Closed (works as designed)
Project:
Web File Manager
Version:
6.x-2.10-rc4
Component:
Code
Priority:
Normal
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
24 May 2009 at 04:23 UTC
Updated:
21 Jul 2009 at 18:46 UTC
Hi guys,
Just noticed a weird thing today. The WebFM File Attachments collapsible fieldset are available to users that don't have any upload permission at all (they don't have the upload dialog tho, only the tree listing). When they try to attach the file listed in the tree, they will get an "invalid permission" error. So I dont see any points of it being there.
Users with just "access webfm" are able to see it, nothing else is set for them.
Is this a kind of feature or is it a bug? Have anyone experienced it already?
Please let me know.
Thanks
P/S: I attached a picture showing anon user see the WebFM File attachments fieldset with "access webfm" permission only
Comments
Comment #1
6174604 commentedOk, I think i found the bit of code that cause this:
if(($user->uid == 1) || user_access('administer webfm') || user_access('access webfm'))
$access = TRUE;
else
$access = FALSE;
if ($form_id == 'node_type_form' && $access) {
$form['workflow']['webfm_attach'] = array(
'#type' => 'radios',
'#title' => t('WebFM Attachments'),
'#default_value' => variable_get('webfm_attach_'.$form['#node_type']->type, 0),
'#options' => array(0 => t('Disabled'), 1 => t('Enabled')),
'#description' => t('Should this content type allow upload & file attachment via WebFM?'),
);
}
On the first line, why should 'access webfm' permitted user see the WebFM Attachments fieldset tho? Shouldn't it be 'webfm upload' instead? Or a combination && of both...
Comment #2
robmilne commentedUsers with 'webfm access' can attach files to nodes regardless if they have upload rights or not. Your version of the module might behave differently because it looks like it has been hacked - the context menu is not standard.