperationPermissions());
+                                       $fileProcessor->setActionPermissions();
                                        $fileProcessor->dontCheckForUnique = $this->overwriteExistingFiles ? 1 : 0;
                                        $fileProcessor->start($FILE);
                                        $fileProcessor->processData();
index 0ea5177..50b8eb7 100644 (file)
@@ -1139,7 +1139,7 @@ class ImportExportController extends \TYPO3\CMS\Backend\Module\BaseScriptClass {
                // Initializing:
                $this->fileProcessor = GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Utility\\File\\ExtendedFileUtility');
                $this->fileProcessor->init($GLOBALS['FILEMOUNTS'], $GLOBALS['TYPO3_CONF_VARS']['BE']['fileExtensions']);
-               $this->fileProcessor->init_actionPerms($GLOBALS['BE_USER']->getFileoperationPermissions());
+               $this->fileProcessor->setActionPermissions();
                $this->fileProcessor->dontCheckForUnique = GeneralUtility::_GP('overwriteExistingFiles') ? 1 : 0;
                // Checking referer / executing:
                $refInfo = parse_url(GeneralUtility::getIndpEnv('HTTP_REFERER'));
index da7c5bb..b94363e 100644 (file)
@@ -2025,7 +2025,7 @@ class ImportExport {
         */
        public function writeFileVerify($fileName, $fileID, $bypassMountCheck = FALSE) {
                $fileProcObj = $this->getFileProcObj();
-               if ($fileProcObj->actionPerms['newFile']) {
+               if ($fileProcObj->actionPerms['addFile']) {
                        // Just for security, check again. Should actually not be necessary.
                        if ($fileProcObj->checkPathAgainstMounts($fileName) || $bypassMountCheck) {
                                $fI = GeneralUtility::split_fileref($fileName);
@@ -2759,7 +2759,7 @@ class ImportExport {
                                }
                                // Check extension:
                                $fileProcObj = $this->getFileProcObj();
-                               if ($fileProcObj->actionPerms['newFile']) {
+                               if ($fileProcObj->actionPerms['addFile']) {
                                        $testFI = GeneralUtility::split_fileref(PATH_site . $fI['relFileName']);
                                        if (!$this->allowPHPScripts && !$fileProcObj->checkIfAllowed($testFI['fileext'], $testFI['path'], $testFI['file'])) {
                                                $pInfo['msg'] .= 'File extension was not allowed!';
@@ -3122,7 +3122,7 @@ class ImportExport {
                if (!is_object($this->fileProcObj)) {
                        $this->fileProcObj = GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Utility\\File\\ExtendedFileUtility');
                        $this->fileProcObj->init($GLOBALS['FILEMOUNTS'], $GLOBALS['TYPO3_CONF_VARS']['BE']['fileExtensions']);
-                       $this->fileProcObj->init_actionPerms($GLOBALS['BE_USER']->getFileoperationPermissions());
+                       $this->fileProcObj->setActionPermissions();
                }
                return $this->fileProcObj;
        }
diff --git a/typo3/sysext/install/Classes/Updates/FilePermissionUpdate.php b/typo3/sysext/install/Classes/Updates/FilePermissionUpdate.php
new file mode 100644 (file)
index 0000000..5099f55
--- /dev/null
@@ -0,0 +1,228 @@
+<?php
+namespace TYPO3\CMS\Install\Updates;
+
+/***************************************************************
+ *  Copyright notice
+ *
+ *  (c) 2013 Nicole Cordes <typo3@cordes.co>
+ *  All rights reserved
+ *
+ *  This script is part of the TYPO3 project. The TYPO3 project is
+ *  free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  The GNU General Public License can be found at
+ *  http://www.gnu.org/copyleft/gpl.html.
+ *
+ *  This script is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  This copyright notice MUST APPEAR in all copies of the script!
+ ***************************************************************/
+
+/**
+ * Upgrade wizard which goes through all users and groups file permissions and stores them as list in a new field.
