Blog Documentation Book a Demo
Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Only admin logon can delete attachments

scott38301scott38301
edited February 2011 in Vanilla 2.0 - 2.8
We have our vanilla site running with the default admin user are well as two other users with admin permissions.
They can create a "discussion" -- which in our case is a lesson plan. They can add attachments to the discussion but cannot delete them. Only the admin logon can delete attachments. The users can, however, remove the discussion.

Permissions are set at 777 for the upload folder and all subfolders and files.

Any thoughts here folks?
Tagged:

Comments

  • UnderDogUnderDog MVP
    edited February 2011
    They can add attachments to the discussion but cannot delete them.
    @scott38301 Please explain what happens when they try to delete an attachment. Do they get an error message? Is a button missing?

    There was an error rendering this rich post.

  • scott38301scott38301
    Button is there.
    Receiving a popup message that states {"Code":401,"Exception":"You don't have permission to do that."}
    This is true for every user (even those with admin priv's) except the admin user itself.
    As stated the upload directory is set at 777 for permissions...
    Thanks.
  • tester13tester13
    777 seems like too much, remove execution rights, otherwise you are making huge security hole, as I understand.
  • scott38301scott38301
    Yes I understand this and will change them to 775 when I get the deletion issue resolved since it does not seem to be at this level.
    Is there some Vanilla config elsewhere in the system that is required for the users to delete their own attachments?
    This is also a 2.0.17 install/upgrade, self hosted. But I went back to the original location on a hosted site and the issue is the same there.

    Thanks.
  • UnderDogUnderDog MVP
    {"Code":401,"Exception":"You don't have permission to do that."}
    Are you familiar with looking into PHP code and finding / editing pieces of code?

    There was an error rendering this rich post.

  • scott38301scott38301
    Yes sir...
  • scott38301scott38301
    working on that now to try to get the proxyconnect to function with my Joomla site.
  • UnderDogUnderDog MVP
    try to get the proxyconnect to function with my Joomla site.
    That's so interesting. Feel free to post any results in a separate thread. How you did it, what did you run into, etc.
    Does your Joomla site has components that Vanilla doesn't have? Very interesting... :-)

    There was an error rendering this rich post.

  • scott38301scott38301
    Someone here had already set up the vanilla forum on a hosted site. I was asked to move it "in house" and then asked to get an SSO solution between the two...domain is the same and actually the vanilla install is a subdirectory of the main site.
  • scott38301scott38301
    Just can't seem to get either one of the working at the moment... :(
  • scott38301scott38301
    So does anyone have any suggestions here?
    Thanks.
  • Alibaba31337Alibaba31337 New
    Dear friend, please find the line
    $Sender->Permission('Garden.AdminUser.Only');
    and comment it out like
    //$Sender->Permission('Garden.AdminUser.Only');
    It will fix the issue. Good luck!
  • Alibaba31337Alibaba31337 New
    You have to find this line in FileUpload plugin "class.fileupload.plugin.php" (I bet you got this plugin enabled in your forum ;))
  • scott38301scott38301
    That took care of it -- thank you all!
Sign In or Register to comment.