Fix: How to disable file deletion for non-admin users.

45 views
Skip to first unread message

andrew...@gmail.com

unread,
May 15, 2013, 1:36:42 PM5/15/13
to moll...@googlegroups.com
I wanted my users to be able to upload files, but not to delete the files (both theirs and others).

Edits in FilesystemController.class.php
Line 416 and beyond edited to the following function:

        public function delete($item) {
            Logging::logDebug('deleting ['.$item->id().']');
           
            //next line was added on 5.7.2013 to prevent non admins from deleting user files.
            if (!$this->env->authentication()->isAdmin()) return;
           
            if (!$item->isFile()) $this->env->features()->assertFeature("folder_actions");
            $this->assertRights($item, Authentication::RIGHTS_WRITE, "delete");
           
            $item->delete();
           
            if ($this->env->features()->isFeatureEnabled("descriptions"))
                $this->env->configuration()->removeItemDescription($item);
           
            $this->env->configuration()->removeItemPermissions($item);
           
            $this->env->events()->onEvent(FileEvent::delete($item));
            $this->idProvider->delete($item);
        }

Samuli Järvelä

unread,
May 17, 2013, 2:24:57 AM5/17/13
to moll...@googlegroups.com
Yes, this will do the job. But I'll have to create some mechanism for setting individual rights for users, simple read or write won't be enough when there are lots of plugins and their actions as well. After 2.0 I suppose.



--
You received this message because you are subscribed to the Google Groups "Mollify" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mollified+...@googlegroups.com.
To post to this group, send email to moll...@googlegroups.com.
Visit this group at http://groups.google.com/group/mollified?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

Reply all
Reply to author
Forward
0 new messages