+ */
+class FilePermissionUpdate extends AbstractUpdate {
+
+       /**
+        * @var \TYPO3\CMS\Install\Service\SqlSchemaMigrationService
+        */
+       protected $installToolSqlParser;
+
+       /**
+        * @var string
+        */
+       protected $title = 'Rewrites binary file permissions into detailed list';
+
+       /**
+        * Constructor function.
+        */
+       public function __construct() {
+               $this->installToolSqlParser = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Install\\Service\\SqlSchemaMigrationService');
+       }
+
+       /**
+        * Checks if an update is needed
+        *
+        * @param string &$description The description for the update
+        * @return boolean TRUE if an update is needed, FALSE otherwise
+        */
+       public function checkForUpdate(&$description) {
+               $description = 'There are backend users and backend groups with specified file permissions.' .
+                       ' This update migrates old combined (binary) file permissions to new separate ones.';
+               $updateNeeded = FALSE;
+               $updateStatements = $this->getUpdateStatements();
+               if (!empty($updateStatements['add'])) {
+                       // Field might not be there, so we need an update run to add the field
+                       return TRUE;
+               }
+               // Fetch user records where the old permission field is not empty but the new one is
+               $notMigratedRowsCount = $GLOBALS['TYPO3_DB']->exec_SELECTcountRows(
+                       'uid',
+                       'be_users',
+                       $this->getWhereClause()
+               );
+               if ($notMigratedRowsCount > 0) {
+                       $updateNeeded = TRUE;
+               } else {
+                       // Fetch group records where the old permission field is not empty but the new one is
+                       $notMigratedRowsCount = $GLOBALS['TYPO3_DB']->exec_SELECTcountRows(
+                               'uid',
+                               'be_groups',
+                               $this->getWhereClause()
+                       );
+                       if ($notMigratedRowsCount > 0) {
+                               $updateNeeded = TRUE;
+                       }
+               }
+               return $updateNeeded;
+       }
+
+       /**
+        * Performs the database update.
+        *
+        * @param array &$dbQueries Queries done in this update
+        * @param mixed &$customMessages Custom messages
+        * @return boolean TRUE on success, FALSE on error
+        */
+       public function performUpdate(array &$dbQueries, &$customMessages) {
+               // First perform all add update statements to database
+               $updateStatements = $this->getUpdateStatements();
+               foreach ((array) $updateStatements['add'] as $query) {
+                       $GLOBALS['TYPO3_DB']->admin_query($query);
+                       $dbQueries[] = $query;
+                       if ($GLOBALS['TYPO3_DB']->sql_error()) {
+                               $customMessages = 'SQL-ERROR: ' . htmlspecialchars($GLOBALS['TYPO3_DB']->sql_error());
+                               return FALSE;
+                       }
+               }
+
+               // Iterate over users and groups table to perform permission updates
+               $tablesToProcess = array('be_groups', 'be_users');
+               foreach ($tablesToProcess as $table) {
+                       $records = $this->getRecordsFromTable($table);
+                       foreach ($records as $singleRecord) {
+                               $filePermission = $this->getFilePermissions($singleRecord['fileoper_perms']);
+                               $updateArray = array(
+                                       'file_permissions' => $filePermission
+                               );
+                               $GLOBALS['TYPO3_DB']->exec_UPDATEquery($table, 'uid=' . (int) $singleRecord['uid'], $updateArray);
+                               // Get last executed query
+                               $dbQueries[] = str_replace(chr(10), ' ', $GLOBALS['TYPO3_DB']->debug_lastBuiltQuery);
+                               // Check for errors
+                               if ($GLOBALS['TYPO3_DB']->sql_error()) {
+                                       $customMessages = 'SQL-ERROR: ' . htmlspecialchars($GLOBALS['TYPO3_DB']->sql_error());
+                                       return FALSE;
+                               }
+                       }
+               }
+
+               return TRUE;
+       }
+
+       /**
+        * Gets all create, add and change queries from core/ext_tables.sql
+        *
+        * @return array
+        */
+       protected function getUpdateStatements() {
