Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[4.x]: Asset-selection modal opens on default upload folder, even when the user has no access to this folder #13006

Closed
FlorisDerks opened this issue Mar 29, 2023 · 5 comments
Closed

[4.x]: Asset-selection modal opens on default upload folder, even when the user has no access to this folder #13006

FlorisDerks opened this issue Mar 29, 2023 · 5 comments
Assignees
@i-just
Labels
bug craft4

Comments

@FlorisDerks
Copy link

What happened?

Description

We have a multisite setup within Craft, where each site has it's own asset-filesystem. Some of our asset-selection fields have a default folder in order to redirect editors to the correct location to upload their files. This used to work somewhat in older versions (would only work on one site, others would load the root-folder of their own first authorized filesystem), but since v4.4.x it loads the folder of the site mentioned in the field-settings, even when the user does not even have access to that filesystem.

Steps to reproduce

  1. Create 2 filesystems, create a folder with files in one of them
  2. Create a user which only has access to the filesystem without the folder
  3. Create a field which uses the folder as the default path & add to a section
  4. Log in as the user without folder-access
  5. Try to select a file, you will see that it opens the folder in the unauthorized filesystem, and when you try to upload it throws an error (which is expected)

Expected behavior

When a user has no access to a filesystem, the root of the first authorized filesystem should be loaded (as it was in v4.3.x). Even better would be to check if the folder exists in the first authorized filesystem and use that instead.

Actual behavior

The folder of an unauthorized filesystem is shown, which should've been hidden.

Craft CMS version

4.4.5

PHP version

8.2

Operating system and version

No response

Database type and version

No response

Image driver and version

No response

Installed plugins and versions
@FlorisDerks
Copy link
Author

Additional findings: when the first authorized root-folder is correctly displayed (due to not having a default folder), new uploads are still trying to be added to the default folder. Only when you navigate to a different folder & back & then try to upload a file, it's uploaded to the correct location.

@i-just i-just self-assigned this Mar 29, 2023
@i-just i-just mentioned this issue Mar 29, 2023
Merged
@i-just
Copy link
Contributor

i-just commented Mar 29, 2023

Hi, thanks for reporting! I raised a PR to address this.

@qrazi
Copy link
Contributor

qrazi commented Apr 3, 2023

Just another +1 on this issue.

I see - I think 😅 - that the PR is targeting Craft 3.8? In which case; we have the issue in Craft 3.8.5. I can confirm that when I apply the changes from the PR - I guess specifically commit d6236c0 - to our local project, the upload works as expected again.

Basically we can reproduce this locally, and can also confirm that for us the PR fixes the issue 😅

@brandonkelly
Copy link
Member

This is fixed for the next Craft 3 and 4 releases via #13010 🎉

@brandonkelly
Copy link
Member

Craft 3.8.6 and 4.4.6 are out with that fix 🎉

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@i-just i-just

Labels
bug craft4
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@brandonkelly @FlorisDerks @i-just @qrazi