You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, these permissions are only enforced for folders in AssetAdmin, not for files in the popup.
Enforce this in the form display on FileIframeField and ImageField, e.g. by removing the "delete" button.
Also check the permissions before executing save() or delete() on the fields.
One problem is that File->canEdit() currently checks for CMS_ACCESS_AssetAdmin permissions, making the field unuseable for website users without CMS access. We might want to add a strict check for a new FILE_EDIT permission, that kicks in if defined, but falls back to CMS_ACCESS_AssetAdmin otherwise.
The text was updated successfully, but these errors were encountered:
created by: @chillu (ischommer)
assigned to: @chillu (ischommer)
created at: 2009-05-18
original ticket: http://open.silverstripe.org/ticket/4084
Currently, these permissions are only enforced for folders in AssetAdmin, not for files in the popup.
Enforce this in the form display on FileIframeField and ImageField, e.g. by removing the "delete" button.
Also check the permissions before executing save() or delete() on the fields.
One problem is that File->canEdit() currently checks for CMS_ACCESS_AssetAdmin permissions, making the field unuseable for website users without CMS access. We might want to add a strict check for a new FILE_EDIT permission, that kicks in if defined, but falls back to CMS_ACCESS_AssetAdmin otherwise.
The text was updated successfully, but these errors were encountered: