More permissions control

[edudele]

If you removed all capabilities, you can still create folder.
It is a permit that is not contemplated.

If all capabilities are considered. All permissions should be set:

if(!$this->hasPermission('addfolder')) { $this->error(sprintf($this->lang('NOT_ALLOWED'))); }
protected $actions_list = ["select", "upload", "download", "rename", "copy", "move", "replace", "delete", "edit", "addfolder"];

Thanks

[psolom]

Thanks for reporting. According to the #111 it's planned to remove $actions_list completely due to security reasons. There will only two modes at the server-side: "read" and "write". If you have write permission you will be able to create folders, otherwise not.

[edudele]

It is much easier to have a writing profile and a reading profile to avoid all these problems. Thank you

[psolom]

New backend security model is released in v2.4.0. The $actions_list is completely removed, you have to use readOnly server-side configuration option: https://github.com/servocoder/RichFilemanager-PHP#entry-point-setup