Hi everyone,
I have some small problem with ir.attachement model. This model is used to store pictures that are used on website and that is ok. It is easy to upload pictures, more difficult to change information about pictures, but it is TOO EASY to DELETE picture (ir.attachement model) when picking other picture on other page.
What I mean by that is, that in image-pick-widget You need to only click "X" and a picture is gone... Of course You need to have proper rights (delete) but those rights come with simple HR-Employee and maybe with some other, I do not know.
So my question is - how can I secure my websites, so that:
- before deleting the picture, someone will get javascript question, like: Are You sure You wanna do it?
- delete rights will be only for Admin or for some special Role?
The biggest problem is that it is really easy to delete those attachment and after that all websites that used this picture will be shown improperly. For me this is really big issue for my users. And I know I can take back those rights in backend/setting but:
1. I will never be sure which other module will give them back
2. For Admin the problem remains.
Thanks in advance for some ideas,
Piotr
Again because of KARMA I cannot use this formu properly... I hope Andre de Kock that You will be notified about my comment. I agree that Your solution works. I did the same, actually I took back DELETE RIGHT from ir_attachment group_user but this is more like a workaround solution. Why? Because administrator shall have those rights - I can create new role/ access rule just for him, it is not a problem - BUT for him it still will be same easy to destroy some website just by accident. When You delete picture website looks very bad. So maybe the question shall be: where can I write my suggestion on module upgrade / feature request or whatever, something like small javascript with question: Do You really want to delete this picture? Sorry, but actually I do not know where is the place for such a request. Best Regards, Piotr