I only want some of my users have the ability to import local files when enabling mass import. I added a new permissions type called "acidfree local import", then updated the code (See below) around local import portion of the mass import form. Do you think this will accomplish what I'm looking for? Do you know if I need to add any security checks anywhere else? Would you be willing to add this option to the next release of acidfree?

Thanks!

if (user_access('acidfree local import')):
$form['import'] = array(
        '#type' => 'fieldset',
        '#title' => t('Import local files'),
        '#collapsible' => true,
        '#collapsed' => true,
    );
$form['import']['serverpath'] = array(
        '#type' => 'textfield',
        '#title' => t('Path on server'), 
        '#description' => t('This must be the full path to a directory on the server that is readable.'),
    );
$form['import']['recursive'] = array(
        '#type' => 'checkbox',
        '#title' => t('Include subdirectories'),
        '#default_value' => 1,
    );
$form['import']['import'] = array(
        '#type' => 'submit',
        '#value' => t('Import'),
    );
endif;

Comments

mwheinz’s picture

Status: Active » Closed (fixed)

Not sure when this was implemented, but it appears to be in the 5.x tree now.