+               $updateStatements = array();
+
+               // Get all necessary statements for ext_tables.sql file
+               $rawDefinitions = \TYPO3\CMS\Core\Utility\GeneralUtility::getUrl(\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::extPath('core') . '/ext_tables.sql');
+               $fieldDefinitionsFromFile = $this->installToolSqlParser->getFieldDefinitions_fileContent($rawDefinitions);
+               if (count($fieldDefinitionsFromFile)) {
+                       $fieldDefinitionsFromCurrentDatabase = $this->installToolSqlParser->getFieldDefinitions_database();
+                       $diff = $this->installToolSqlParser->getDatabaseExtra($fieldDefinitionsFromFile, $fieldDefinitionsFromCurrentDatabase);
+                       $updateStatements = $this->installToolSqlParser->getUpdateSuggestions($diff);
+               }
+
+               return $updateStatements;
+       }
+
+       /**
+        * Processes the actual transformation from old binary file permissions to new separate list
+        *
+        * @param integer $oldFileOperationPermissions
+        * @return string
+        */
+       protected function getFilePermissions($oldFileOperationPermissions) {
+               if ($oldFileOperationPermissions == 0) {
+                       return '';
+               }
+               $defaultOptions = array(
+                       // File permissions
+                       'addFile' => TRUE,
+                       'readFile' => TRUE,
+                       'writeFile' => TRUE,
+                       'copyFile' => TRUE,
+                       'moveFile' => TRUE,
+                       'renameFile' => TRUE,
+                       'unzipFile' => TRUE,
+                       'deleteFile' => TRUE,
+                       // Folder permissions
+                       'addFolder' => TRUE,
+                       'readFolder' => TRUE,
+                       'writeFolder' => TRUE,
+                       'copyFolder' => TRUE,
+                       'moveFolder' => TRUE,
+                       'renameFolder' => TRUE,
+                       'deleteFolder' => TRUE,
+                       'recursivedeleteFolder' => TRUE
+               );
+               if (!($oldFileOperationPermissions & 1)) {
+                       unset($defaultOptions['addFile']);
+                       unset($defaultOptions['readFile']);
+                       unset($defaultOptions['writeFile']);
+                       unset($defaultOptions['copyFile']);
+                       unset($defaultOptions['moveFile']);
+                       unset($defaultOptions['renameFile']);
+                       unset($defaultOptions['deleteFile']);
+               }
+               if (!($oldFileOperationPermissions & 2)) {
+                       unset($defaultOptions['unzipFile']);
+               }
+               if (!($oldFileOperationPermissions & 4)) {
+                       unset($defaultOptions['addFolder']);
+                       unset($defaultOptions['writeFolder']);
+                       unset($defaultOptions['moveFolder']);
+                       unset($defaultOptions['renameFolder']);
+                       unset($defaultOptions['deleteFolder']);
+               }
+               if (!($oldFileOperationPermissions & 8)) {
+                       unset($defaultOptions['copyFolder']);
+               }
+               if (!($oldFileOperationPermissions & 16)) {
+                       unset($defaultOptions['recursivedeleteFolder']);
+               }
+
+               return implode(',', array_keys($defaultOptions));
+       }
+
+       /**
+        * Retrieve every record which needs to be processed
+        *
+        * @param string $table
+        * @return array
+        */
+       protected function getRecordsFromTable($table) {
+               $fields = implode(',', array('uid', 'fileoper_perms'));
+               $records = $GLOBALS['TYPO3_DB']->exec_SELECTgetRows($fields, $table, $this->getWhereClause());
+               return $records;
+       }
+
+       /**
+        * Returns the where clause for database requests
+        *
+        * @return string
+        */
+       protected function getWhereClause() {
+               return 'fileoper_perms>0 AND ISNULL(file_permissions)';
+       }
+
+}
index 2adc5b6..0558aec 100644 (file)
@@ -34,6 +34,8 @@ $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/install']['update']['flagsFromSpr
 $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/install']['update']['addFlexformsToAcl'] = 'TYPO3\\CMS\\Install\\Updates\\AddFlexFormsToAclUpdate';
 // Version 4.5: Split tt_content image_link to newline by comma
 $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/install']['update']['imagelink'] = 'TYPO3\\CMS\\Install\\Updates\\ImagelinkUpdate';
+// Split backend user and backend groups file permissions to single ones.
