Navigation Menu

Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Users can see upload destinations they don't have access to and get an inaccurate error when uploading #1651

Closed
murtaugh opened this issue Dec 13, 2021 · 2 comments · Fixed by #2344
Closed

Users can see upload destinations they don't have access to and get an inaccurate error when uploading #1651

murtaugh opened this issue Dec 13, 2021 · 2 comments · Fixed by #2344
Labels
Bug: Accepted Bug has been confirmed, is reproducible, and ready to work on.

Comments

@murtaugh
Copy link
Contributor

I have an upload destination only admins can upload to. When a non-admin uses a field that allows uploads to any destination, they can see the forbidden destination in the dropdown within the dropzone. (The dropdown associated with the "upload new" button correctly hides it.)

When they try to upload a file to the forbidden destination, they get the following message:

Unexpected error. Check your post_max_size setting in your PHP configuration.
@murtaugh murtaugh changed the title Users can see upload destinations they don't have access to and get an incorrect error when uploading Users can see upload destinations they don't have access to and get an inaccurate error when uploading Dec 13, 2021
@murtaugh
Copy link
Contributor Author

murtaugh commented Dec 13, 2021
edited

I'm doing some more poking around, and when a field only has one destination, and the field's destination shouldn't allow my member role to upload, the dropzone shows the same behavior as above (without the drop down).

The "Upload New" button gives the awkward but helpful You are not authorized to access this page message.

@intoeetive
Copy link
Contributor

I have been able to replicate the issue.

The users are not able to upload to the destination they don't have access to - however I agree that the the non-allowed destinations should not be shown, or at least should be greyed out.

Also You are not authorized to access this page is not entirely correct, something like You are not authorized to access this upload destination should be more helpful

@intoeetive intoeetive added the Bug: Accepted Bug has been confirmed, is reproducible, and ready to work on. label Jan 14, 2022
intoeetive added a commit that referenced this issue Sep 1, 2022
@intoeetive
Resolved #1651 where dropdowns in File field were showing the directo…
b98650a 
…ries that member was not allowed to access
@intoeetive intoeetive mentioned this issue Sep 1, 2022
Merged
intoeetive added a commit that referenced this issue Sep 9, 2022
@intoeetive
Resolved #1651 where dropdowns in File field were showing the directo…
7ae2033 
…ries that member was not allowed to access
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug: Accepted Bug has been confirmed, is reproducible, and ready to work on.
Projects
None yet
Milestone
No milestone
2 participants
@murtaugh @intoeetive