delete_media() function in global.php needs to perform a user permission check to decide whether user is allowed to remove that mediaID

Bug #327919 reported by Ken McLean on 2009-02-11
2
Affects Status Importance Assigned to Milestone
Retromod
Status tracked in 0.2.0
0.2.0
Medium
Chris Hodgen

Bug Description

delete_media() function in global.php needs to perform a user permission check to decide whether user is allowed to remove that mediaID. This is for deletion from within another module to which the media was created. So it should query group permissions and decide whether the login has access to that module/component, depending on the storage method outlined in the media path.

Additionally, the function should query the ModuleParameter table and decide whether a component is going to give other components access to delete their media. This would require a system standard mediaSharing parameter.

Ken McLean (kenmclean) on 2009-02-11
Changed in retromod:
assignee: nobody → kenmclean
importance: Undecided → Medium
status: New → Confirmed
Ken McLean (kenmclean) on 2009-07-02
Changed in retromod:
assignee: Ken McLean (kenmclean) → Chris Hodgen (bivhitscar)
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers