I have a user that has the role "authenticated user". I have filedepot configured such that the default role permission for authenticated user is:

authenticated user:view

I created a folder that specifies that the particular user may only view. All the upload and admin permissions are set to "no". There are no role access records on this directory.

When I browse to that folder, and view a file in it, the "Action" column displays both the "Download" icon and the "Edit" icon.

When I click on the file, The "Download" pane is enabled, but the "Edit" pane is disabled. This seems to be the correct behavior.

I think the "Edit" icon should not be displayed, because bad things happen when I click on it:
-- It locks the file which I cannot unlock.
-- It gives me a file to "edit" which I cannot resubmit, because I have no upload privs.

I'm running Drupal 6.12 on openSuSE 11.2 i586.

Comments

BenK’s picture

Subscribing...

blainelang’s picture

Assigned: Unassigned » blainelang
Status: Active » Needs review
StatusFileSize
new623 bytes

I was able to test and verify this issue. Attached is a patch to file lib-theme.php.

If user does not have 'upload direct' or 'moderated upload' permission to a folder then they will not get the 'download for editing' action icon in the filelisting view.

Can someone verify the fix before I commit it to CVS.

Thanks!

ldav1s’s picture

I can't apply the patch to try it out, otherwise I would. I only have 'patch' to apply patches and not what generated this patch.

blainelang’s picture

StatusFileSize
new709 bytes

Sorry about that -- The Windows compare tool that I'm using had another option which I think will be in a compatible format. Attached is the updated patch.

Thanks!

ldav1s’s picture

The patch applied alright. I tried it with a folder where the user had the original permissions as well as with folders with 'moderated upload' and 'upload direct' bits set. From what I observed, it does what you described in comment #2. Thanks for your prompt fix!

blainelang’s picture

Status: Needs review » Fixed

Committed fix to CVS

ldav1s’s picture

Fixed in 1.0-rc3.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

  • Commit a7fc5e7 on master, 8.x-1.x by blainelang:
    Fix for issue #791058 -- don't show the download for edit link if user...