I have a file that is linked to in one of my catalog items that was originally uploaded using the 'Upload File' under 'System Definition'. It looks like the file lands in the 'v_customer_uploads' table and is accessible from a link via 'href="scs/shop_elearning%20account%20request%20form.xls"' The problem is that the file has to be updated often and that task has been left to one of our admins up til now.

To prepare for this I created an application that this new role has access to and created 2 modules. One is a list that filters on the specific file that this role has access to (created AC rule to only allow access to this file on the v_customer_uploads table). I also created a copy of the 'Upload File' module and moved it to this app and gave the role access to it. I also created AC rules to allow create, delete, and edit on the 'v_customer_uploads table' as long as the file name matches the above. This is where I am stuck because no matter what I do I can't get the 'Upload File' to allow the single user with the role to upload a file. I keep getting 'Unable to upload file due to security restrictions'. Clearly a security rule somewhere but I don't know where.

Ideally I would prefer to have my own form or UI page so that I can do checks to make sure the file being uploaded has the exact same name and give a friendly warning if not so that it doesn't break the link in the catalog item. I can't for the life of my find where 'upload.do' (which is where the 'Upload File' URL points to) so that I can see what it is doing.

Can anyone help?