This is an issue to follow up on the good point that micbar brought up in #1227706: Add a file entity access API.

micbar

In version 7.x-2.0-unstable4 the file_delete function has been replaced with the api function file_delete_multiple, which avoids unwanted validation and usage checking.
If a user has the permission to delete files, we cannot restrain him from deleting files used in nodes. He only gets a notice "(in use)" from the delete confirm form.

Couldn't we add another permission, e.g. "delete files in use" and check file_usage_list if a user doesn't have this permission?

Comments

Dave Reid’s picture

Dave Reid
he/him
Primary language English
Location Nebraska USA
CreditAttribution: Dave Reid commented

I don't really think this makes sense?

Steven Jones’s picture

Steven Jones CreditAttribution: Steven Jones at ComputerMinds commented
Issue summary: View changes

I don't really think this makes sense?

Which bit doesn't make sense?

joseph.olstad’s picture

joseph.olstad
Primary language French
CreditAttribution: joseph.olstad commented
Related issues: +#2629120: After entity was removed the file should be removed too

Patch?

this seems to be related: