Disabling the Album Delete Button in Admin Mode Disabling the Album Delete Button in Admin Mode
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Disabling the Album Delete Button in Admin Mode

Started by GarryS, September 20, 2012, 11:09:54 PM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

GarryS

My site URL is http://www.victoriacameraclub.org/vcccompetitions/.

I have just received a solution to my most recent querry regarding requiring titles for uploads. Now one more, possibly final, tweak for our camera club competitions gallery.

When the album within a category are displayed to an administrator, the controls "Delete", "Properties" and "Edit Files" are displayed. I as webmaster have a team of three additional inidividuals who have administrator permissions. One asked what would happen if he accidentally clicked the delete button. A clear risk, even though there is one warning pop-up. We do not wish to delete any competitions albums and certainly not during the club year.

My desire is to remove the Delete buttons from that page (for each of the albums in the category), leaving the Properties and Edit Files buttons in place. Since the change would be reversible, I could, by going back, enable the delete in a case in which it was truly desired (if any).

Perhaps I can be pointed toward a solution for this one.

Thank you in advance for your help.

lurkalot

Quote from: GarryS on September 20, 2012, 11:09:54 PM

One asked what would happen if he accidentally clicked the delete button.


I know it's a worry, but if someone clicks a album delete button you would get a warning / confirmation box pop up in the middle of the page. ;)
Running SMF 2.1.4  / Tinyportal 3.0.1, bridged with Coppermine 1.6.25, plus cpmfetch 2.0.0

Jeff Bailey

Like lurkalot said there is a warning for this type of activity but if you really want to get rid of it:

In your custom themes theme.php add this on a blank line before the closing ?>

/******************************************************************************
** Section <<<$template_album_admin_menu>>> - START
******************************************************************************/
// HTML template for the ALBUM admin menu displayed in the album list
$template_album_admin_menu = <<<EOT
        <div class="buttonlist align_right">
                <ul>
                        <li>
                                <!-- <a href="delete.php?id={ALBUM_ID}&amp;what=album&amp;form_token={FORM_TOKEN}&amp;timestamp={TIMESTAMP}" class="adm_menu" onclick="return confirm('{CONFIRM_DELETE}');"><span>{DELETE}</span></a> -->
                        </li>
                        <li>
                                <a href="modifyalb.php?album={ALBUM_ID}" class="adm_menu"><span>{MODIFY}</span></a>
                        </li>
                        <li>
                                <a href="editpics.php?album={ALBUM_ID}" class="adm_menu"><span class="last">{EDIT_PICS}</span></a>
                        </li>
                </ul>
        </div>
        <div class="clearer"></div>

EOT;
/******************************************************************************
** Section <<<$template_album_admin_menu>>> - END
******************************************************************************/


If the function already exists just HTML comment the link
<a href="delete.php?id={ALBUM_ID}&amp;what=album&amp;form_token={FORM_TOKEN}&amp;timestamp={TIMESTAMP}" class="adm_menu" onclick="return confirm('{CONFIRM_DELETE}');"><span>{DELETE}</span></a>
to
<!-- <a href="delete.php?id={ALBUM_ID}&amp;what=album&amp;form_token={FORM_TOKEN}&amp;timestamp={TIMESTAMP}" class="adm_menu" onclick="return confirm('{CONFIRM_DELETE}');"><span>{DELETE}</span></a> -->
Thinking is the hardest work there is, which is probably the reason why so few engage in it. - Henry Ford

GarryS

Thanks for your input. As lurkalot has indicated, yes, there is a warning. That said, I went ahead and removed the Delete button following Jeff's code. 

That does the trick and does also make me feel more secure.

I think things are pretty much in hand now, so I should be less of a pest in coming days.

Here's to Coppermine and to this forum!

Jeff Bailey

Forgot to mention, the code posted is theme specific.
Not recommended but you can edit themes.inc.php for a more thorough removal of the button.
Thinking is the hardest work there is, which is probably the reason why so few engage in it. - Henry Ford

Joe Carver

Quote from: Jeff Bailey on September 21, 2012, 01:48:07 AM
Forgot to mention, the code posted is theme specific.
Not recommended...

Another way would be to use the plugin hook / action page_start.
It works well for changing HTML templates...

Here is an untested example that would need a configuration file to run as an example.


<?php
/**
 * Coppermine Photo Gallery
 *
 * Copyright (c) 2003-2012 Coppermine Dev Team
 * v1.1 originally written by Gregory DEMAR
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * Plugin Example by Joe Carver 
 * 
  *******************************************************/
    
if (!defined('IN_COPPERMINE')) {die('Not in Coppermine...');}

// Add plugin display action
$thisplugin->add_action('page_start','no_deleting');

function no_deleting()
{
global $CONFIG$template_album_admin_menu;
/******************************************************************************
** Section <<<$template_album_admin_menu>>> - START
******************************************************************************/
// HTML template for the ALBUM admin menu displayed in the album list
$template_album_admin_menu = <<<EOT
        <div class="buttonlist align_right">
                <ul>
                        <li>
                                <!-- <a href="delete.php?id={ALBUM_ID}&amp;what=album&amp;form_token={FORM_TOKEN}&amp;timestamp={TIMESTAMP}" class="adm_menu" onclick="return confirm('{CONFIRM_DELETE}');"><span>{DELETE}</span></a> -->
                        </li>
                        <li>
                                <a href="modifyalb.php?album={ALBUM_ID}" class="adm_menu"><span>{MODIFY}</span></a>
                        </li>
                        <li>
                                <a href="editpics.php?album={ALBUM_ID}" class="adm_menu"><span class="last">{EDIT_PICS}</span></a>
                        </li>
                </ul>
        </div>
        <div class="clearer"></div>

EOT;
/******************************************************************************
** Section <<<$template_album_admin_menu>>> - END
******************************************************************************/
}

?>



ΑndrĂ©

Please keep in mind that all solutions just removes the button, but the backend code still exists. It's enough to prevent users deleting album accidentally, but not intentionally.