aC forum: User unable to delete uploaded files

Post #8 by ianpiper

ianpiper — Tue, 19 Jun 2007 13:15:19 UTC

That makes good sense. I will update the class file.

Thanks,

Ian.
--

Post #7 by Ilija Studen

Ilija Studen — Sat, 16 Jun 2007 09:33:22 UTC

No. It means that if user is NOT project user he will not have delete permissions.

If you change final return false; to return true; any user that is member of that project will be able to delete files. That is too lax IMO. Change the function to something like this:

/**
* Check if specific user can delete this comment
*
* @access public
* @param User $user
* @return boolean
*/
function canDelete(User $user) {
  if(!$user->isProjectUser($this->getProject())) {
    return false;
  } // if
  if($user->isAdministrator()) {
    return true;
  } // if
  if($this->getCreatedById() == $user->getId()) {
    return true;
  }
  return false;
} // canDelete

This way person who uploaded the file will be able to delete is as well.

Post #6 by ianpiper

ianpiper — Sat, 16 Jun 2007 09:23:26 UTC

Excellent, thanks. If I read this code correctly then any project user (isProjectUser is true) would be able to delete files - does that override any permissions that I explicitly set in the permissions window for a user?

(I am assuming that I need just to change the final "return false" in the function to "return true")

Ian.
--

Post #5 by Ilija Studen

Ilija Studen — Sat, 16 Jun 2007 07:33:31 UTC

No, it is related with the file (docblock is not correct, most probably I just copied permissions methods from comment class and altered them without changing documentation messages).

Post #4 by ianpiper

ianpiper — Fri, 15 Jun 2007 22:47:40 UTC

I just looked at the code. From the comment above the code it seems to be refering to comments rather than files.

/**
* Check if specific user can delete this comment
*
* @access public
* @param User $user
* @return boolean
*/
function canDelete(User $user) {
if(!$user->isProjectUser($this->getProject())) {
return false;
} // if
if($user->isAdministrator()) {
return true;
} // if
return false;
} // canDelete

Am I looking in the right place?

Ian.
--

Post #3 by ianpiper

ianpiper — Fri, 15 Jun 2007 22:40:47 UTC

Thanks, that answers my question. I will take a look at the code and see whether hacking it is something I can cope with :-)

Ian.
--

Post #2 by Ilija Studen

Ilija Studen — Fri, 15 Jun 2007 18:01:09 UTC

Only administrators can delete files (don't ask me why, from some reason it seamed like a good idea back than :) ).

To change that behavior you'll need to hack ProjectFile class and alter canDelete() function (somewhere around line 488). ProjectFile class is defined in:

/application/models/project_files/ProjectFile.class.php

Post #1 by ianpiper

ianpiper — Fri, 15 Jun 2007 17:24:55 UTC

Hi,

I have come across a problem today and would appreciate some advice. I have a user who belongs to a client and I have given him "All" permissions to a particular project. I thought that having all permissions would mean that he would see the "Delete" link when he looks at a file listing. However he does not, and hence is unable to delete files that he has uploaded.

I have not previously seen this because I use the service as admin and to be honest no-one else has ever wanted to delete a file before!

So, can anyone enlighten me?

Thanks,

Ian.
--