+$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/install']['update']['file_permissions'] = 'TYPO3\\CMS\\Install\\Updates\\FilePermissionUpdate';
 // Version 6.0: Migrate files content elements to use File Abstraction Layer
 // Migrations of tt_content.image DB fields and captions, alt texts, etc. into sys_file_reference records.
 $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/install']['update']['sysext_file_init'] = 'TYPO3\\CMS\\Install\\Updates\\InitUpdateWizard';
index 5938c35..f1d9c78 100644 (file)
@@ -95,6 +95,20 @@ This is the page tree of the "admin" user. Notice the folder "user_upload" which
 This shows the mounted folder as seen by a user who was member of the group.
 Filemount records are also created in the page tree root.</source>
                        </trans-unit>
+                       <trans-unit id="file_permissions.description" xml:space="preserve">
+                               <source>Select file operation permissions for the group members.</source>
+                       </trans-unit>
+                       <trans-unit id="file_permissions.details" xml:space="preserve">
+                               <source>These settings relate to the functions found in the File&gt;Filelist module as well as general upload of files.
+
+&lt;strong&gt;Notice&lt;/strong&gt; that these settings apply to all members of this group and extend the users permissions accordingly.</source>
+                       </trans-unit>
+                       <trans-unit id="file_permissions.seeAlso" xml:space="preserve">
+                               <source>be_groups:file_mountpoints,
+be_users:file_mountpoints,
+be_users:file_permissions</source>
+                               <note from="developer">This string contains an internal text, which must not be changed. Just copy the original text into the translation field. For more information have a look at the Tutorial.</note>
+                       </trans-unit>
                        <trans-unit id="fileoper_perms.description" xml:space="preserve">
                                <source>Select file operation permissions for the group members.</source>
                        </trans-unit>
@@ -106,7 +120,7 @@ Filemount records are also created in the page tree root.</source>
                        <trans-unit id="_fileoper_perms.seeAlso" xml:space="preserve">
                                <source>be_groups:file_mountpoints,
 be_users:file_mountpoints,
-be_users:fileoper_perms</source>
+be_users:file_permissions</source>
                                <note from="developer">This string contains an internal text, which must not be changed. Just copy the original text into the translation field. For more information have a look at the Tutorial.</note>
                        </trans-unit>
                        <trans-unit id="pagetypes_select.description" xml:space="preserve">
index 3173e47..58dd4e5 100644 (file)
@@ -193,6 +193,19 @@ If you don't check these options, you must make sure the mount points for the pa
 be_users:file_mountpoints</source>
                                <note from="developer">This string contains an internal text, which must not be changed. Just copy the original text into the translation field. For more information have a look at the Tutorial.</note>
                        </trans-unit>
+                       <trans-unit id="file_permissions.description" xml:space="preserve">
+                               <source>Select file operation permissions for the user.</source>
+                       </trans-unit>
+                       <trans-unit id="file_permissions.details" xml:space="preserve">
+                               <source>These settings relate to the functions found in the File&gt;List module as well as general upload of files.
