Download via filelist fails once files/folders are restricted to FE groups

[chrissonntag]

Platform: Typo3 11.5.12 with fal_securedownload v4.0.0

Is there a trick how to configure the extension to work with files/folders restricted to specific FE groups when trying to download files via filelist in the backend?
If one is logged in in BE (without being logged in in FE) the download via filelist fails once a file/folder is restricted to a specific FE group. It seems nowadays with v4.0.0 the backend context is being ignored and the the dump url is being opened with frontend context. I.e. https://example.com/index.php?eID=dumpFile&t=f&f=1234&token=token

Until v4.0.0 the dump of any file via filelist had been initialized with backend context. I.e. (extracted from a T3 10.4): https://example.com/typo3/index.php?ajaxID=FalSecuredownload::publicUrl&eID=dumpFile&t=f&f=1234&token=token&ajaxToken=ajaxToken
I assume therefore it'd been checked if a BE user is logged in and the dump could be served. Regardless if files/folders were restricted to sepecific FE groups.

[FamousWolf]

Can you see if #189 fixes this issue for you?

[chrissonntag]

I've tested it by checking out commit 8233513 and can confirm that downloads are now being initialized. But for some reason the file name of the respective file (to be downloaded) gets cut completeley and only the file extension remains. So i.e. if I try to download a file called Dummy.pdf it'll be sent to the browser as just "pdf". I've tested Chrome, Brave and Vivaldi.

[FamousWolf]

@chrissonntag I can not reproduce this problem. How do you try to download the file? There are multiple ways in the backend, so maybe I missed one. Is this a clean TYPO3 installation or are there any other extensions installed?

[chrissonntag]

@FamousWolf
I have tested it with 2 Typo3 instances. Both running with v11.5.14. The one is of one of our customers, the other one is a fresh installation only having fal_securedownload as 3rd party extension installed. The behaviour in both system is exactly the same.

How to reproduce:
Beside the common fileadmin folder create another storage wich is not public and upload any file at all. The folder in which the uploaded file lies does not even have to be restricted to any FE groups.
Download the uploaded file and recognize that only the extension is presented as full filename.

If you upload the exact same file or any other to the common fileadmin folder, the download works just fine.

[FamousWolf]

@chrissonntag I tested it again in a clean TYPO3 11.5.14 instance and still wasn't able to reproduce it. I made a video of how I tested it. Can you see if you're testing it differently? https://youtu.be/RR6SRcakIxg

[chrissonntag]

Like I said, I tested it with the version on commit 8233513. However it seems that the error had been fixed in the meantime (tested version v4.0.1). That's why I'm closing this issue. Thanks for your effort!

[chrissonntag]

Dear Ruby, I've tested it by checking out commit 8233513 and can confirm that downloads are now being initialized. But for some reason the file name of the respective file (to be downloaded) gets cut completeley and only the file extension remains. So i.e. if I try to download a file called Dummy.pdf it'll be sent to the browser as just "pdf". I've tested Chrome, Brave and Vivaldi. Hopefully this gets resolved also until the next release. But overall I must say, thanks for the quick response and great implementation. I like the way method CheckPermissions::checkBackendUserFileAccess has been coded. Clean and precise! Best Chris

[FamousWolf]

I think that was caused due to a bug fixed in 7eab76c. It's been merged today. Can you test it in the current master?

[chrissonntag]

@FamousWolf I can confirm that your bug fix has solved the mentioned download problem. Filenames are being provided properly now.