Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.Hi,
it would be also usefull to have an extra permission to 'delete attached images'. Actually any user that can create images (ie: authenticated users) can also delete all previously attached ones.
Thanks
| Comment | File | Size | Author |
|---|---|---|---|
| #5 | node_images_3.patch | 7.38 KB | stefano73 |
| #4 | node_images_2.patch | 3.43 KB | stefano73 |
| #3 | node_images_0.patch | 2.4 KB | stefano73 |
Comments
Comment #1
stefano73 commentedActually I can't figure out why a user who can upload images should not be allowed to delete those images. What if a user uploads a wrong image? He wouldn't be able to delete it.
I think that a user who can update a node should have no restriction on the images uploaded for that node. If you take a look at the permissions in upload.module, you'll see "upload files" and not "delete uploaded files".
Comment #2
marcoBauli commentedpersonally i think a 'delete images' permission is usefull to prevent dull hackers or unfair competitors to ruin a site by deleting it's pictures, as well as to prevent users from deleting them accidentally (both are 2 situations that unfortunately are very likely to happen)
good point.. admins or moderators can delete it, or even better maybe there could be a third 'delete own images' permission ;P ?
Comment #3
stefano73 commentedI disabled the "delete" checkboxes for users who don't have the permission to delete the node (when user_acess("delete", $node) is FALSE). This way users who are not allowed to delete nodes won't be allowed to delete node images as well.
Comment #4
stefano73 commentedI made a mistake, sorry. The correct function to test node access is node_access(), not user_access().
Updated patch attached.
Comment #5
stefano73 commentedNew patch attached.
Comment #6
stefano73 commentedCommitted to CVS.