Removing delete fuction from everyone but Admin Removing delete fuction from everyone but Admin
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Removing delete fuction from everyone but Admin

Started by CD69, October 05, 2005, 08:16:01 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

CD69

October 05, 2005, 08:16:01 PM Last Edit: October 05, 2005, 10:25:25 PM by Nibbler
I upgraded to 1.3.5 today hoping I would find a way to stop registered users from being able to delete images. I want to protect all images once they are uploaded onto my server and allow Admin only to delete images.

Is there any way to remove the delete button for everyone but Admin's?

artistsinhawaii

#1
October 05, 2005, 08:31:08 PM
Unless there's a mod for it, I don't think that's possible in 1.35.  It is a feature in the upcoming 1.4x, however.  But 1.4x comes with no support at the present time.


Dennis
Learn and live ... In January of 2011, after a botched stent attempt, the doctors told me I needed a multiple bypass surgery or I could die.  I told them I needed new doctors.

CD69

#2
October 05, 2005, 08:33:54 PM
Thank you for replying so quick Dennis. This functionality exists in the new release (1.4) that I can download here?

artistsinhawaii

#3
October 05, 2005, 08:36:34 PM
Yes, but, as I mentioned there is currently no support for 1.4x.

If you go ahead with it, make sure you do a versioncheck and enable view link to devel CVS in the version check page.  Then update all files.   There have been a lot of recent changes to files in 1.4.

Dennis

Learn and live ... In January of 2011, after a botched stent attempt, the doctors told me I needed a multiple bypass surgery or I could die.  I told them I needed new doctors.

Nibbler

#4
October 05, 2005, 09:11:34 PM
What you are requesting is not available in 1.4. What you need to do is remove the button from the interface for regular users:

displayimage.php:

find

Code Select

function html_picture_menu($id)
{
    global $lang_display_image_php;

    return <<<EOT
     <a href="#" onClick="return MM_openBrWindow('picEditor.php?id=$id','Crop_Picture','scrollbars=yes,toolbar=no,status=yes,resizable=yes')" class="admin_menu" >{$lang_display_image_php['crop_pic']}</a> <a href="editOnePic.php?id=$id&what=picture"  class="admin_menu">{$lang_display_image_php['edit_pic']}</a> <a href="delete.php?id=$id&what=picture"  class="admin_menu" onclick="return confirm('{$lang_display_image_php['confirm_del']}'); return false; ">{$lang_display_image_php['del_pic']}</a>

EOT;
}


change to

Code Select

function html_picture_menu($id)
{
    global $lang_display_image_php;

$ret = "<a href=\"#\" onClick=\"return MM_openBrWindow('picEditor.php?id=$id','Crop_Picture','scrollbars=yes,toolbar=no,status=yes,resizable=yes')\" class=\"admin_menu\" >{$lang_display_image_php['crop_pic']}</a> <a href=\"editOnePic.php?id=$id&what=picture\"  class=\"admin_menu\">{$lang_display_image_php['edit_pic']}</a>";
if (GALLERY_ADMIN_MODE) $ret .= "<a href=\"delete.php?id=$id&what=picture\"  class=\"admin_menu\" onclick=\"return confirm('{$lang_display_image_php['confirm_del']}'); return false; \">{$lang_display_image_php['del_pic']}</a>";

return $ret;
}


And then to stop the deletion if the url is manually entered, find in delete.php

Code Select

    } else {
        $query = "SELECT {$CONFIG['TABLE_PICTURES']}.aid as aid, category, filepath, filename FROM {$CONFIG['TABLE_PICTURES']}, {$CONFIG['TABLE_ALBUMS']} WHERE {$CONFIG['TABLE_PICTURES']}.aid = {$CONFIG['TABLE_ALBUMS']}.aid AND pid='$pid'";
        $result = db_query($query);
        if (!mysql_num_rows($result)) cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__);
        $pic = mysql_fetch_array($result);
        if ($pic['category'] != FIRST_USER_CAT + USER_ID) cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
    }


and replace with simply this:

Code Select

    } else {
cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
    }

artistsinhawaii

#5
October 05, 2005, 09:47:46 PM
QuoteWhat you are requesting is not available in 1.4. What you need to do is remove the button from the interface for regular users:


I stand corrected, Nibbler.

I thought that's what the Config/Allow users to retain control over their pics in public galleries feature did in 1.4x

Dennis
Learn and live ... In January of 2011, after a botched stent attempt, the doctors told me I needed a multiple bypass surgery or I could die.  I told them I needed new doctors.

Nibbler

#6
October 05, 2005, 09:55:01 PM
That's a switch to toggle the new option of user control over pics in public galleries. It doesn't affect the pre-existing ability for users to delete pics from their own user gallery.

artistsinhawaii

#7
October 05, 2005, 10:21:43 PM
Quote from: Nibbler on October 05, 2005, 09:55:01 PM
That's a switch to toggle the new option of user control over pics in public galleries. It doesn't affect the pre-existing ability for users to delete pics from their own user gallery.

Thanks Nibbler,

Now I know.

Dennis
Learn and live ... In January of 2011, after a botched stent attempt, the doctors told me I needed a multiple bypass surgery or I could die.  I told them I needed new doctors.

CD69

#8
October 05, 2005, 10:23:55 PM
Nibbler, thank you very much, you have solved a huge proble for me!

CD69

#9
October 06, 2005, 03:30:20 AM
Everything has worked perfectly, it's very cool when that happens!

Here's where I push my luck a little  ;)

How do I remove the Crop and Rotate option from everyone but the admins.
Print
Go Up Pages1
User actions