FIX: Allow images attached to UploadFields to be unlinked without File::canEdit() or File::canDelete() permission.

Although editing meta-data or deleting permanently would require File editing/deleting permissions, merely linking to a record does not.  This change is important for allowing front-end use of UploadField; or, more importantly, use of UploadFile by people without CMS rights.

forms/UploadField.php

@@ -867,7 +867,6 @@ class UploadField_ItemHandler extends RequestHandler {
 		// Check item permissions
 		$item = $this->getItem();
 		if(!$item) return $this->httpError(404);
-		if(!$item->canEdit()) return $this->httpError(403);
 
 		// Only allow actions on files in the managed relation (if one exists)
 		$items = $this->parent->getItems();

templates/Includes/UploadField_FileButtons.ss

@@ -4,13 +4,12 @@
 	<span class="toggle-details">
 		<span class="toggle-details-icon"></span>
 	</span>
-
 	</button>
-	<% if UploadFieldHasRelation %>
+<% end_if %>
+<% if UploadFieldHasRelation %>
 	<button data-href="$UploadFieldRemoveLink" class="ss-uploadfield-item-remove ss-ui-button ui-corner-all" title="<% _t('UploadField.REMOVEINFO', 'Remove this file from here, but do not delete it from the file store') %>" data-icon="plug-disconnect-prohibition">
 	<% _t('UploadField.REMOVE', 'Remove') %></button>
 <% end_if %>
-<% end_if %>
 <% if canDelete %>
 	<button data-href="$UploadFieldDeleteLink" class="ss-uploadfield-item-delete ss-ui-button ui-corner-all" title="<% _t('UploadField.DELETEINFO', 'Permanently delete this file from the file store') %>" data-icon="minus-circle"><% _t('UploadField.DELETE', 'Delete from files') %></button>
 <% end_if %>