Allowing users to edit their uploaded files... Allowing users to edit their uploaded files...
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Allowing users to edit their uploaded files...

Started by lawless314, February 22, 2005, 11:53:17 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

lawless314

As it stands, registered users can upload to any public albulm, but once they have uploaded the file, they cannot edit the file information, such as title, description, keywords, etc.

I can't find any actual permissions setting for this - there's either upload approval or admin access, but not upload+edit personal files.  Is there a database flag for it that I could set manually, or is it just admin only?

Thanks,
--Lindsay

Joachim Müller

currently (with cpg1.3.x) it's admin only, there's no way to allow users to edit their files once they uploaded it to a public gallery. However, the feature you're looking for will be in cpg1.4.x (which just went into feature freeze status, so you can expect a release soon).

Joachim

rusk

Add line

    $picture_menu = (USER_ID == $CURRENT_PIC_DATA['owner_id']) ? html_picture_menu($pid) : '';

in displayimage.php file after line 153 that allows to edit/delete image only for admins.

rusk

Sorry, this code wil worc correct:


    if (USER_ID == $CURRENT_PIC_DATA['owner_id']) {
        $picture_menu = html_picture_menu($pid);
    }


this lines must be AFTER line


    $picture_menu = ((USER_ADMIN_MODE && $CURRENT_ALBUM_DATA['category'] == FIRST_USER_CAT + USER_ID) || GALLERY_ADMIN_MODE) ? html_picture_menu($pid) : '';

dbasulto

so this code will enable users to edit their own submitted files?
or just an edit link in case you are admin?

Joachim Müller

why don't you try and find it out and then let us know?

agridoc

#6
The script works OK for editing (Crop and Rotate - Edit description). The  DELETE THIS FILE command gives the error message "You don't have permission to perform this operation."

I was very happy at first but ... (see next message)


agridoc

The script opens editing (Crop and Rotate - Edit description). The  DELETE THIS FILE command gives the error message "You don't have permission to perform this operation."

The problem is that when you open editing only the personal album is available, so if you save it, it will be moved to a personal album and it can' t be moved back to a public one (version 1.33).

Stramm

that code from rusk is just to add a lil bit functionality. To let users have full control over their images outside their own user album would mean editing far more code.

Abbas Ali

Quote from: agridoc on October 26, 2005, 12:56:22 AM
The problem is that when you open editing only the personal album is available, so if you save it, it will be moved to a personal album and it can' t be moved back to a public one (version 1.33).

To solve this problem edit editOnePic.php (function get_user_albums)

Replace


        global $CONFIG, $USER_ALBUMS_ARRAY, $user_albums_list;

        if (!isset($USER_ALBUMS_ARRAY[$user_id])) {
                $user_albums = db_query("SELECT aid, title FROM {$CONFIG['TABLE_ALBUMS']} WHERE category='".(FIRST_USER_CAT + $user_id)."' ORDER BY title");


with


        global $CONFIG, $USER_ALBUMS_ARRAY, $user_albums_list, $CURRENT_PIC;

        if (!isset($USER_ALBUMS_ARRAY[$user_id])) {
                if (!GALLERY_ADMIN_MODE) {
                  $user_albums = db_query("SELECT aid, title FROM {$CONFIG['TABLE_ALBUMS']} WHERE category='".(FIRST_USER_CAT + $user_id)."'OR aid = '".$CURRENT_PIC['aid']."'  ORDER BY title");               
                } else {
                  $user_albums = db_query("SELECT aid, title FROM {$CONFIG['TABLE_ALBUMS']} WHERE category='".(FIRST_USER_CAT + $user_id)."' ORDER BY title");
                }


This should solve the problem.
Chief Geek at Ranium Systems

Abbas Ali

Quote from: agridoc on October 26, 2005, 12:56:22 AM
The script opens editing (Crop and Rotate - Edit description). The DELETE THIS FILE command gives the error message "You don't have permission to perform this operation."

And to solve this edit delete.php (function delete_picture)

Replace


        $query = "SELECT {$CONFIG['TABLE_PICTURES']}.aid as aid, category, filepath, filename FROM {$CONFIG['TABLE_PICTURES']}, {$CONFIG['TABLE_ALBUMS']} WHERE {$CONFIG['TABLE_PICTURES']}.aid = {$CONFIG['TABLE_ALBUMS']}.aid AND pid='$pid'";
        $result = db_query($query);
        if (!mysql_num_rows($result)) cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__);
        $pic = mysql_fetch_array($result);
        if ($pic['category'] != FIRST_USER_CAT + USER_ID) cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);


with


        $query = "SELECT {$CONFIG['TABLE_PICTURES']}.aid as aid, category, filepath, filename, owner_id FROM {$CONFIG['TABLE_PICTURES']}, {$CONFIG['TABLE_ALBUMS']} WHERE {$CONFIG['TABLE_PICTURES']}.aid = {$CONFIG['TABLE_ALBUMS']}.aid AND pid='$pid'";
        $result = db_query($query);
        if (!mysql_num_rows($result)) cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__);
        $pic = mysql_fetch_array($result);
        if ($pic['category'] != FIRST_USER_CAT + USER_ID && $pic['owner_id'] != USER_ID) cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
Chief Geek at Ranium Systems

agridoc

OK it works know. Thank you very much Abbas Ali and Rusk for the first script. All three modifications are needed.

I have tested it and I will announce it in my forum for further testing.

This modification is quite useful as many times members uploaded photos without descriptions in a public album for an event. I think one more modification is needed but this is another topic so I posted it in Allowing users to move files from own to public album.