How can I restrict a user's ability to insert images into the db_images table?

Go to solution
HugoFirst
Kilo Sage

‎09-28-2015 01:15 PM

I need to restrict users from inserting images into the db_images table.

The use case is this:   Users need to insert images into an HTML text field in an incident form.   I want to force them to attach the images to the incident and not upload them to the library ( db_image ).

What's I've tried:

I modified the ACL to require special roles, but that didn't do the trick.

I even coded the script to always set answer to false.   See image below.

People can STILL upload images to db_image whether they have the role or not.

It appears that I cannot restrict write access to this table.

Can anyone tell me how to do this?

Here's how my ACL is currently setup:

db_image_acl.gif

Preview file
47 KB
0 Helpfuls
  • 2,403 Views
1 ACCEPTED SOLUTION

Go to solution
uluerje
Mega Expert
In response to HugoFirst

‎09-29-2015 07:47 AM

--------------- Solution Follows ------------------


You need 2 ACL's on the db_image table, one for create and one for write.   Put the image_admin role in each and you are good to go.


View solution in original post

0 Helpfuls
9 REPLIES 9

Go to solution
HugoFirst
Kilo Sage
In response to uluerje

‎09-29-2015 07:44 AM

Jessica,



Thank you for your help!   I finally have the image widget working the way it should, after I added yet another ACL.   I found this out when I compared my dev's ACL's to the ACL's in my personal instance where the widget worked as needed.



Would you reply to this message with the following text ( or something very similar).   I want to give you credit for the solution, and I want the whole solution to be in the reply that I mark.



--------------- Solution Follows ------------------


You need 2 ACL's on the db_image table, one for create and one for write.   Put the image_admin role in each and you are good to go.


0 Helpfuls

Go to solution
uluerje
Mega Expert
In response to HugoFirst

‎09-29-2015 07:47 AM

--------------- Solution Follows ------------------


You need 2 ACL's on the db_image table, one for create and one for write.   Put the image_admin role in each and you are good to go.


0 Helpfuls

Go to solution
HugoFirst
Kilo Sage
In response to uluerje

‎09-29-2015 07:55 AM

Thank you for your help Jessica!


0 Helpfuls

Go to solution
uluerje
Mega Expert
In response to HugoFirst

‎09-29-2015 08:03 AM

No problem, glad I could help!


0 Helpfuls

Go to solution
JV2
Tera Expert

‎12-06-2017 07:20 AM

Just for the records: any attached image copy/pasted in your hmtl-type field seems to be stored in the sys_attachment table with "Pasted Image" as file name. So, you could have a BR/ACL or something like that to restrict copy/paste images. I've done and it works perfectly as we wanted to restrict the copy/paste of images.



find_real_file.png


Preview file
31 KB
0 Helpfuls