Upload delete & access rights : confusing
Posted: 18 Mar 2020, 19:53
Hello !
I am trying to make sense out of the "upload" functionality of the phoca download plugin which I find great anyway.
I have 1 category. Let's call it CAT1.
I have multiple users: let's take the case of U1.
For the category (CAT1), my parameters are the following :
ACCESS : the group in which U1 belongs (GROUP 1, let's call it)
ACCESS RIGHTS : I don't know what information to provide. I left it blank as I assume I don't need to choose anything as any user from GROUP 1 will be allowed to view this category in order to upload into this category (this is the feature I'm looking for actually)... right ? please, help me understand the difference (between ACCESS and ACCESS RIGHTS) as the description in the documentation is brief and not evocative to a non-developper.
UPLOAD RIGHTS : I selected "all registered users" because I know ACL groups cannot be included in this list (in my wishlist, I would love to be able to select "GROUP 1"), and I also selected "myself" as a possible uploader (as an administrator)
DELETE RIGHTS : here comes the confusing part. I selected nobody because normally, the user who uploads in this category has automatic deletion rights, correct ? And anyway, for this category, many users are going to upload in CAT1, so I don't want to choose one person among 30 who are going to upload in this category.
NOW comes the live testing ...
When U1 uploads a file, then, he is supposed to be able to delete it because he has the rights to. But after uploading the file, the icon "delete" is greyed out, so U1 cannot delete it ... where am I going wrong ?
Moreover, I tried to select "myself" as a possible deleter (when I say "myself", I mean I am a member of the superuser group), but when I login in the frontend, I can neither see the documents published by U1 nor delete them as well ... I am left confused. I know that I can delete - as a superuser - documents in the backend, but what is the point of proposing in the parameters a multiple selection if only the user who uploaded can delete his OWN file ? The multiple selection leads us to think that you can have many people being able to delete the files of one other person ... don't you think ?
Strangely enough, whatever I do (set myself as user in the ACCESS RIGHTS or not), I can still access CAT1 on the frontend ... how come ? normally if I'm not a user allowed in the ACCESS RIGHTS, I should not be able to have access to CAT1 ?? no ?
THANKS A LOT for clarifying all those points as I dearly need this upload function to work.
Fabio
I am trying to make sense out of the "upload" functionality of the phoca download plugin which I find great anyway.
I have 1 category. Let's call it CAT1.
I have multiple users: let's take the case of U1.
For the category (CAT1), my parameters are the following :
ACCESS : the group in which U1 belongs (GROUP 1, let's call it)
ACCESS RIGHTS : I don't know what information to provide. I left it blank as I assume I don't need to choose anything as any user from GROUP 1 will be allowed to view this category in order to upload into this category (this is the feature I'm looking for actually)... right ? please, help me understand the difference (between ACCESS and ACCESS RIGHTS) as the description in the documentation is brief and not evocative to a non-developper.
UPLOAD RIGHTS : I selected "all registered users" because I know ACL groups cannot be included in this list (in my wishlist, I would love to be able to select "GROUP 1"), and I also selected "myself" as a possible uploader (as an administrator)
DELETE RIGHTS : here comes the confusing part. I selected nobody because normally, the user who uploads in this category has automatic deletion rights, correct ? And anyway, for this category, many users are going to upload in CAT1, so I don't want to choose one person among 30 who are going to upload in this category.
NOW comes the live testing ...
When U1 uploads a file, then, he is supposed to be able to delete it because he has the rights to. But after uploading the file, the icon "delete" is greyed out, so U1 cannot delete it ... where am I going wrong ?
Moreover, I tried to select "myself" as a possible deleter (when I say "myself", I mean I am a member of the superuser group), but when I login in the frontend, I can neither see the documents published by U1 nor delete them as well ... I am left confused. I know that I can delete - as a superuser - documents in the backend, but what is the point of proposing in the parameters a multiple selection if only the user who uploaded can delete his OWN file ? The multiple selection leads us to think that you can have many people being able to delete the files of one other person ... don't you think ?
Strangely enough, whatever I do (set myself as user in the ACCESS RIGHTS or not), I can still access CAT1 on the frontend ... how come ? normally if I'm not a user allowed in the ACCESS RIGHTS, I should not be able to have access to CAT1 ?? no ?
THANKS A LOT for clarifying all those points as I dearly need this upload function to work.
Fabio