+
+&lt;strong&gt;Notice&lt;/strong&gt; that backend user groups also have file operation permissions which automatically apply to the user if he's member of an accordant group. So if you want a group of users share identical file operation permissions, you should probably define them in a backend user group instead.</source>
+                       </trans-unit>
+                       <trans-unit id="file_permissions.seeAlso" xml:space="preserve">
+                               <source>be_users:file_mountpoints,
+be_group:file_permissions</source>
+                               <note from="developer">This string contains an internal text, which must not be changed. Just copy the original text into the translation field. For more information have a look at the Tutorial.</note>
+                       </trans-unit>
                        <trans-unit id="fileoper_perms.description" xml:space="preserve">
                                <source>Select file operation permissions for the user.</source>
                        </trans-unit>
@@ -203,7 +216,7 @@ be_users:file_mountpoints</source>
                        </trans-unit>
                        <trans-unit id="_fileoper_perms.seeAlso" xml:space="preserve">
                                <source>be_users:file_mountpoints,
-be_group:fileoper_perms</source>
+be_group:file_permissions</source>
                                <note from="developer">This string contains an internal text, which must not be changed. Just copy the original text into the translation field. For more information have a look at the Tutorial.</note>
                        </trans-unit>
                        <trans-unit id="starttime.description" xml:space="preserve">
index 0be1338..f5d39a0 100644 (file)
                        <trans-unit id="be_users.fileoper_perms" xml:space="preserve">
                                <source>Fileoperation permissions:</source>
                        </trans-unit>
-                       <trans-unit id="be_users.fileoper_perms_general" xml:space="preserve">
-                               <source>Files: Upload,Copy,Move,Delete,Rename,New,Edit</source>
+                       <trans-unit id="be_users.file_permissions.files" xml:space="preserve">
+                               <source>Files:</source>
+                       </trans-unit>
+                       <trans-unit id="be_users.file_permissions.files_read" xml:space="preserve">
+                               <source>Files: Read</source>
+                       </trans-unit>
+                       <trans-unit id="be_users.file_permissions.files_write" xml:space="preserve">
+                               <source>Files: Write</source>
+                       </trans-unit>
+                       <trans-unit id="be_users.file_permissions.files_add" xml:space="preserve">
+                               <source>Files: Add</source>
+                       </trans-unit>
+                       <trans-unit id="be_users.file_permissions.files_upload" xml:space="preserve">
+                               <source>Files: Upload</source>
+                       </trans-unit>
+                       <trans-unit id="be_users.file_permissions.files_rename" xml:space="preserve">
+                               <source>Files: Rename</source>
+                       </trans-unit>
+                       <trans-unit id="be_users.file_permissions.files_move" xml:space="preserve">
+                               <source>Files: Move</source>
+                       </trans-unit>
+                       <trans-unit id="be_users.file_permissions.files_copy" xml:space="preserve">
+                               <source>Files: Copy</source>
                        </trans-unit>
                        <trans-unit id="be_users.fileoper_perms_unzip" xml:space="preserve">
                                <source>Files: Unzip</source>
                        </trans-unit>
+                       <trans-unit id="be_users.file_permissions.file_delete" xml:space="preserve">
+                               <source>Files: Delete</source>
+                       </trans-unit>
+                       <trans-unit id="be_users.fileoper_perms_general" xml:space="preserve">
+                               <source>Files: Upload,Copy,Move,Delete,Rename,New,Edit</source>
+                       </trans-unit>
                        <trans-unit id="be_users.fileoper_perms_diroper_perms" xml:space="preserve">
                                <source>Directory: Move,Delete,Rename,New</source>
                        </trans-unit>
                        <trans-unit id="be_groups.fileoper_perms" xml:space="preserve">
                                <source>Fileoperation permissions:</source>
                        </trans-unit>
-                       <trans-unit id="be_groups.fileoper_perms_general" xml:space="preserve">
-                               <source>Files: Upload,Copy,Move,Delete,Rename,New,Edit</source>
+                       <trans-unit id="be_groups.file_permissions.folder" xml:space="preserve">
