Open macrozone opened 8 years ago
Hi @nicolaslopezj ,
I'm using Orion 1.8.0, before the upgrade to 1.8, all the users can upload a file but when I upgrade to 1.8 only the admin can upload a file.
So, I register a role":
Roles.registerAction( 'upload', true );
HQ.allow( 'upload', true );
Branch.allow( 'upload', true );
insurer.allow( 'upload', true );
on my template:
{{#if userHasPermission 'upload'}}
{{> afQuickField name="file" }}
{{/if}}
but the problem is, the action has no effect at all, I have the error on the browser console:
Uncaught Error: The user has no permission to perform this action [unauthorized]
What should be the approach on the filesystem permission?
NOTE: I'm using nicolaslopezj:roles@2.0.2
because every time I upgrade the roles, it throws an error on insert and update.
Hi,
The action name is filesystem.upload
and you don't have to register it.
So you need to change your code to:
HQ.allow('filesystem.upload', true);
Branch.allow('filesystem.upload', true);
insurer.allow('filesystem.upload', true);
{{#if userHasPermission 'filesystem.upload'}}
{{> afQuickField name="file" }}
{{/if}}
Ok got it. Thanks @nicolaslopezj !
The allow/deny-rules on the filesystem collection does allow everyone to insert/update/delete files in the current version
As a first step, we should only allow admins to CRUD on filesystem.
Later, we should allow admins or at least developers to define themself which roles are allowed to CRUD on filesystem.
See https://github.com/orionjs/orion/blob/master/packages/filesystem/filesystem.js