Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Customising the CMS /

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

End User not able to use upload in image tab

Go to End

3 Posts   1202 Views


Community Member, 32 Posts

14 January 2009 at 4:15am

I am configuring my permission in my CMS so that certain groups can only edit certain areas of the site. It's going pretty well, but I am hitting one snag. I can restirct the users to only have the Site Content and Files & Images tab, and also to only be able to work in the designated areas. The problem is this, the user(group) is not able to use the image side-panel in the CMS to upload images. Additionally when I created a page type simillar to the StaffList page type in the tutorials the end user is not able to use the "images" tab to upload or change the associated photo. The only way I have been able to give the user these rights is to give them full admin rights, which blows away the rest of my permissions...

Any thoughts!?!?!?!?


Community Member, 32 Posts

14 January 2009 at 5:19am


I was able to fix it... I used the article at the following link

Basically I had to go to

sapphire/core/model/image.php and make the change below... I don't know why this is set automatiacally... it should be!!!


The iframe action in the Image_Uploader Controller (File: Image.php) checks the Permission for "ADMIN", which is way too restrictive. A user that has Access to the CMS Main and/or Asset Admin should be able to upload Images via iframe.

If this isn't fixed, Image Upload fields aren't functional for all users that don't have full Admin rights.

Change Line 436 from:

if(!Permission::check('ADMIN')) Security::permissionFailure($this);


if(!Permission::check('CMS_ACCESS_AssetAdmin')) Security::permissionFailure($this);
or similar...


Forum Moderator, 4102 Posts

14 January 2009 at 6:16am

Known bug. In /sapphire/core/model/Image.php, do a search for "function iframe" and change the first line to this:

if(!Permission::check('CMS_ACCESS_LeftAndMain')) Security::permissionFailure($this);