+                               <source>Directory:</source>
+                       </trans-unit>
+                       <trans-unit id="be_groups.file_permissions.folder_read" xml:space="preserve">
+                               <source>Directory: Read</source>
+                       </trans-unit>
+                       <trans-unit id="be_groups.file_permissions.folder_write" xml:space="preserve">
+                               <source>Directory: Write</source>
+                       </trans-unit>
+                       <trans-unit id="be_groups.file_permissions.folder_add" xml:space="preserve">
+                               <source>Directory: Add</source>
+                       </trans-unit>
+                       <trans-unit id="be_groups.file_permissions.folder_rename" xml:space="preserve">
+                               <source>Directory: Rename</source>
+                       </trans-unit>
+                       <trans-unit id="be_groups.file_permissions.folder_move" xml:space="preserve">
+                               <source>Directory: Move</source>
+                       </trans-unit>
+                       <trans-unit id="be_groups.file_permissions.folder_copy" xml:space="preserve">
+                               <source>Directory: Copy</source>
+                       </trans-unit>
+                       <trans-unit id="be_groups.file_permissions.folder_delete" xml:space="preserve">
+                               <source>Directory: Delete</source>
+                       </trans-unit>
+                       <trans-unit id="be_groups.file_permissions.folder_recursivedelete" xml:space="preserve">
+                               <source>Directory: Delete recursively</source>
+                       </trans-unit>
+                       <trans-unit id="be_groups.file_permissions.files" xml:space="preserve">
+                               <source>Files:</source>
+                       </trans-unit>
+                       <trans-unit id="be_groups.file_permissions.files_read" xml:space="preserve">
+                               <source>Files: Read</source>
+                       </trans-unit>
+                       <trans-unit id="be_groups.file_permissions.files_write" xml:space="preserve">
+                               <source>Files: Write</source>
+                       </trans-unit>
+                       <trans-unit id="be_groups.file_permissions.files_edit" xml:space="preserve">
+                               <source>Files: Edit</source>
+                       </trans-unit>
+                       <trans-unit id="be_groups.file_permissions.files_add" xml:space="preserve">
+                               <source>Files: Add</source>
+                       </trans-unit>
+                       <trans-unit id="be_groups.file_permissions.files_upload" xml:space="preserve">
+                               <source>Files: Upload</source>
+                       </trans-unit>
+                       <trans-unit id="be_groups.file_permissions.files_rename" xml:space="preserve">
+                               <source>Files: Rename</source>
+                       </trans-unit>
+                       <trans-unit id="be_groups.file_permissions.files_move" xml:space="preserve">
+                               <source>Files: Move</source>
+                       </trans-unit>
+                       <trans-unit id="be_groups.file_permissions.files_copy" xml:space="preserve">
+                               <source>Files: Copy</source>
                        </trans-unit>
                        <trans-unit id="be_groups.fileoper_perms_unzip" xml:space="preserve">
                                <source>Files: Unzip</source>
                        </trans-unit>
+                       <trans-unit id="be_groups.file_permissions.files_delete" xml:space="preserve">
+                               <source>Files: Delete</source>
+                       </trans-unit>
+                       <trans-unit id="be_groups.fileoper_perms_general" xml:space="preserve">
+                               <source>Files: Upload,Copy,Move,Delete,Rename,New,Edit</source>
+                       </trans-unit>
                        <trans-unit id="be_groups.fileoper_perms_diroper_perms" xml:space="preserve">
                                <source>Directory: Move,Delete,Rename,New</source>
                        </trans-unit>
index fdaaa41..accb5a7 100644 (file)
@@ -255,7 +255,7 @@ Reports problems with RTE images';
                if (!is_object($this->fileProcObj)) {
                        $this->fileProcObj = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Utility\\File\\ExtendedFileUtility');
                        $this->fileProcObj->init($GLOBALS['FILEMOUNTS'], $GLOBALS['TYPO3_CONF_VARS']['BE']['fileExtensions']);
-                       $this->fileProcObj->init_actionPerms($GLOBALS['BE_USER']->getFileoperationPermissions());
+                       $this->fileProcObj->setActionPermissions();
                }
                return $this->fileProcObj;
        }