Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Only admin logon can delete attachments

edited February 2011 in Vanilla 2.0 - 2.8
We have our vanilla site running with the default admin user are well as two other users with admin permissions.
They can create a "discussion" -- which in our case is a lesson plan. They can add attachments to the discussion but cannot delete them. Only the admin logon can delete attachments. The users can, however, remove the discussion.

Permissions are set at 777 for the upload folder and all subfolders and files.

Any thoughts here folks?

Comments

  • UnderDogUnderDog MVP
    edited February 2011
    They can add attachments to the discussion but cannot delete them.
    @scott38301 Please explain what happens when they try to delete an attachment. Do they get an error message? Is a button missing?

    There was an error rendering this rich post.

  • Button is there.
    Receiving a popup message that states {"Code":401,"Exception":"You don't have permission to do that."}
    This is true for every user (even those with admin priv's) except the admin user itself.
    As stated the upload directory is set at 777 for permissions...
    Thanks.
  • 777 seems like too much, remove execution rights, otherwise you are making huge security hole, as I understand.
  • Yes I understand this and will change them to 775 when I get the deletion issue resolved since it does not seem to be at this level.
    Is there some Vanilla config elsewhere in the system that is required for the users to delete their own attachments?
    This is also a 2.0.17 install/upgrade, self hosted. But I went back to the original location on a hosted site and the issue is the same there.

    Thanks.
  • {"Code":401,"Exception":"You don't have permission to do that."}
    Are you familiar with looking into PHP code and finding / editing pieces of code?

    There was an error rendering this rich post.

  • Yes sir...
  • working on that now to try to get the proxyconnect to function with my Joomla site.
  • try to get the proxyconnect to function with my Joomla site.
    That's so interesting. Feel free to post any results in a separate thread. How you did it, what did you run into, etc.
    Does your Joomla site has components that Vanilla doesn't have? Very interesting... :-)

    There was an error rendering this rich post.

  • Someone here had already set up the vanilla forum on a hosted site. I was asked to move it "in house" and then asked to get an SSO solution between the two...domain is the same and actually the vanilla install is a subdirectory of the main site.
  • Just can't seem to get either one of the working at the moment... :(
  • So does anyone have any suggestions here?
    Thanks.
  • Dear friend, please find the line
    $Sender->Permission('Garden.AdminUser.Only');
    and comment it out like
    //$Sender->Permission('Garden.AdminUser.Only');
    It will fix the issue. Good luck!
  • You have to find this line in FileUpload plugin "class.fileupload.plugin.php" (I bet you got this plugin enabled in your forum ;))
  • That took care of it -- thank you all!
Sign In or Register to comment.