Currently, image module only has edit permissions but not delete permissions. There might be instances where user would be give delete permissions but not edit permission and vice versa. The 'edit images' permissions should also be 'edit any image', following core's node module.

Here's a patch to standardize the permissions - delete any image, delete own images, edit any image, edit own images. Also used switch statements in hook_access() as what core modules are using. I have also added a update script to change existing 'edit images' permissions to 'edit any image' and 'delete any image'.

CommentFileSizeAuthor
image-edit-delete-permissions.patch2.27 KBedmund.kwok

Comments

sun’s picture

Cool patch!

+++ sites/all/modules/contrib/image/image.install	2009-08-06 06:04:12 +0000
@@ -334,3 +334,18 @@ function image_update_6102() {
+  $result = db_query("SELECT rid, perm FROM {permission} WHERE perm LIKE '%edit image%'");

"%" needs to be escaped, i.e. "%%".

+++ sites/all/modules/contrib/image/image.install	2009-08-06 06:04:12 +0000
@@ -334,3 +334,18 @@ function image_update_6102() {
+    $perm = str_replace('edit image', 'edit any image', $data->perm);
+    $perm = explode(', ', $perm);
+    $perm[] = 'delete any image';
+    $perm[] = 'edit any image';
+    $ret[] = update_sql("UPDATE {permission} SET perm = '" . implode(', ', $perm) . "' WHERE rid = " . $data->rid);

Needle and replacement value should both the wrapped by commas, i.e. ",edit images," (also note the plural).

In the replacement value, we can simply add "delete any image," and thereby kill the following three lines as well as the implode().

+++ sites/all/modules/contrib/image/image.module	2009-08-06 06:02:58 +0000
@@ -81,24 +81,20 @@ function image_node_info() {
-  return array('create images', 'view original images', 'edit own images', 'edit images');
+  return array('create images', 'delete any image', 'delete own images', 'edit any image', 'edit own images', 'view original images');

Can we re-order those to view, create, edit, delete?

+++ sites/all/modules/contrib/image/image.module	2009-08-06 06:02:58 +0000
@@ -81,24 +81,20 @@ function image_node_info() {
+    case 'update':
+      return user_access('edit any image', $account) || (user_access('edit own images', $account) && ($account->uid == $node->uid)) ? TRUE : NULL;
+    case 'delete':
+      return user_access('delete any image', $account) || (user_access('delete own images', $account) && ($account->uid == $node->uid)) ? TRUE : NULL;

The test for $node->uid should come before the corresponding user_access() check to potentially safe some cycles.

This review is powered by Dreditor.

sun’s picture

Status: Needs review » Closed (duplicate)

Can we merge this patch into #44057: Use core-style content permissions, please?