diff --git a/_config/uploadfield.yml b/_config/uploadfield.yml
index 6227f3e50..4639af322 100644
--- a/_config/uploadfield.yml
+++ b/_config/uploadfield.yml
@@ -5,6 +5,7 @@ UploadField:
autoUpload: true
allowedMaxFileNumber:
canUpload: true
+ canAttachExisting: 'CMS_ACCESS_AssetAdmin'
previewMaxWidth: 80
previewMaxHeight: 60
uploadTemplateName: 'ss-uploadfield-uploadtemplate'
diff --git a/forms/UploadField.php b/forms/UploadField.php
index 40523ca26..a72bc3883 100644
--- a/forms/UploadField.php
+++ b/forms/UploadField.php
@@ -89,6 +89,10 @@ class UploadField extends FileField {
*/
'canUpload' => true,
/**
+ * @var boolean|string Can the user attach files from the assets archive on the site?
+ * String values are interpreted as permission codes.
+ */
+ 'canAttachExisting' => "CMS_ACCESS_AssetAdmin",
* @var int
*/
'previewMaxWidth' => 80,
@@ -553,6 +557,7 @@ class UploadField extends FileField {
public function attach($request) {
if(!$request->isPOST()) return $this->httpError(403);
if(!$this->managesRelation()) return $this->httpError(403);
+ if(!$this->canAttachExisting()) return $this->httpError(403);
$return = array();
@@ -646,6 +651,11 @@ class UploadField extends FileField {
return (is_bool($can)) ? $can : Permission::check($can);
}
+ public function canAttachExisting() {
+ $can = $this->getConfig('canAttachExisting');
+ return (is_bool($can)) ? $can : Permission::check($can);
+ }
+
}
/**
diff --git a/templates/UploadField.ss b/templates/UploadField.ss
index 3481472f9..d3b8a817a 100644
--- a/templates/UploadField.ss
+++ b/templates/UploadField.ss
@@ -59,7 +59,10 @@
<% else %>
multiple="multiple"<% end_if %> />
<% end_if %>
+
+ <% if canAttachExisting %>
+ <% end_if %>
<% if not $autoUpload %>
<% end_if %>
diff --git a/tests/forms/uploadfield/UploadFieldTest.php b/tests/forms/uploadfield/UploadFieldTest.php
index 8831e6206..e1d7cacdb 100644
--- a/tests/forms/uploadfield/UploadFieldTest.php
+++ b/tests/forms/uploadfield/UploadFieldTest.php
@@ -512,6 +512,22 @@ class UploadFieldTest extends FunctionalTest {
$this->assertTrue($field->canUpload());
}
+ public function testCanAttachExisting() {
+ $this->loginWithPermission('ADMIN');
+ $response = $this->get('UploadFieldTest_Controller');
+ $this->assertFalse($response->isError());
+
+ $parser = new CSSContentParser($response->getBody());
+ $this->assertTrue(
+ (bool)$parser->getBySelector('#CanAttachExistingFalseField .ss-uploadfield-fromcomputer-fileinput'),
+ 'Keeps input file control'
+ );
+ $this->assertFalse(
+ (bool)$parser->getBySelector('#CanAttachExistingFalseField .ss-uploadfield-fromfiles'),
+ 'Removes "From files" button'
+ );
+ }
+
public function testIsSaveable() {
$form = $this->getMockForm();
@@ -815,6 +831,10 @@ class UploadFieldTest_Controller extends Controller implements TestOnly {
$fieldCanUploadFalse->setConfig('canUpload', false);
$fieldCanUploadFalse->setRecord($record);
+ $fieldCanAttachExisting = new UploadField('CanAttachExistingFalseField');
+ $fieldCanAttachExisting->setConfig('canAttachExisting', false);
+ $fieldCanAttachExisting->setRecord($record);
+
$form = new Form(
$this,
'Form',
@@ -830,7 +850,8 @@ class UploadFieldTest_Controller extends Controller implements TestOnly {
$fieldReadonly,
$fieldDisabled,
$fieldSubfolder,
- $fieldCanUploadFalse
+ $fieldCanUploadFalse,
+ $fieldCanAttachExisting
),
new FieldList(
new FormAction('submit')
@@ -847,7 +868,8 @@ class UploadFieldTest_Controller extends Controller implements TestOnly {
'ReadonlyField',
'DisabledField',
'SubfolderField',
- 'CanUploadFalseField'
+ 'CanUploadFalseField',
+ 'CanAttachExistingField'
)
);
return $form;