From 2fdd9a3b13c66f6f9a8a4ba349ec225325fa0558 Mon Sep 17 00:00:00 2001 From: Sam Minnee Date: Fri, 11 Jan 2013 16:51:52 +1300 Subject: [PATCH] FIX: Allow images attached to UploadFields to be unlinked without File::canEdit() or File::canDelete() permission. Although editing meta-data or deleting permanently would require File editing/deleting permissions, merely linking to a record does not. This change is important for allowing front-end use of UploadField; or, more importantly, use of UploadFile by people without CMS rights. --- forms/UploadField.php | 1 - templates/Includes/UploadField_FileButtons.ss | 5 ++--- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/forms/UploadField.php b/forms/UploadField.php index 82588ca33..40523ca26 100644 --- a/forms/UploadField.php +++ b/forms/UploadField.php @@ -867,7 +867,6 @@ class UploadField_ItemHandler extends RequestHandler { // Check item permissions $item = $this->getItem(); if(!$item) return $this->httpError(404); - if(!$item->canEdit()) return $this->httpError(403); // Only allow actions on files in the managed relation (if one exists) $items = $this->parent->getItems(); diff --git a/templates/Includes/UploadField_FileButtons.ss b/templates/Includes/UploadField_FileButtons.ss index 1f0f6242c..6fbb0e185 100644 --- a/templates/Includes/UploadField_FileButtons.ss +++ b/templates/Includes/UploadField_FileButtons.ss @@ -4,13 +4,12 @@ - - <% if UploadFieldHasRelation %> +<% end_if %> +<% if UploadFieldHasRelation %> <% end_if %> -<% end_if %> <% if canDelete %> <% end_if %>