I had a look in the code after reading "the other issue" and found a couple of "should be" issues.
The Upload and Create New Folder should be separated (new ACL Value -> Create Folder)
The Edit screen should be protected with ACL, at least the Toolbar (new ACL Value -> Edit)
The Javascript Buttons should be disabled according to ACL settings for Edit. i.e. no image edit, no file- /foldername change, (no download??)
The image is from the Modal in frontend article edit with Delete disabled with ACL.
Labels |
Added:
?
|
Labels |
Added:
J4 Issue
|
Status | New | ⇒ | Discussion |
My suggestion was not that fine graded but in principle yes.
e.g. a certain user group should be able to upload an image (=create) but not create folders, edit any image/folder or delete anything. Specifically in the frontend modal Select Image. An Edit Own is of course not possible on file level.
I think it needs to be that fine grained to achieve what you want
Fine grained not really needed but logically better not to mix items with folders at all.
What about Download? I guess it should be allowed as it's more or less impossible to hide images from the public anyway. I'll add some more about this in another proposal .
As I have no clue about the Javascript used by the Media Manager, I'm not able to make a PR. If the Javascript buttons can't be disabled or hidden anyway, I could probably fix the PHP part.
Labels |
Added:
?
|
Status | Discussion | ⇒ | Closed |
Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2020-12-18 10:28:21 |
Closed_By | ⇒ | rdeutz |
Create Folder
Delete Folder
Edit Folder
Create Image
Delete Image
Edit Image
Is that the list of permissions you are suggesting