[TYPO3-dam] supplement - Re: readonly backend access possible?

[georg kuehnberger]

following up on my monologue,

Idea #2 was
- Create group-specific subfolders beyond "Media" and
- set Page-Rights per Sub-Page & Group, which should be respected by DAM
- then move tx_dam records into the subfolders according to your 
specific needs in regards to which group may read or write those records;

So I setup subfolders (group1, group2) beyond the Media-Folder and set 
AccessRight "Edit Content" of one subfolder to NOBODY;
Guess what happpens:
- The folder rights (read/write) are respected fine in the Web > List 
Module;
- The folder rights are IGNORED by the Media > File and > List Module;
that is: users of BE-group1 and BE-group2 were still able to list & edit 
records in the subfolders.

Ineresting btw: FE-wise this works quite fine: selected records from 
Media-Subfolders ARE shown fine in the FE;

I conclude that the DAM Modules File & List, dont respect Page-Access 
Configurations, except for the Media Folder itself.

Digging into it, it seems that the Permissions are
- calculated for "the only one" DAM sysfolder ($this->defaultPid), and are
- calculated very early in
---
class.tx_dam_scbase.php, function init(), l 247-248
---
which IMHO currently wont allow for correct page-based permissions per 
folder (IMHO);

hmm ... grepping for "calcPerms" leads to:
class.tx_dam_actionsFile.php, class.tx_dam_listrecords.php, 
class.tx_dam_cm_record.php, class.tx_dam_list_thumbs.php, ....

So I decideded to give up on this for now.

However, I seriously DO feel that a DAM without a meaninful option for 
READ-ONLY records (for certain groups) based on folders IS somewhat 
incomplete.

PS: I somewhat fail to "word" a bugreport on this, anyone else ?



georg kuehnberger wrote:
> rethinking my last idea, and talking to myself:
> 
> I was (of course) wrong.
> Simple for the reason that BE_accessrights in TYPO3 are ONLY on page- 
> and not also on record-level.
> pitty, pitty;
> regards georg