SwimmingWorld wrote:I am trying to do something similar. I want to create additional Admin accounts that don't have access to the ACL. To do this, I assigned a use to the Forum Administrator role, then gave that role access to everything except the ACL. Everything seems to work as intended except that when I use this new account to upload a new picture, I get an error.
I tried several combinations of roles including creating a new role but it appears that the picture upload feature will only work for a user that is assigned to the "administrator" role.
Is this by design? If so, why is the picture upload feature restricted to only users in the "administrator" role?
Supposing that you are using one of the 2.xx versions you may try to access the pictureController.cs (Nop.Admin > Controllers > PictureController.cs ) and update the InsertPicture method (validation section) as below
Old:
var customer = ((FormsAuthenticationService)_authenticationService).GetAuthenticatedCustomerFromTicket(ticket);
if (!customer.IsAdmin())
throw new Exception("User is not admin");
New:
var customer = ((FormsAuthenticationService)_authenticationService).GetAuthenticatedCustomerFromTicket(ticket);
if (!customer.IsAdmin() &&
!customer.IsForumModerator())
throw new Exception("User is not admin");
you may validate for your own created role.