Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Advanced Editor - Deleting Uploads

phreakphreak Vanilla*APP (White Label) & Vanilla*Skins Shop MVP

Hi all,

Users in my community were allowed to delete their Advanced Editor uploads in their comments some time ago. For some reason this is not possible anymore and I don't know if or what I have misconfigured.

My users are allowed to edit their posts for about an hour. Besides this setting they were always able to remove their uploads (mainly images) if they felt like it.

Since one of the recent updates (my guess is 2.2.1) my users and even the administrator can't see the small "x" next to an image anymore. There is a display: none on it. I can bring it with some CSS but then the function itself (clicking on the "x") doesn't create a dialog or any type of deletion process.

Did anyone experience the same?

Thank you, phreak

  • VanillaAPP | iOS & Android App for Vanilla - White label app for Vanilla Forums OS
  • VanillaSkins | Plugins, Themes, Graphics and Custom Development for Vanilla

Comments

  • CaylusCaylus ✭✭
    edited September 2017

    Hey Vanilla 2.3 here, same behaviour. It seems like you can only remove images as long as you can edit your posts.

    If you edit a post, you can remove an image from there. Admins should still be able to edit posts and then remove images.

    You could either give your members more editing rights, or write a plugin that a) restores the x, b) adds a bit of javascript that people can click it and that it makes an AJAX call to a custom endpoint, c) when a call to a custom endpoint is made the plugin should check whether the user is allowed to delete that particular image and then call this function:

        protected function deleteEditorUploads($MediaID, $ForeignID = '', $ForeignType = '') {
            // Save data to database using model with media table
            $Model = new Gdn_Model('Media');
            $Media = (array)$Model->getID($MediaID);
    
            $IsOwner = (!empty($Media['InsertUserID']) && Gdn::session()->UserID == $Media['InsertUserID']);
            // @todo Per-category edit permission would be better, but this global is far simpler to check here.
            // However, this currently matches the permission check in views/attachments.php so keep that in sync.
            $CanDelete = ($IsOwner || Gdn::session()->checkPermission('Garden.Moderation.Manage'));
            if ($Media && $CanDelete) {
                try {
                    if ($Model->delete($MediaID)) {
                       // unlink the images.
                        $path = PATH_UPLOADS.'/'.$Media['Path'];
                        $thumbPath = PATH_UPLOADS.'/'.$Media['ThumbPath'];
    
                        if (file_exists($path)) {
                            unlink($path);
                        }
    
                        if (file_exists($thumbPath)) {
                            unlink($thumbPath);
                        }
                    }
                } catch (Exception $e) {
                    die($e->getMessage());
                    return false;
                }
                return true;
            }
            return false;
        }
    

    I could try to write something, but my solutions are pretty hackish most of the time, so you might want to prefer to do it yourself. Just lemme know what you prefer.

  • This would be my solution.

    Now in your own posts, you get an X with every image, if you click that you're asked if you're really sure you want to delete the image, if you click yes the image gets deleted and links in your post get replaced by a standard "user deleted this image" image link.

    Just to make it not too complicated, you can only delete your own images, even if you're an admin.
    If you're an admin, you can still edit other people's posts and remove attachments that way anyway, so you don't need my plugin for that.

    If you like the functionality and have suggestions to prettify the CSS, that'd be very welcome!

    https://github.com/Caylus/vanilla_plugins/tree/master/RemoveUploadedImages

    I'll keep it in this thread to see if the functionality is welcome and if there are some improvements that can be made, afterwards I'll upload it to the addon section.

  • I forgot to mention: You only see that "x" after reloading the page if you posted an image!

  • phreakphreak Vanilla*APP (White Label) & Vanilla*Skins Shop MVP
    edited September 2017

    Hi @Caylus,

    Thank you for putting so much effort into my question. Indeed for Admin's it's possible to delete images when heading over to the "Edit" screen of a comment. That's good enough for them.

    I activated your plugin on a plain Vanilla install but no "X" or a similar design showed up for users who are not allowed to "Edit" their comments anymore. Can you give me a screenshot to see how it works? Predefined by Vanilla is a SPAN tag that hold the CLASS "editor-file-remove". This could probably be used as it's already there. Also the "Roles & Permission" in the dashboard could be bend to integrate a checkbox saying "Edit" in "Plugins" > "Attachments/Upload".

    I created an addon icon if you'd like to upload the plugin to the addon repository here. Please use it as you wish. B)

    • VanillaAPP | iOS & Android App for Vanilla - White label app for Vanilla Forums OS
    • VanillaSkins | Plugins, Themes, Graphics and Custom Development for Vanilla
  • Hey Phreak, no problem! Like to play around with these kinds of things, you always find out new stuff from the inner workings of Vanilla ^^

    It should have given a cross in the top right corner of images (see screenshot), don't know why he doesn't do that at your end. O_o

    With the new version it should also restore the cross at the attachment preview under the post.

    I've added a permission system now as well!

    Thanks for the icon! ^^

  • R_JR_J Ex-Fanboy Munich Admin

    You should consider using × instead of "X". I would try to mimic the look and feel for other "delete" options, using

    <div class="Options">
      <a class="Delete" href="/..."><?php echo t('Delete', '&times;') ?></a>
    </div>
    

    Also, you should try the class for links "PopConfirm", it's a great shortcut!

  • R_JR_J Ex-Fanboy Munich Admin

    When using addJsFile/addCssFile, you need to use correct spelling, the file and folder names are case sensitive. I've created a PR for that.

    The way you parse posts is buggy. I have for example this post:

    <img src="https://example.com/uploads/editor/8d/cmc5z1nvfvzu.jpg" alt=""><br><br><img src="https://example.com/uploads/editor/bq/izakzxm3t1p2.jpg" alt=""><br><img src="https://example.com/uploads/editor/v6/i61nb28h4ivh.jpg" alt=""><br><br><img alt="" src="https://example.com/uploads/editor/hs/s6uaq6q0mm1d.jpg"><br><br><br><br>
    

    I would advise to skip adding those big buttons alltogether.

  • phreakphreak Vanilla*APP (White Label) & Vanilla*Skins Shop MVP
    edited September 2017

    @Caylus & @RJ: How the plugin works seems to be to work only for images that were embedded right? I think it would be smart if we could take this Vanilla functionality from the system level and outside of the "Edit" dialogue. User roles that have a limited editing time allowance could then still delete attachments in a smart way. See the screenshot.

    For the CSS adding the 3 last lines would reveal the predefined "X".

    .editor-file-preview .editor-file-remove {
        float: right;
        height: 30px;
        cursor: pointer;
        background-color: #fff;
        box-shadow: inset 2px 0 2px -3px #000;
        position: absolute; /* 1. new line */
        right: 0; /* 2. new line */
        display: block; /* 3. new line */
    }
    

    • VanillaAPP | iOS & Android App for Vanilla - White label app for Vanilla Forums OS
    • VanillaSkins | Plugins, Themes, Graphics and Custom Development for Vanilla
  • CaylusCaylus ✭✭
    edited September 2017

    Hey Phreak! The plugin that I uploaded to the plugin section (sorry, completely forgot to post in this topic) works for any attachment now.

    I removed the big X and simply added a X down below as in the screenshot you shared.

    It removes the attachment, and if it's a picture it replaces the picture embedded in the post with a "user deleted this picture" image.

    https://open.vanillaforums.com/addon/removeuploadedattachments-plugin

Sign In or Register to comment.