delete_media() function in global.php needs to perform a user permission check to decide whether user is allowed to remove that mediaID
Bug #327919 reported by
Ken McLean
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Retromod | Status tracked in 0.2.0 | |||||
0.2.0 |
Confirmed
|
Medium
|
Chris Hodgen |
Bug Description
delete_media() function in global.php needs to perform a user permission check to decide whether user is allowed to remove that mediaID. This is for deletion from within another module to which the media was created. So it should query group permissions and decide whether the login has access to that module/component, depending on the storage method outlined in the media path.
Additionally, the function should query the ModuleParameter table and decide whether a component is going to give other components access to delete their media. This would require a system standard mediaSharing parameter.
Changed in retromod: | |
assignee: | nobody → kenmclean |
importance: | Undecided → Medium |
status: | New → Confirmed |
Changed in retromod: | |
assignee: | Ken McLean (kenmclean) → Chris Hodgen (bivhitscar) |
To post a comment you must log in.