Capabilities - move not set but still possible

[npirlot]

In raising this issue, I confirm the following (please check boxes):

• [x] I have read and understood the Wiki. Especially deploy and configuration articles.
• [x] I have checked that the bug I am reporting can be replicated, or that the feature I am suggesting isn't already present.
• [x] I have checked the pull requests tab for existing solutions/implementations to my issue/suggestion.
• [x] I realise that server-side connectors are provided by various contributors. The implementations are vary due to programming language features/limitations or other factors. Thus a particular connector may not implement, or partially implement, the API features.
• [x] I realise that any changes in configuration options and/or plugin parameters affect the plugin behavior. I specified all the differences from defaults in details.

I use the following server-side connector (check one):

• [x] PHP connector by servocoder
• [ ] Java connector by fabriceci
• [ ] Python3 Flask connector by jsooter
• [ ] Python3 Flask connector by stevelittlefish
• [ ] NodeJs connector by jlaustill and forestlake
• [ ] ASP.NET Core connector by sinanbozkus
• [ ] ASHX connector by richeflits
• [ ] Other (specified below)

My familiarity with the project is as follows (check one):

• [ ] I have never used the project.
• [ ] I have used the project briefly.
• [x] I have used the project extensively, but have not contributed previously.
• [ ] I am an active contributor to the project.

---

In the config.json, I provide the desired capabilities, having removed "move" from them, but it is still possible in the filemanager to drag folders and files, in both the tree panel and the files panel, and in effect move them.

Should this not be disabled / impossible if "move" is not in the capabilities in the json config?

Here is a snapshot of the options returned in browser by my json config file:

Thanks

[npirlot]

PS: in the meantime, I've set the permission function fm_has_write_permission() in PHP connector to return false on $_GET['mode'] == "move", which does not allow the move, but the user experience is not great as they can still drag and drop folders/files.

[tharris9d]

We are having the exact same issue with capabilities set either on the server side in.Net Core filemanagercontroller.cs or on the client side using filemanager.config.json We removed 'move', 'copy' and 'rename' but users can drag files and folders all over the place. We have over 30 set folders that shouldn't be changed. Please advise. Any drag-drop quick fixes in the RichFilemanager code that we can change?

[tharris9d]

Here is my emergency fix in filemanager.js. Still testing to see if there are any unknown issues. Checking with hasCapability. If move is in the list then use drag drop else no drag drop at all. if (hasCapability('move')) {

    ko.bindingHandlers.draggableView = {
      init: function (element, valueAccessor, allBindingsAccessor) {
        fmModel.ddModel.makeDraggable(valueAccessor(), element);
      }
    };

    ko.bindingHandlers.droppableView = {
      init: function (element, valueAccessor, allBindingsAccessor) {
        fmModel.ddModel.makeDroppable(valueAccessor(), element);
      }
    };

    ko.bindingHandlers.draggableTree = {
      init: function (element, valueAccessor, allBindingsAccessor) {
        fmModel.ddModel.makeDraggable(valueAccessor(), element);
      }
    };

    ko.bindingHandlers.droppableTree = {
      init: function (element, valueAccessor, allBindingsAccessor) {
        fmModel.ddModel.makeDroppable(valueAccessor(), element);
      }
    };
  }
  //////////// Hide if capability does not have move
  $wrapper.mousewheel(function (e) {
    if (!fmModel.ddModel.dragHelper) {
      return true;
    }