Created by: David Ritter ([email protected]) on 2015/05/18 19:35:25 +0000
Votes at time of UserVoice import: 16
Craft's permissions are pretty flexible, except when it comes to assets.
When editing a field that allows users to choose an asset, all asset sources will appear in the modal, even ones the user has no View Source permission on. This happens on Redactor fields as well.
The main Assets manager gets it right—and only shows the sources a user has permission to view or edit—but when it comes to editing entries or when choosing assets, everything is shown, which is not ideal.
The majority of the time, the current setup works well since most users probably want to be able to see others' content. But in other cases, you simply don't want some users seeing other assets.
Just an example workflow. Big company launch, kind of hush hush. You have a few designers. Some of them are working up some designs. Some pages aren't ready to go live yet. The current situation makes it impossible to do something like that.
I asked about this on support, Andris mentioned "This is to avoid situations where an Assets fields would be assigned a single source that would not be usable by some users, rendering the field unusable."
That's only part of the problem. I would vote to disable/grey the field or let them pick another asset from a source they do have access to view. You don't want to be creating asset fields and locking down folders for every asset field, that gets to be ridiculous.
I've seen this come up a few times on SE where we need to be able to "jail" or silo a user to their own assets or at a least ones they are only supposed to see.
Craft's permissions are pretty flexible, except when it comes to assets.
When editing a field that allows users to choose an asset, all asset sources will appear in the modal, even ones the user has no View Source permission on. This happens on Redactor fields as well.
The main Assets manager gets it right—and only shows the sources a user has permission to view or edit—but when it comes to editing entries or when choosing assets, everything is shown, which is not ideal.
The majority of the time, the current setup works well since most users probably want to be able to see others' content. But in other cases, you simply don't want some users seeing other assets.
Just an example workflow. Big company launch, kind of hush hush. You have a few designers. Some of them are working up some designs. Some pages aren't ready to go live yet. The current situation makes it impossible to do something like that.
I asked about this on support, Andris mentioned "This is to avoid situations where an Assets fields would be assigned a single source that would not be usable by some users, rendering the field unusable."
That's only part of the problem. I would vote to disable/grey the field or let them pick another asset from a source they do have access to view. You don't want to be creating asset fields and locking down folders for every asset field, that gets to be ridiculous.
I've seen this come up a few times on SE where we need to be able to "jail" or silo a user to their own assets or at a least ones they are only supposed to see.