More flexible upload options for admin?

Support disable user upload at post or topic but available for user avatar and profile backgrounds etc.
Set the max size to 0 and hide the upload button or options on post by CSS not really a good way, it break all upload even admin like category background image.

See if this will meet your needs:

4 Likes

@tshenry
A good component. But it seem too basic? The code looks only restrict the browser UI.

1 Like

I’m not sure what you mean by too basic. It prevents the upload button from rendering on the composer toolbar and disables the drag-and-drop upload functionality of the composer. This will only apply to users under a trust-level you specify in the theme setting. It’s not just hiding a button with CSS if that’s what you are concerned about.

Theme components are super easy to add and remove, so there’s no harm in testing it out and seeing if it meets you needs.

1 Like

Yes, i already install the component and actually it is working not bad.
What i mean about “too basic” is the component still restrict the web editor only.

The code below i guess it will only disable the upload or reply placeholder on the web editor(if i was wrong that i have no question with the component, ignore below).
https://github.com/tshenry/discourse-restrict-uploads/blob/master/common/head_tag.html

I know the upload using Upload API, so somebody which familiar with network programming may construct some HTTP requests(i dont know if some security like CORS can protect it) to bypass the component then upload file(even though the uploaded is harmless, but any upload by user are not our expected).

So, restrict the Upload API type field in the back-end may improve it? I am newbie to Discourse and programming.
Thanks.

1 Like

Hopefully I will be corrected if I am wrong, but I believe they would need to have a valid API key do that. An API key would need to be explicitly generated for a user by an admin.

You are correct, though. This is not a server-side solution. If you need an extremely secure solution, you would need to build a plugin or hope that the feature is added to core.

3 Likes

I am clear now, thanks!

1 Like