androbey

Prevent users from deleting files

Recommended Posts

Hello, 

I'm rather new to ProcessWire, but love all the possibilities it gives us. Also, I'm a rather unexperienced developer, so please forgive me. 

What I like to achieve: 

I want to prevent users (that are not superusers) from deleting files (which are uploaded through/with a file field in ProcessWire) or at least to send a mail when someone deletes that file.  

I'm developing a kind-of intranet for a NPO in order to push digitalisation. However, for quality management, files should not be deleted unnoticed by not authorized persons. 

Is this kind of thing even hookable? 

I found with the help of Captian Hook, that there is a delete hook for fields and also this one:
 

$this->addHookBefore('Fieldtype::deleteField', function(HookEvent $event)

But I'm afraid that this won't help for my issue, will it? 

 

Here's my very first attempt of a module.. 

class Disabledelete extends WireData implements Module {

	public static function getModuleInfo() {
		return array(
			'title' => 'Disable File Delete Functionality', 
			'version' => 3, 
			'summary' => 'Should disable delete functionality for files.',
			'singular' => true, 
			'autoload' => true, 
			);
	}

	public function init() {
    $this->addHookBefore("File::deleteField", $this, "disableDelete");
}
 
public function ___disableDelete($event) {
     //But what to do here? (If even here!)
}
}



Hope you can help me out there!

Share this post


Link to post
Share on other sites

Best not to give users access to fields that they are not trusted to manage. So if only certain roles should be allowed to edit a field (for a files field editing means adding or deleting files) then set up access permissions for that field.

I'm not sure it makes sense to allow users to upload files to a field but not delete them. Otherwise how do they correct their own mistakes if they accidentally upload a file to the wrong field or on the wrong page?

But if you're sure you want to do this you could use the following hook in /site/ready.php:

$wire->addHookBefore('Pagefiles::delete', function(HookEvent $event) {
    // The item about to be deleted
    $item = $event->arguments(0);
    
    // Only for ProcessPageEdit
    if($this->process != 'ProcessPageEdit') return;
    
    $page = $this->process->getPage();
    $field = $item->pagefiles->field;
    // Now optionally use $page and $field to limit the below to particular pages, templates, fields

    if($this->user->hasRole('YOUR_ROLE')) {
        // Prevent the normal delete() method
        $event->replace = true;
        // Show the user an error message
        $this->error('Sorry, you are not allowed to delete files.');
    }
});

 

I don't recommend it because it will be slow and potentially result in a lot of sent mail, but the following example is a proof-of-concept for sending an email notification of deleted files.

$wire->addHookBefore('Pagefiles::delete', function(HookEvent $event) {
    // The item about to be deleted
    $item = $event->arguments(0);
    
    // Only for ProcessPageEdit
    if($this->process != 'ProcessPageEdit') return;
    
    $page = $this->process->getPage();
    $field = $item->pagefiles->field;
    // Now optionally use $page and $field to limit the below to particular pages, templates, fields

    if($this->user->hasRole('YOUR_ROLE')) {
        // Send email notification
        $m = $this->mail->new();
        $m->to('someone@domain.com')
            ->from('someone@domain.com')
            ->subject('File deleted')
            ->body("File '{$item->basename}' was deleted by '{$this->user->name}' from field '{$field->name}' on page {$page->httpUrl}.")
            ->send();
    }
});

 

  • Like 3

Share this post


Link to post
Share on other sites

Hi @Robin S

thank you very much for your reply. Really appreciate your help. 

You are right, in general my logic wouldn't make sense at all. In my case this field serves as a kind of archive (which is necessary to satisfy a duty to preserve records), even though I know it's not ideal.

Anyway, I think I have still a lot to learn about hooks and how to use them. 

Have a good day!

Share this post


Link to post
Share on other sites

@androbey May be you can use this or learn from it source code: @renobird's Activity Log module https://processwire.com/talk/topic/9838-module-activity-log/

Even though I use it on one site, I have not had much time to checkout this module properly so I only use its basic features and it appears to me that changes made to image fields are not logged but it could be possible to extend it.

Also, this module keeps generating PHP warnings when a non-superuser is the one to make changes but seems to work otherwise, even on ProcessWire 3.x too. (I did not have the time to check why I have the warnings...) 

 

  • Like 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.