Closed (fixed)
Project:
Node Images
Version:
6.x-2.x-dev
Component:
Code
Priority:
Normal
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
6 Sep 2008 at 17:47 UTC
Updated:
22 Sep 2008 at 09:21 UTC
Thanks for an excellent module - the way it handles images is really neat.
I've noticed what looks like a bug in the permissions. A user with "delete any node image" permission can not delete images which were added by someone else. I think it's a simple typo in function _node_images_access. Here's my suggested fix - hope it's useful.
/**
* Check access to add, edit or delete node images.
*/
function _node_images_access($op, $node, $file = NULL) {
global $user;
$type = node_get_types('type', $node);
if (!isset($type->type)) return FALSE;
$type = strtolower($type->type);
if ($op == 'create') {
return (user_access('add node images to any '. $type .' content') || (user_access('add node images to own '. $type .' content') && ($user->uid == $node->uid)));
}
if ($op == 'update') {
// changed "node_image" to "node image"
return (user_access('edit any node image') || (user_access('edit own node images') && ($user->uid == $file->uid)));
}
if ($op == 'delete') {
// changed "node_image" to "node image"
return (user_access('delete any node image') || (user_access('delete own node images') && ($user->uid == $file->uid)));
}
return FALSE;
}
Comments
Comment #1
stefano73 commentedFixed in the latest CVS version of node_images.module (rev. 1.11.2.9). Thanks.
Comment #2
Anonymous (not verified) commentedAutomatically closed -- issue fixed for two weeks with no activity.