File entity update is allowed only for user who has uploaded the file

Created on 27 May 2024, about 1 month ago

Problem/Motivation

FileAccessControlHandler does not check permission in case of update using the standard permissions of "edit any files" and "edit own files". Instead it's hardcoded to check for the user who has uploaded the file.

Steps to reproduce

Proposed resolution

The FileAccessControlHandler should check for file edit permissions in the standard way.

Remaining tasks

1. Create new permissions "edit any files" and "edit own files"
2. Adjust the FileAccessControlHandler to respect the assigned permission.
3. Adjust relevant test cases.

User interface changes

API changes

Data model changes

Release notes snippet

🐛 Bug report

Status

Active

Version

11.0 🔥

Component

File system →

Last updated about 9 hours ago

Maintained by
🇦🇺Australia @kim.pepper

Created by

🇮🇳India sukr_s

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @sukr_s
Comment about 1 month ago →
🇺🇸United States cilefen
This is not a novice issue.

contrib.social Blog FAQ Discussions

Production build 0.69.0 2024