Fixes an issue where URLControl checks upload permissions wrong #5461
Conversation
|
Add permission is part of the advanced permission provider and should get mapped to write in the community provider. |
Right. So the URLControl needs to check for ADD like it does without this PR, but the PermissionProvider needs to check for WRITE if ADD was requested by calling code? |
yes, that is correct |
Hmm, doesn't look like that's true, because the LoadFolders method in the UrlControl uses the FolderManager which goes straight to the DB and doesn't use the PermissionProvider. Also, that looks like checks need to be somewhat more complex, like: if ADD permission exists in Permissions, then check for ADD permission, otherwise check for WRITE permission. Any advice on how to fix this further would be appreciated. |
There was a problem hiding this comment.
Wow - hard to believe this has been this way for so long! Thanks @skamphuis
Fixes #5423
Summary
The URLControl tries for "ADD" permission on the selected folder, but that doesn't exist (anymore?). It changed it to "WRITE" instead, which seems logical because that's actually the permission you're controlling by giving a user or role Edit permissions on a folder. This seems to fix the issues mentioned in #5423 and in Links and Documents.
However, I did find other references to the "ADD" permission in several other places:
These might need changing too. Happy to do so, by the way. Just let me know.