Upgraded to MT 4.35 from MT 4.32 and Authors with Upload File privileged could not upload assets for Create Entry. Found the following code in Asset.pm at line 112:
return $app->errtrans("Permission denied.")
unless $app->user->is_superuser
|| (
$perms
&& $perms->can_edit_assets
);
Went back to Asset.pm in MT 4,32 and found this extended logic covering Upload conditions and placed in MT 4.35 version and it now works:
return $app->errtrans("Permission denied.")
unless $app->user->is_superuser
|| (
$perms
&& ( $perms->can_edit_assets
|| $perms->can_edit_all_posts
|| $perms->can_create_post )
);
Could not find mention of this anywhere in the Forum so posting it to help others save some time and frustration.
Reported on Movable Type 4.3
Thanks for the news, Merv. We may be upgrading to 4.35 shortly, you saved me a "What the....?" if it turns up.
"if it turns up" ...
It will if you have Authors with Role privileges "Upload File" without "Manage Assets".
Manage Assets gets checked in Asset.pm as "can_edit_assets"
Upload Files must have an internal privilege code but I don't know what it is (didn't have the time to look for it).
But, in my case, Author Roles that can "Create Entries" also have the privilege "Upload Files" so the MT 4.32 code works for me. I don't want my Authors to be able to manage all assets.
Maybe the Forum admins can shed some light on this. I also submitted it to MTOS DEV.
What prompted you to upgrade to 3.5? I'm trying to decide where to land next.
Many bug fixes, security fixes and capability. I also use the MT Pro/Community addons and have custom interfaces to private areas that work.
Obviously I'm finding new differences as in the Roles and the impact.