Needs work
Project:
File import
Version:
6.x-1.0-beta3
Component:
Code
Priority:
Critical
Category:
Bug report
Assigned:
Reporter:
Created:
13 Jul 2009 at 09:51 UTC
Updated:
5 Oct 2009 at 03:59 UTC
Jump to comment: Most recent file
Any user (no matter what permissions is set for him) can import file for node from "import" tab on node page.
| Comment | File | Size | Author |
|---|---|---|---|
| #2 | user_access_d6.patch | 353 bytes | liberatr |
Comments
Comment #1
ShutterFreak commentedI changed the issue title as the problem is more fundamental: the module currently does not check for the user permissions defined in
hook_perm().The problem is that the module currently never checks the 'import files' user permission defined in
file_import_perm().I manually added the check to remove this option for
node/%nid/file_importURLs as follows:Similar edits (adding
&& user_access('import files')) should happen throughout the code.Hope this helps!
Olivier
Comment #2
liberatrsiteograf and Olivier,
Submitting a patch speeds up the entire process. If you've got a spare minute, save neochief a few minutes and roll a patch.
The only place I saw this issue (at first) was during the check whether to display a tab on the node page or not. On our site the tab was showing up for anonymous users. Apparently, you have seen it in other places?