Removing Image Upload permissions for several groups


I've been requested to look at removing image upload permissions for about 10-15 of our 120 groups.  This would include disallowing them to upload in the For this Page/For this Block permssions.  I'm wondering what would be the best approach to take this.    Can I extend upon the extending permssions groups (Read, Create, etc) and make a "Upload Image" and then add that as a permission to my Image File Controller (simular to this  Thoughts?


Dec 26, 2019 21:24

I guess you could also solve this using ContentEvents. In the CreatingContent-event, check if it's a file and then check permissions. Cancel creating, if user does not have upload permission.

Dec 28, 2019 13:07

That would also work as a place to put the check.    The tricky part is the permissions - I need to give them create  so they can create blocks and upload PDFs, but not be able to upload image.  As is with "create" they can create any bit of content.

If I can somehow expand upon the defuault access levels (read, create, change, delete, administer, and publish) and create a "upload files" and "uploade images" levels to do the checks. 

Unless there is another approach to take to remove the upload image permission... 

Dec 30, 2019 21:12

This is maybe not the most elegant approach, but one option is adding a new group, like AuthorizedFileUploader, and add all users that should be allowed to upload files to this group. On file-upload, you can check is the user belongs to this group. If the user does not belong to the group, abort upload.

Jan 01, 2020 21:09

I would configure this with the Access level configuration of your media type either from code or from the admin interface.

By default it is set to Everyone, but you can add you own group/user here instead and then remove the Everyone. With this you are able to control it by usergroups and who is allowed to create a content type without use of any custom code to control this. 

In this case with mediatypes it would prevent the users that are not part of the configured group to upload any images.

Jan 03, 2020 10:57


The probem with that approach is we have so many of groups, and just a handful of groups which we need to revoke access.  This becomes a maintaince nightmare.  That's why I'd to go for a code-approach.  

But I can do that for now as I play around with this a bit more.  

Edited, Jan 03, 2020 16:48
This topic was created over six months ago and has been resolved. If you have a similar question, please create a new topic and refer to this one.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.