Can't delete
Steve Lockwood - September 6, 2008 - 17:47
| Project: | Node Images |
| Version: | 6.x-2.x-dev |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | closed |
Jump to:
Description
Thanks for an excellent module - the way it handles images is really neat.
I've noticed what looks like a bug in the permissions. A user with "delete any node image" permission can not delete images which were added by someone else. I think it's a simple typo in function _node_images_access. Here's my suggested fix - hope it's useful.
/**
* Check access to add, edit or delete node images.
*/
function _node_images_access($op, $node, $file = NULL) {
global $user;
$type = node_get_types('type', $node);
if (!isset($type->type)) return FALSE;
$type = strtolower($type->type);
if ($op == 'create') {
return (user_access('add node images to any '. $type .' content') || (user_access('add node images to own '. $type .' content') && ($user->uid == $node->uid)));
}
if ($op == 'update') {
// changed "node_image" to "node image"
return (user_access('edit any node image') || (user_access('edit own node images') && ($user->uid == $file->uid)));
}
if ($op == 'delete') {
// changed "node_image" to "node image"
return (user_access('delete any node image') || (user_access('delete own node images') && ($user->uid == $file->uid)));
}
return FALSE;
}
#1
Fixed in the latest CVS version of node_images.module (rev. 1.11.2.9). Thanks.
#2
Automatically closed -- issue fixed for two weeks with no activity.